From 509af24bc94ec18a57b922d65bdcc484144db736 Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Sun, 15 Mar 2020 11:52:06 +0100
Subject: [PATCH] Fix invalid instantiation of TemplateResponse if client not
 found

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 .../Controller/LoginRedirectorController.php  |  7 +++---
 .../LoginRedirectorControllerTest.php         | 22 ++++++++++++++++++-
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php
index 8700ce10172..b5568b824d3 100644
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@@ -85,11 +85,10 @@ class LoginRedirectorController extends Controller {
 		try {
 			$client = $this->clientMapper->getByIdentifier($client_id);
 		} catch (ClientNotFoundException $e) {
-			$response = new TemplateResponse('core', '404', 'guest');
-			$response->setParams([
+			$params = [
 				'content' => $this->l->t('Your client is not authorized to connect. Please inform the administrator of your client.'),
-			]);
-			return $response;
+			];
+			return new TemplateResponse('core', '404', $params, 'guest');
 		}
 
 		if ($response_type !== 'code') {
diff --git a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
index a2dfd048dda..9bea0b328cb 100644
--- a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
+++ b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
@@ -24,15 +24,17 @@
 
 namespace OCA\OAuth2\Tests\Controller;
 
-use OCA\Files_Sharing\Tests\TestCase;
 use OCA\OAuth2\Controller\LoginRedirectorController;
 use OCA\OAuth2\Db\Client;
 use OCA\OAuth2\Db\ClientMapper;
+use OCA\OAuth2\Exceptions\ClientNotFoundException;
 use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
+use Test\TestCase;
 
 /**
  * @group DB
@@ -114,4 +116,22 @@ class LoginRedirectorControllerTest extends TestCase {
 		$expected = new RedirectResponse('http://foo.bar?error=unsupported_response_type&state=MyState');
 		$this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'wrongcode'));
 	}
+
+	public function testClientNotFound() {
+		$clientNotFound = new ClientNotFoundException('could not find client test123', 0);
+		$this->clientMapper
+			->expects($this->once())
+			->method('getByIdentifier')
+			->willThrowException($clientNotFound);
+		$this->session
+			->expects($this->never())
+			->method('set');
+
+		$response = $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'wrongcode');
+		$this->assertInstanceOf(TemplateResponse::class, $response);
+
+		/** @var TemplateResponse $response */
+		$this->assertEquals('404', $response->getTemplateName());
+		$this->assertEquals('guest', $response->getRenderAs());
+	}
 }
-- 
GitLab