From 628bbebeba97a68f2bfab95e7a7beb1206ab282b Mon Sep 17 00:00:00 2001 From: memurats Date: Thu, 7 May 2026 09:38:05 +0200 Subject: [PATCH 1/6] added custom client flow --- lib/AppInfo/Application.php | 54 ++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 4 deletions(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 192220ca..cbd04843 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -24,7 +24,6 @@ use OCA\UserOIDC\Service\ID4MeService; use OCA\UserOIDC\Service\RequestClassificationService; use OCA\UserOIDC\Service\SettingsService; -use OCA\UserOIDC\Service\TokenService; use OCA\UserOIDC\User\Backend; use OCP\AppFramework\App; use OCP\AppFramework\Bootstrap\IBootContext; @@ -36,6 +35,7 @@ use OCP\IURLGenerator; use OCP\IUserManager; use OCP\IUserSession; +use OCP\Security\ISecureRandom; use Throwable; class Application extends App implements IBootstrap { @@ -84,7 +84,6 @@ public function register(IRegistrationContext $context): void { public function boot(IBootContext $context): void { $context->injectFn(\Closure::fromCallable([$this->backend, 'injectSession'])); - $context->injectFn(\Closure::fromCallable([$this, 'checkLoginToken'])); /** @var IUserSession $userSession */ $userSession = $this->getContainer()->get(IUserSession::class); if ($userSession->isLoggedIn()) { @@ -93,6 +92,7 @@ public function boot(IBootContext $context): void { try { $context->injectFn(\Closure::fromCallable([$this, 'registerRedirect'])); + $context->injectFn(\Closure::fromCallable([$this, 'registerNmcClientFlow'])); if (version_compare($this->getContainer()->get(IConfig::class)->getSystemValueString('version', '0.0.0'), '34.0.0', '<')) { $context->injectFn(\Closure::fromCallable([$this, 'registerLogin'])); } @@ -100,8 +100,54 @@ public function boot(IBootContext $context): void { } } - private function checkLoginToken(TokenService $tokenService): void { - $tokenService->checkLoginToken(); + /** + * This is the automatic redirect exclusively for Nextcloud/Magentacloud clients, completely skipping consent layer. + */ + private function registerNmcClientFlow( + IRequest $request, + IURLGenerator $urlGenerator, + ProviderMapper $providerMapper, + ISession $session, + ISecureRandom $random, + ): void { + $providers = $this->getCachedProviders($providerMapper); + + try { + $isClientLoginFlow = $request->getPathInfo() === '/login/flow'; + } catch (Exception) { + return; + } + + if (!$isClientLoginFlow) { + return; + } + + $tproviders = array_values(array_filter($providers, static function ($provider): bool { + return strtolower($provider->getIdentifier()) === 'telekom'; + })); + + if (count($tproviders) === 0) { + return; + } + + $stateToken = $random->generate(64, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS); + + $session->set('client.flow.state.token', $stateToken); + + $redirectUrl = $urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', [ + 'stateToken' => $stateToken, + 'clientIdentifier' => $request->getParam('clientIdentifier', ''), + 'direct' => $request->getParam('direct', '0'), + ]); + + $targetUrl = $urlGenerator->linkToRoute(self::APP_ID . '.login.login', [ + 'providerId' => $tproviders[0]->getId(), + 'redirectUrl' => $redirectUrl, + ]); + + header('Location: ' . $targetUrl); + + exit(); } private function registerRedirect(IRequest $request, IURLGenerator $urlGenerator, SettingsService $settings, ProviderMapper $providerMapper): void { From 635526750abfeefe7066ce695ed734245f048d32 Mon Sep 17 00:00:00 2001 From: memurats Date: Thu, 7 May 2026 09:43:23 +0200 Subject: [PATCH 2/6] added session class --- lib/AppInfo/Application.