From c8692f926daddc00852ea529fbfe52b4193dc78d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 14 Sep 2021 13:13:56 +0200
Subject: [PATCH] add owncloud-selector cookie support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 lib/Controller/LoginFlowController.php        | 10 +++++++-
 .../LoginFlowControllerLoginTest.php          | 25 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/lib/Controller/LoginFlowController.php b/lib/Controller/LoginFlowController.php
index ec3a277..9455745 100644
--- a/lib/Controller/LoginFlowController.php
+++ b/lib/Controller/LoginFlowController.php
@@ -161,7 +161,15 @@ public function login(): RedirectResponse {
 			} else {
 				$this->logger->debug('Id token holds no sid: ' . \json_encode($openid->getIdTokenPayload()));
 			}
-			return new RedirectResponse($this->getDefaultUrl());
+			$response = new RedirectResponse($this->getDefaultUrl());
+			$openIdConfig = $openid->getOpenIdConfig();
+			$cookieName = $openIdConfig['ocis-routing-policy-cookie'] ?? 'owncloud-selector';
+			$cookieDirectives = $openIdConfig['ocis-routing-policy-cookie-directives'] ?? 'path=/;';
+			$attribute = $openIdConfig['ocis-routing-poclicy-claim'] ?? 'ocis.routing.policy';
+			if (\property_exists($userInfo, $attribute)) {
+				$response->addHeader('Set-Cookie', "$cookieName={$userInfo->$attribute};$cookieDirectives");
+			}
+			return $response;
 		}
 		$this->logger->error("Unable to login {$user->getUID()}");
 		return new RedirectResponse('/');
diff --git a/tests/unit/Controller/LoginFlowControllerLoginTest.php b/tests/unit/Controller/LoginFlowControllerLoginTest.php
index f0d0b41..580eb3d 100644
--- a/tests/unit/Controller/LoginFlowControllerLoginTest.php
+++ b/tests/unit/Controller/LoginFlowControllerLoginTest.php
@@ -184,4 +184,29 @@ public function testLoginCreateSuccessWithRedirect(): void {
 
 		self::assertEquals('http://localhost/index.php/apps/oauth2/foo/bla', $response->getRedirectURL());
 	}
+
+	public function testLoginCreateSuccessWithOCISRoutingPolicyCookie(): void {
+		$this->client->method('getOpenIdConfig')->willReturn([]);
+		$this->client->method('getUserInfo')->willReturn((object)['email' => 'foo@exmaple.net','ocis.routing.policy'=>'ocis']);
+		$this->client->method('getIdToken')->willReturn('id');
+		$this->client->method('getAccessToken')->willReturn('access');
+		$this->client->method('getRefreshToken')->willReturn('refresh');
+		$this->client->method('readRedirectUrl')->willReturn('index.php/apps/oauth2/foo/bla');
+		$user = $this->createMock(IUser::class);
+		$this->userLookup->method('lookupUser')->willReturn($user);
+		$this->userSession->method('createSessionToken')->willReturn(true);
+		$this->userSession->method('loginUser')->willReturn(true);
+		$this->session->expects(self::exactly(3))->method('set')->withConsecutive(
+			['oca.openid-connect.id-token', 'id'],
+			['oca.openid-connect.access-token', 'access'],
+			['oca.openid-connect.refresh-token', 'refresh']
+		);
+
+		$response = $this->controller->login();
+
+		self::assertEquals('http://localhost/index.php/apps/oauth2/foo/bla', $response->getRedirectURL());
+
+		$headers = $response->getHeaders();
+		self::assertEquals('owncloud-selector=ocis;path=/;', $headers['Set-Cookie']);
+	}
 }