Merge branch 'main' into fix/refreshToken

Author: ylebre

.github/workflows/solid-tests-suites.yml

@@ -4,7 +4,7 @@ name: Solid Test Suites
 env:
   # Docker Hub digest (i.e. hash) of the used Docker Images that do not have a version tag.
   PUBSUB_TAG: latest@sha256:b73a2a5c98d2005bb667dfc69d1c859d704366024298b9caa24ea2e182c456c2
-  COOKIE_TAG: latest@sha256:c71a3947f97d96ce09823743182582e0d919738be0d4ef5c8c55a9c22c615b91
+  COOKIE_TAG: latest@sha256:b2815496a1291a8f0f8bf2524c42d6000a4a1d6a202b319fe01e1afacf1cec7d
 
 on:
   push:

run-solid-test-suite.sh

@@ -2,6 +2,8 @@
 
 set -e
 
+: "${COOKIE_TAG:=latest@sha256:b2815496a1291a8f0f8bf2524c42d6000a4a1d6a202b319fe01e1afacf1cec7d}"
+
 # Note that .github/workflows/solid-tests-suites.yml does not use this, this function is just for manual runs of this script.
 # You can pick different values for the NEXTCLOUD_VERSION build arg, as required:
 function setup {
@@ -10,7 +12,7 @@ function setup {
 
   docker network create testnet
 
-  docker pull michielbdejong/nextcloud-cookie
+  docker pull "michielbdejong/nextcloud-cookie:${COOKIE_TAG}"
   docker pull solidtestsuite/solid-crud-tests:v7.0.5
   docker pull solidtestsuite/web-access-control-tests:v7.1.0
   docker pull solidtestsuite/webid-provider-tests:v2.1.1
@@ -46,7 +48,12 @@ function startSolidNextcloud {
   docker exec -u www-data -i -e SERVER_ROOT="https://$1" "$1" sh /init.sh
   docker exec -u root -i "$1" service apache2 reload
   echo Getting cookie for "$1"...
-  export COOKIE_$1="$(docker run --cap-add=SYS_ADMIN --network=testnet --env-file "./env-vars-$1.list" michielbdejong/nextcloud-cookie)"
+  export COOKIE_$1="$(docker run \
+        --cap-add=SYS_ADMIN \
+        --network=testnet \
+        --env-file "./env-vars-$1.list" \
+        "michielbdejong/nextcloud-cookie:${COOKIE_TAG}"
+    )"
 }
 
 function runTests {

solid/js/vendor/simplyedit/simply.everything.js

@@ -556,38 +556,6 @@ properties for a given parent, keep seperate index for this?
         }
     }
 
-    var linkHandler = function(evt) {
-        if (evt.ctrlKey) {
-            return;
-        }
-        if (evt.which != 1) {
-            return; // not a 'left' mouse click
-        }
-        var link = evt.target;
-        while (link && link.tagName!='A') {
-            link = link.parentElement;
-        }
-        if (link 
-            && link.pathname 
-            && link.hostname==global.location.hostname 
-            && !link.link
-            && !link.dataset.simplyCommand
-        ) {
-            let path = getPath(link.pathname+link.hash);
-            if ( !route.has(path) ) {
-                path = getPath(link.pathname);
-            }
-            if ( route.has(path) ) {
-                let params = runListeners('goto', { path: path});
-                if (params.path) {
-                    route.goto(params.path);
-                }
-                evt.preventDefault();
-                return false;
-            }
-        }
-    };
-
     var options = {
         root: '/'
     };
@@ -642,7 +610,6 @@ properties for a given parent, keep seperate index for this?
                     route.match(getPath(document.location.pathname));
                 }
             });
-            global.document.addEventListener('click', linkHandler);
         },
         load: function(routes) {
             parseRoutes(routes);

solid/lib/BaseServerConfig.php

@@ -202,7 +202,7 @@ public function setUserSubDomainsEnabled($enabled) {
 
 		////////////////////////////// UTILITY METHODS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 
-		private function castToBool(string $mixedValue): bool
+		private function castToBool(?string $mixedValue): bool
 		{
 			$type = gettype($mixedValue);
 

solid/lib/Controller/ServerController.php

@@ -23,6 +23,7 @@ class ServerController extends Controller
 {
 	use DpopFactoryTrait;
 
+	public const ERROR_UNREGISTERED_URI = 'Provided redirect URI "%s" does not match any registered URIs';
 	private $userId;
 
 	/* @var IUserManager */
@@ -227,10 +228,28 @@ public function authorize() {
 			return $result; // ->addHeader('Access-Control-Allow-Origin', '*');
 		}
 
-		$parsedOrigin = parse_url($clientRegistration['redirect_uris'][0]);
+		if (isset($getVars['redirect_uri'])) {
+			$redirectUri = $getVars['redirect_uri'];
+			if (! isset($clientRegistration['redirect_uris']) || ! is_array($clientRegistration['redirect_uris'])) {
+				return new JSONResponse('Invalid client registration, no redirect URIs found', Http::STATUS_BAD_REQUEST);
+			}
+
+			$redirectUris = $clientRegistration['redirect_uris'];
+
+			$validRedirectUris = array_filter($redirectUris, function ($uri) use ($redirectUri) {
+				return $uri === $redirectUri;
+			});
+
+			if (count($validRedirectUris) === 0) {
+				$message = vsprintf(self::ERROR_UNREGISTERED_URI, [$redirectUri]);
+				return new JSONResponse($message, Http::STATUS_BAD_REQUEST);
+			}
+		}
+
+		$parsedOrigin = parse_url($redirectUri);
 		if (
-			$parsedOrigin['scheme'] != "https" &&
-			$parsedOrigin['scheme'] != "http" &&
+			$parsedOrigin['scheme'] !== "https" &&
+			$parsedOrigin['scheme'] !== "http" &&
 			!isset($_GET['customscheme'])
 		) {
 			$result = new JSONResponse('Custom schema');
@@ -372,8 +391,8 @@ public function logout() {
 	public function register() {
 		$clientData = file_get_contents('php://input');
 		$clientData = json_decode($clientData, true);
-		if (!$clientData['redirect_uris']) {
-			return new JSONResponse("Missing redirect URIs");
+		if (! isset($clientData['redirect_uris'])) {
+			return new JSONResponse("Missing redirect URIs", Http::STATUS_BAD_REQUEST);
 		}
 		$clientData['client_id_issued_at'] = time();
 		$parsedOrigin = parse_url($clientData['redirect_uris'][0]);