Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59746

OAuth 2: upgrade_token does not urlencode parameters

XMLWordPrintable

    • MOODLE_33_STABLE, MOODLE_34_STABLE
    • MOODLE_33_STABLE
    • MDL-59746-master
    • Hide

      Test that it works with Nextcloud
      1. Install the owncloud repository plugin (https://github.com/learnweb/moodle-repository_owncloud).
      2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly.
      3. Open a file upload dialog somewhere and try logging in to Nextcloud
      4. Verify that you can see the files from your Nextcloud folder

      Test that it still works with other services
      1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository
      2. Open a file upload dialog somewhere and try logging in to Google Docs
      3. Verify that you can see the files from your Google Docs folder

      Show
      Test that it works with Nextcloud 1. Install the owncloud repository plugin ( https://github.com/learnweb/moodle-repository_owncloud ). 2. Configure a Nextcloud 12 instance with a Moodle client according to the README of the repository; configure Nextcloud the OAuth 2 service in Moodle accordingly. 3. Open a file upload dialog somewhere and try logging in to Nextcloud 4. Verify that you can see the files from your Nextcloud folder Test that it still works with other services 1. Configure an OAuth 2 service, e.g. Google, in Moodle to prepare the googledocs repository 2. Open a file upload dialog somewhere and try logging in to Google Docs 3. Verify that you can see the files from your Google Docs folder

      Nextcloud creates authorization codes (grants) as strings of the form +mdDIGjYe8en1p5y7fMI/Vwc3SOgrD5NOmTj40vQTKsffMHXp5ZvQxRIaz4e2a+CtBg3lzj3/QaUpIhl8z0SrzHpI1GSUc8EIr8dvA324B7p54QARCuyU+aEMK3K+Ayw.

      When Moodle upgrades this grant to obtain an access token, it sends this string (and client ID, secret) as-is, taking care only of "&" as a special character. Nextcloud urldecodes this string and replaces all occurrences of + with spaces, thus rendering the token invalid.

       

            jan.dagefoerde Jan Dageförde
            jan.dagefoerde Jan Dageförde
            Jake Dallimore Jake Dallimore
            Andrew Lyons Andrew Lyons
            Ankit Agarwal Ankit Agarwal
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.