Skip to content

Commit

Permalink
Add fix suggestion by @cconard96
Browse files Browse the repository at this point in the history
  • Loading branch information
@Pierstoval
Pierstoval committed Oct 4, 2024
1 parent 009caf0 commit 798d81d
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
5 changes: 3 additions & 2 deletions src/Glpi/Api/HL/Controller/CoreController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,11 +426,12 @@ public function authorize(Request $request): Response
$user_id = Session::getLoginUserID();
if ($user_id === false) {
// Redirect to login page
$scope = implode(',', $auth_request->getScopes());
$scope = implode(',', array_map(static fn ($s) => $s->getIdentifier(), $auth_request->getScopes()));
$client_id = $auth_request->getClient()->getIdentifier();
$redirect_uri = $this->getAPIPathForRouteFunction(self::class, 'authorize');
$redirect_uri = self::getAPIPathForRouteFunction(self::class, 'authorize');
$redirect_uri .= '?scope=' . $scope . '&client_id=' . $client_id . '&response_type=code&redirect_uri=' . urlencode($auth_request->getRedirectUri());
$redirect_uri = $CFG_GLPI['url_base'] . '/api.php/v2' . $redirect_uri;

return new Response(302, ['Location' => $CFG_GLPI['url_base'] . '/?redirect=' . rawurlencode($redirect_uri)]);
}
$user = new \Glpi\OAuth\User();
Expand Down
6 changes: 5 additions & 1 deletion src/Glpi/Api/HL/Middleware/IPRestrictionRequestMiddleware.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,17 @@ public function process(MiddlewareInput $input, callable $next): void

$request_ip = $_SERVER['REMOTE_ADDR'];

$allowed_ips = $DB->request([
$ips = $DB->request([
'SELECT' => ['allowed_ips'],
'FROM' => 'glpi_oauthclients',
'WHERE' => [
'identifier' => $client['client_id']
]
])->current()['allowed_ips'];
$allowed_ips = [];
if (count($ips)) {
$allowed_ips = $ips->current()['allowed_ips'];
}

if (empty($allowed_ips)) {
// No IP restriction
Expand Down

0 comments on commit 798d81d

Please sign in to comment.