From 7c41c239e4bf2641756e9ee754992316e49aa525 Mon Sep 17 00:00:00 2001 From: memurats Date: Tue, 5 May 2026 15:27:06 +0200 Subject: [PATCH] added check and redirect --- lib/Controller/LoginController.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index abba810c..cb3c37c3 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -370,6 +370,11 @@ public function code(string $state = '', string $code = '', string $scope = '', $this->logger->debug('Code login with core: ' . $code . ' and state: ' . $state); if ($error !== '') { + if (!$this->isMobileDevice()) { + $cancelRedirectUrl = $this->config->getSystemValue('user_oidc.cancel_redirect_url', 'https://cloud.telekom-dienste.de/'); + return new RedirectResponse($cancelRedirectUrl); + } + $this->logger->warning('Code login error', ['error' => $error, 'error_description' => $error_description]); if ($this->isDebugModeEnabled()) { return new JSONResponse([ @@ -1078,6 +1083,22 @@ private function getBackchannelLogoutErrorResponse( return $response; } + private function isMobileDevice(): bool { + $mobileKeywords = $this->config->getSystemValue('user_oidc.mobile_keywords', ['Android', 'iPhone', 'iPad', 'iPod', 'Windows Phone', 'Mobile', 'webOS', 'BlackBerry', 'Opera Mini', 'IEMobile']); + + if (!isset($_SERVER['HTTP_USER_AGENT'])) { + return false; // if no user-agent is set, assume desktop + } + + foreach ($mobileKeywords as $keyword) { + if (stripos($_SERVER['HTTP_USER_AGENT'], $keyword) !== false) { + return true; // device is mobile + } + } + + return false; // device is desktop + } + private function toCodeChallenge(string $data): string { // Basically one big work around for the base64url decode being weird $h = pack('H*', hash('sha256', $data));