Fixed oauth2 configuration loading

2025-02-28 11:03:54 +01:00
parent b1092985ff
commit 45ccb6fc4c
2 changed files with 25 additions and 12 deletions
--- a/Moonlight.ApiServer/Http/Controllers/Auth/AuthController.cs
+++ b/Moonlight.ApiServer/Http/Controllers/Auth/AuthController.cs
@@ -24,6 +24,9 @@ public class AuthController : Controller
    private readonly ILogger<AuthController> Logger;
    private readonly DatabaseRepository<User> UserRepository;

+    private readonly string RedirectUri;
+    private readonly string EndpointUri;
+
    public AuthController(
        AppConfiguration configuration,
        ILogger<AuthController> logger,
@@ -33,6 +36,14 @@ public class AuthController : Controller
        Configuration = configuration;
        Logger = logger;
        UserRepository = userRepository;
+
+        RedirectUri = string.IsNullOrEmpty(Configuration.Authentication.OAuth2.AuthorizationRedirect)
+            ? Configuration.PublicUrl
+            : Configuration.Authentication.OAuth2.AuthorizationRedirect;
+        
+        EndpointUri = string.IsNullOrEmpty(Configuration.Authentication.OAuth2.AuthorizationEndpoint)
+            ? Configuration.PublicUrl + "/oauth2/authorize"
+            : Configuration.Authentication.OAuth2.AuthorizationEndpoint;
    }

    [AllowAnonymous]
@@ -42,8 +53,8 @@ public class AuthController : Controller
        var response = new LoginStartResponse()
        {
            ClientId = Configuration.Authentication.OAuth2.ClientId,
-            RedirectUri = Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl,
-            Endpoint = Configuration.Authentication.OAuth2.AuthorizationEndpoint ?? Configuration.PublicUrl + "/oauth2/authorize"
+            RedirectUri = RedirectUri,
+            Endpoint = EndpointUri
        };

        return Task.FromResult(response);
@@ -71,7 +82,7 @@ public class AuthController : Controller
                [
                    new KeyValuePair<string, string>("grant_type", "authorization_code"),
                    new KeyValuePair<string, string>("code", request.Code),
-                    new KeyValuePair<string, string>("redirect_uri", Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl),
+                    new KeyValuePair<string, string>("redirect_uri", RedirectUri),
                    new KeyValuePair<string, string>("client_id", Configuration.Authentication.OAuth2.ClientId)
                ]
            ));
--- a/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs
+++ b/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs
@@ -22,10 +22,16 @@ public class OAuth2Controller : Controller
    private readonly AppConfiguration Configuration;
    private readonly DatabaseRepository<User> UserRepository;
    
+    private readonly string ExpectedRedirectUri;
+
    public OAuth2Controller(AppConfiguration configuration, DatabaseRepository<User> userRepository)
    {
        Configuration = configuration;
        UserRepository = userRepository;
+        
+        ExpectedRedirectUri = string.IsNullOrEmpty(Configuration.Authentication.OAuth2.AuthorizationRedirect)
+            ? Configuration.PublicUrl
+            : Configuration.Authentication.OAuth2.AuthorizationRedirect;
    }

    [AllowAnonymous]
@@ -37,10 +43,8 @@ public class OAuth2Controller : Controller
        [FromQuery(Name = "view")] string view = "login"
    )
    {
-        var requiredRedirectUri = Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl;
-
        if (Configuration.Authentication.OAuth2.ClientId != clientId ||
-            requiredRedirectUri != redirectUri ||
+            redirectUri != ExpectedRedirectUri ||
            responseType != "code")
        {
            throw new HttpApiException("Invalid oauth2 request", 400);
@@ -84,10 +88,8 @@ public class OAuth2Controller : Controller
        [FromQuery(Name = "view")] string view = "login"
    )
    {
-        var requiredRedirectUri = Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl;
-
        if (Configuration.Authentication.OAuth2.ClientId != clientId ||
-            requiredRedirectUri != redirectUri ||
+            redirectUri != ExpectedRedirectUri ||
            responseType != "code")
        {
            throw new HttpApiException("Invalid oauth2 request", 400);
@@ -175,7 +177,7 @@ public class OAuth2Controller : Controller
        if(clientId != Configuration.Authentication.OAuth2.ClientId)
            throw new HttpApiException("Invalid client id provided", 400);
        
-        if(redirectUri != (Configuration.Authentication.OAuth2.AuthorizationRedirect ?? Configuration.PublicUrl))
+        if(redirectUri != ExpectedRedirectUri)
            throw new HttpApiException("Invalid redirect uri provided", 400);
        
        var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
@@ -187,7 +189,7 @@ public class OAuth2Controller : Controller
            codeData = jwtSecurityTokenHandler.ValidateToken(code, new TokenValidationParameters()
            {
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
-                    Configuration.Authentication.Secret
+                    Configuration.Authentication.OAuth2.Secret
                )),
                ValidateIssuerSigningKey = true,
                ValidateLifetime = true,
@@ -241,7 +243,7 @@ public class OAuth2Controller : Controller
            },
            SigningCredentials = new SigningCredentials(
                new SymmetricSecurityKey(
-                    Encoding.UTF8.GetBytes(Configuration.Authentication.Secret)
+                    Encoding.UTF8.GetBytes(Configuration.Authentication.OAuth2.Secret)
                ),
                SecurityAlgorithms.HmacSha256
            )