Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame] | 1 | <?php |
| 2 | require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php'; |
| 3 | |
| 4 | if (!isset($_SESSION['mailcow_cc_role'])) { |
| 5 | $_SESSION['oauth2_request'] = $_SERVER['REQUEST_URI']; |
| 6 | header('Location: /?oauth'); |
| 7 | } |
| 8 | |
| 9 | $request = OAuth2\Request::createFromGlobals(); |
| 10 | $response = new OAuth2\Response(); |
| 11 | |
| 12 | if (!$oauth2_server->validateAuthorizeRequest($request, $response)) { |
| 13 | $response->send(); |
| 14 | exit; |
| 15 | } |
| 16 | |
| 17 | if (!isset($_POST['authorized'])) { |
| 18 | require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php'; |
| 19 | |
| 20 | $template = 'oauth/authorize.twig'; |
| 21 | $template_data = []; |
| 22 | |
| 23 | require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php'; |
| 24 | exit; |
| 25 | } |
| 26 | |
| 27 | // print the authorization code if the user has authorized your client |
| 28 | $is_authorized = ($_POST['authorized'] == '1'); |
| 29 | $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION['mailcow_cc_username']); |
| 30 | if ($is_authorized) { |
| 31 | unset($_SESSION['oauth2_request']); |
| 32 | if ($GLOBALS['OAUTH2_FORGET_SESSION_AFTER_LOGIN'] === true) { |
| 33 | session_unset(); |
| 34 | session_destroy(); |
| 35 | } |
| 36 | header('Location: ' . $response->getHttpHeader('Location')); |
| 37 | exit; |
| 38 | } |