Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59746

OAuth 2: upgrade_token does not urlencode parameters

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Test that it works with Nextcloud
      1. Install the owncloud repository plugin (https://github.com/learnweb/moodle-repository_owncloud).
      2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly.
      3. Open a file upload dialog somewhere and try logging in to Nextcloud
      4. Verify that you can see the files from your Nextcloud folder

      Test that it still works with other services
      1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository
      2. Open a file upload dialog somewhere and try logging in to Google Docs
      3. Verify that you can see the files from your Google Docs folder

      Show
      Test that it works with Nextcloud 1. Install the owncloud repository plugin ( https://github.com/learnweb/moodle-repository_owncloud ). 2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly. 3. Open a file upload dialog somewhere and try logging in to Nextcloud 4. Verify that you can see the files from your Nextcloud folder Test that it still works with other services 1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository 2. Open a file upload dialog somewhere and try logging in to Google Docs 3. Verify that you can see the files from your Google Docs folder
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull Master Branch:
      MDL-59746-master

      Description

      Nextcloud creates authorization codes (grants) as strings of the form +mdDIGjYe8en1p5y7fMI/Vwc3SOgrD5NOmTj40vQTKsffMHXp5ZvQxRIaz4e2a+CtBg3lzj3/QaUpIhl8z0SrzHpI1GSUc8EIr8dvA324B7p54QARCuyU+aEMK3K+Ayw.

      When Moodle upgrades this grant to obtain an access token, it sends this string (and client ID, secret) as-is, taking care only of "&" as a special character. Nextcloud urldecodes this string and replaces all occurrences of + with spaces, thus rendering the token invalid.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jan.dagefoerde Jan Dageförde
                Reporter:
                jan.dagefoerde Jan Dageförde
                Peer reviewer:
                Jake Dallimore
                Integrator:
                Andrew Nicols
                Tester:
                Ankit Agarwal
                Participants:
                Component watchers:
                Jake Dallimore, Jun Pataleta, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              • Votes:
                3 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  11/Sep/17