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index cbd04843..f85f1ea4 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -32,6 +32,7 @@ use OCP\IConfig; use OCP\IL10N; use OCP\IRequest; +use OCP\ISession; use OCP\IURLGenerator; use OCP\IUserManager; use OCP\IUserSession; From 93de64c43e684d0d5ae26c8e7b6d107dee8efbd6 Mon Sep 17 00:00:00 2001 From: memurats Date: Thu, 7 May 2026 09:47:27 +0200 Subject: [PATCH 3/6] fixed coding style --- lib/AppInfo/Application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index f85f1ea4..d5a568aa 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -93,7 +93,7 @@ public function boot(IBootContext $context): void { try { $context->injectFn(\Closure::fromCallable([$this, 'registerRedirect'])); - $context->injectFn(\Closure::fromCallable([$this, 'registerNmcClientFlow'])); + $context->injectFn(\Closure::fromCallable([$this, 'registerNmcClientFlow'])); if (version_compare($this->getContainer()->get(IConfig::class)->getSystemValueString('version', '0.0.0'), '34.0.0', '<')) { $context->injectFn(\Closure::fromCallable([$this, 'registerLogin'])); } From f42649169dedc2ef70931b06d96659c2f56a39e9 Mon Sep 17 00:00:00 2001 From: memurats Date: Thu, 7 May 2026 10:47:05 +0200 Subject: [PATCH 4/6] fix merge --- lib/AppInfo/Application.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index d5a568aa..15c89a73 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -24,6 +24,7 @@ use OCA\UserOIDC\Service\ID4MeService; use OCA\UserOIDC\Service\RequestClassificationService; use OCA\UserOIDC\Service\SettingsService; +use OCA\UserOIDC\Service\TokenService; use OCA\UserOIDC\User\Backend; use OCP\AppFramework\App; use OCP\AppFramework\Bootstrap\IBootContext; @@ -85,6 +86,7 @@ public function register(IRegistrationContext $context): void { public function boot(IBootContext $context): void { $context->injectFn(\Closure::fromCallable([$this->backend, 'injectSession'])); + // $context->injectFn(\Closure::fromCallable([$this, 'checkLoginToken'])); /** @var IUserSession $userSession */ $userSession = $this->getContainer()->get(IUserSession::class); if ($userSession->isLoggedIn()) { @@ -101,6 +103,10 @@ public function boot(IBootContext $context): void { } } + private function checkLoginToken(TokenService $tokenService): void { + $tokenService->checkLoginToken(); + } + /** * This is the automatic redirect exclusively for Nextcloud/Magentacloud clients, completely skipping consent layer. */ From 2ecbb9d503fa9da36bf6ce2ff167b74b39a3e9c9 Mon Sep 17 00:00:00 2001 From: memurats Date: Thu, 7 May 2026 11:13:15 +0200 Subject: [PATCH 5/6] removed imports --- lib/AppInfo/Application.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 15c89a73..410ae026 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -33,11 +33,9 @@ use OCP\IConfig; use OCP\IL10N; use OCP\IRequest; -use OCP\ISession; use OCP\IURLGenerator; use OCP\IUserManager; use OCP\IUserSession; -use OCP\Security\ISecureRandom; use Throwable; class Application extends App implements IBootstrap { @@ -114,8 +112,8 @@ private function registerNmcClientFlow( IRequest $request, IURLGenerator $urlGenerator, ProviderMapper $providerMapper, - ISession $session, - ISecureRandom $random, + \OCP\ISession $session, + \OCP\Security\ISecureRandom $random, ): void { $providers = $this->getCachedProviders($providerMapper); @@ -137,7 +135,12 @@ private function registerNmcClientFlow( return; } - $stateToken = $random->generate(64, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS); + $stateToken = $random->generate( + 64, + \OCP\Security\ISecureRandom::CHAR_LOWER + . \OCP\Security\ISecureRandom::CHAR_UPPER + . \OCP\Security\ISecureRandom::CHAR_DIGITS + ); $session->set('client.flow.state.token', $stateToken); From acdc5a7e303bae020a39f526d3029f2aa1911217 Mon Sep 17 00:00:00 2001 From: Mauro Mura Date: Thu, 7 May 2026 13:20:27 +0200 Subject: [PATCH 6/6] Uncomment checkLoginToken injection in boot method --- lib/AppInfo/Application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 410ae026..6a4b51f9 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -84,7 +84,7 @@ public function register(IRegistrationContext $context): void { public function boot(IBootContext $context): void { $context->injectFn(\Closure::fromCallable([$this->backend, 'injectSession'])); - // $context->injectFn(\Closure::fromCallable([$this, 'checkLoginToken'])); + $context->injectFn(\Closure::fromCallable([$this, 'checkLoginToken'])); /** @var IUserSession $userSession */ $userSession = $this->getContainer()->get(IUserSession::class); if ($userSession->isLoggedIn()) {