From 45ccb6fc4cf3fbf9ae7d8ceada4b74b4e12921cf Mon Sep 17 00:00:00 2001 From: ChiaraBm Date: Fri, 28 Feb 2025 11:03:54 +0100 Subject: [PATCH] Fixed oauth2 configuration loading --- .../Http/Controllers/Auth/AuthController.cs | 17 +++++++++++++--- .../Controllers/OAuth2/OAuth2Controller.cs | 20 ++++++++++--------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/Moonlight.ApiServer/Http/Controllers/Auth/AuthController.cs b/Moonlight.ApiServer/Http/Controllers/Auth/AuthController.cs index 673e1b6f..a243f71a 100644 --- a/Moonlight.ApiServer/Http/Controllers/Auth/AuthController.cs +++ b/Moonlight.ApiServer/Http/Controllers/Auth/AuthController.cs @@ -24,6 +24,9 @@ public class AuthController : Controller private readonly ILogger Logger; private readonly DatabaseRepository UserRepository; + private readonly string RedirectUri; + private readonly string EndpointUri; + public AuthController( AppConfiguration configuration, ILogger logger, @@ -33,6 +36,14 @@ public class AuthController : Controller Configuration = configuration; Logger = logger; UserRepository = userRepository; + + RedirectUri = string.IsNullOrEmpty(Configuration.Authentication.OAuth2.AuthorizationRedirect) + ? Configuration.PublicUrl + : Configuration.Authentication.OAuth2.AuthorizationRedirect; + + EndpointUri = string.IsNullOrEmpty(Configuration.Authentication.OAuth2.AuthorizationEndpoint) + ? Configuration.PublicUrl + "/oauth2/authorize" + : Configuration.Authentication.OAuth2.AuthorizationEndpoint; } [AllowAnonymous] @@ -42,8 +53,8 @@ public class AuthController : Controller var response = new LoginStartResponse() { ClientId = Configuration.Authentication.OAuth2.ClientId, - RedirectUri = Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl, - Endpoint = Configuration.Authentication.OAuth2.AuthorizationEndpoint ?? Configuration.PublicUrl + "/oauth2/authorize" + RedirectUri = RedirectUri, + Endpoint = EndpointUri }; return Task.FromResult(response); @@ -71,7 +82,7 @@ public class AuthController : Controller [ new KeyValuePair("grant_type", "authorization_code"), new KeyValuePair("code", request.Code), - new KeyValuePair("redirect_uri", Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl), + new KeyValuePair("redirect_uri", RedirectUri), new KeyValuePair("client_id", Configuration.Authentication.OAuth2.ClientId) ] )); diff --git a/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs b/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs index 58d44c61..6fc164fe 100644 --- a/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs +++ b/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs @@ -21,11 +21,17 @@ public class OAuth2Controller : Controller { private readonly AppConfiguration Configuration; private readonly DatabaseRepository UserRepository; + + private readonly string ExpectedRedirectUri; public OAuth2Controller(AppConfiguration configuration, DatabaseRepository userRepository) { Configuration = configuration; UserRepository = userRepository; + + ExpectedRedirectUri = string.IsNullOrEmpty(Configuration.Authentication.OAuth2.AuthorizationRedirect) + ? Configuration.PublicUrl + : Configuration.Authentication.OAuth2.AuthorizationRedirect; } [AllowAnonymous] @@ -37,10 +43,8 @@ public class OAuth2Controller : Controller [FromQuery(Name = "view")] string view = "login" ) { - var requiredRedirectUri = Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl; - if (Configuration.Authentication.OAuth2.ClientId != clientId || - requiredRedirectUri != redirectUri || + redirectUri != ExpectedRedirectUri || responseType != "code") { throw new HttpApiException("Invalid oauth2 request", 400); @@ -84,10 +88,8 @@ public class OAuth2Controller : Controller [FromQuery(Name = "view")] string view = "login" ) { - var requiredRedirectUri = Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl; - if (Configuration.Authentication.OAuth2.ClientId != clientId || - requiredRedirectUri != redirectUri || + redirectUri != ExpectedRedirectUri || responseType != "code") { throw new HttpApiException("Invalid oauth2 request", 400); @@ -175,7 +177,7 @@ public class OAuth2Controller : Controller if(clientId != Configuration.Authentication.OAuth2.ClientId) throw new HttpApiException("Invalid client id provided", 400); - if(redirectUri != (Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl)) + if(redirectUri != ExpectedRedirectUri) throw new HttpApiException("Invalid redirect uri provided", 400); var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); @@ -187,7 +189,7 @@ public class OAuth2Controller : Controller codeData = jwtSecurityTokenHandler.ValidateToken(code, new TokenValidationParameters() { IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes( - Configuration.Authentication.Secret + Configuration.Authentication.OAuth2.Secret )), ValidateIssuerSigningKey = true, ValidateLifetime = true, @@ -241,7 +243,7 @@ public class OAuth2Controller : Controller }, SigningCredentials = new SigningCredentials( new SymmetricSecurityKey( - Encoding.UTF8.GetBytes(Configuration.Authentication.Secret) + Encoding.UTF8.GetBytes(Configuration.Authentication.OAuth2.Secret) ), SecurityAlgorithms.HmacSha256 )