Merge pull request #11065 from nanaya/oauth-client-check

notbakaneko · web-flow · commit c37a2ac85968 · 2024-03-05T17:16:18.000+09:00
Use correct deny flow on oauth authorisation
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
@@ -71,8 +71,6 @@ public static function statusCode($e)
             return 401;
         } elseif ($e instanceof AuthorizationException || $e instanceof MissingScopeException) {
             return 403;
-        } elseif (static::isOAuthServerException($e)) {
-            return $e->getPrevious()->getHttpStatusCode();
         } else {
             return 500;
         }
@@ -117,6 +115,10 @@ public function report(Throwable $e)
      */
     public function render($request, Throwable $e)
     {
+        if (static::isOAuthServerException($e)) {
+            return parent::render($request, $e);
+        }
+
         if ($e instanceof HttpResponseException || $e instanceof UserProfilePageLookupException) {
             return $e->getResponse();
         }
@@ -135,7 +137,7 @@ public function render($request, Throwable $e)
 
         $isJsonRequest = is_json_request();
 
-        if ($GLOBALS['cfg']['app']['debug'] || ($isJsonRequest && static::isOAuthServerException($e))) {
+        if ($GLOBALS['cfg']['app']['debug']) {
             $response = parent::render($request, $e);
         } else {
             $message = static::exceptionMessage($e);
diff --git a/app/Http/Controllers/Passport/AuthorizationController.php b/app/Http/Controllers/Passport/AuthorizationController.php
@@ -7,6 +7,7 @@
 
 use Illuminate\Http\Request;
 use Laravel\Passport\ClientRepository;
+use Laravel\Passport\Exceptions\AuthenticationException;
 use Laravel\Passport\Http\Controllers\AuthorizationController as PassportAuthorizationController;
 use Laravel\Passport\Passport;
 use Laravel\Passport\TokenRepository;
@@ -35,21 +36,17 @@ public function authorize(
         ClientRepository $clients,
         TokenRepository $tokens
     ) {
-        $redirectUri = presence(trim(get_string($request['redirect_uri']) ?? ''));
-
-        abort_if($redirectUri === null, 400, osu_trans('model_validation.required', ['attribute' => 'redirect_uri']));
-
-        if (!auth()->check()) {
-            // Breaks when url contains hash ("#").
-            $separator = strpos($redirectUri, '?') === false ? '?' : '&';
-            $cancelUrl = "{$redirectUri}{$separator}error=access_denied";
+        try {
+            return parent::authorize($this->normalizeRequestScopes($psrRequest), $request, $clients, $tokens);
+        } catch (AuthenticationException $_e) {
+            $cancelUrl = $request->fullUrl();
+            $cancelUrl .= strpos($cancelUrl, '?') === false ? '?' : '&';
+            $cancelUrl .= 'prompt=none';
 
             return ext_view('sessions.create', [
                 'cancelUrl' => $cancelUrl,
             ]);
         }
-
-        return parent::authorize($this->normalizeRequestScopes($psrRequest), $request, $clients, $tokens);
     }
 
     /**
