Code improvements

COmanage · Apr 28, 2025 · 033ac02 · 033ac02
1 parent 188c831
commit 033ac02
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/app/plugins/CoreServer/src/Controller/Oauth2ServersController.php b/app/plugins/CoreServer/src/Controller/Oauth2ServersController.php
@@ -21,7 +21,7 @@
  *
  * @link          https://www.internet2.edu/comanage COmanage Project
  * @package       registry-plugins
- * @since         COmanage Registry v5.0.0
+ * @since         COmanage Registry v5.2.0
  * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
  */
 
@@ -76,19 +76,30 @@ public function callback($id): void
     // (ie: code=foo, not code:foo)
 
     try {
-      if (empty($_GET['code']) || empty($_GET['state'])) {
+      $request = $this->getRequest();
+      $code = $request->getQuery('code');
+      $state = $request->getQuery('state');
+
+      if (empty($code) || empty($state)) {
         throw new \RuntimeException(__d('core_server', 'error.Oauth2Servers.callback'));
       }
 
       // Verify that state is our hashed session ID, as per RFC6749 §10.12
       // recommendations to prevent CSRF.
       // https://tools.ietf.org/html/rfc6749#section-10.12
 
-      if ($_GET['state'] != hash('sha256', session_id())) {
+      // Access session from the request object
+      $sessionId = $request->getSession()->id();
+
+      if ($state != hash('sha256', $sessionId)) {
         throw new \RuntimeException(__d('core_server', 'error.Oauth2Servers.state'));
       }
 
-      $response = $this->Oauth2Servers->exchangeCode($id, $_GET['code'], $this->Oauth2Servers->redirectUri((int)$id));
+      $response = $this->Oauth2Servers->exchangeCode(
+        $id,
+        $code,
+        $this->Oauth2Servers->redirectUri((int)$id),
+      );
 
       $this->Flash->success(__d('core_server', 'info.Oauth2Servers.access_token.ok'));
     } catch (\Exception $e) {

diff --git a/app/plugins/CoreServer/src/Lib/Enum/Oauth2GrandTypesEnum.php b/app/plugins/CoreServer/src/Lib/Enum/Oauth2GrandTypesEnum.php
@@ -21,7 +21,7 @@
  *
  * @link          https://www.internet2.edu/comanage COmanage Project
  * @package       registry-plugins
- * @since         COmanage Registry v5.0.0
+ * @since         COmanage Registry v5.2.0
  * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
  */