Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59746

OAuth 2: upgrade_token does not urlencode parameters

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Test that it works with Nextcloud
      1. Install the owncloud repository plugin (https://github.com/learnweb/moodle-repository_owncloud).
      2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly.
      3. Open a file upload dialog somewhere and try logging in to Nextcloud
      4. Verify that you can see the files from your Nextcloud folder

      Test that it still works with other services
      1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository
      2. Open a file upload dialog somewhere and try logging in to Google Docs
      3. Verify that you can see the files from your Google Docs folder

      Show
      Test that it works with Nextcloud 1. Install the owncloud repository plugin ( https://github.com/learnweb/moodle-repository_owncloud ). 2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly. 3. Open a file upload dialog somewhere and try logging in to Nextcloud 4. Verify that you can see the files from your Nextcloud folder Test that it still works with other services 1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository 2. Open a file upload dialog somewhere and try logging in to Google Docs 3. Verify that you can see the files from your Google Docs folder
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull Master Branch:
      MDL-59746-master

      Description

      Nextcloud creates authorization codes (grants) as strings of the form +mdDIGjYe8en1p5y7fMI/Vwc3SOgrD5NOmTj40vQTKsffMHXp5ZvQxRIaz4e2a+CtBg3lzj3/QaUpIhl8z0SrzHpI1GSUc8EIr8dvA324B7p54QARCuyU+aEMK3K+Ayw.

      When Moodle upgrades this grant to obtain an access token, it sends this string (and client ID, secret) as-is, taking care only of "&" as a special character. Nextcloud urldecodes this string and replaces all occurrences of + with spaces, thus rendering the token invalid.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jan.dagefoerde Jan Dageförde
              Reporter:
              jan.dagefoerde Jan Dageförde
              Peer reviewer:
              Jake Dallimore
              Integrator:
              Andrew Nicols
              Tester:
              Ankit Agarwal
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Sep/17