Merge #21 Redirect to cloud services landing page after access denied error

memurats · memurats · commit fe5d3d69237b · 2025-10-29T06:58:08.000Z
diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
@@ -322,6 +322,10 @@ public function code(string $state = '', string $code = '', string $scope = '',
 		$this->logger->debug('Code login with core: ' . $code . ' and state: ' . $state);
 
 		if ($error !== '') {
+			if (!$this->isMobileDevice()) {
+				$cancelRedirectUrl = $this->config->getSystemValue('user_oidc.cancel_redirect_url', 'https://cloud.telekom-dienste.de/');
+				return new RedirectResponse($cancelRedirectUrl);
+			}
 			$this->logger->warning('Code login error', ['error' => $error, 'error_description' => $error_description]);
 			if ($this->isDebugModeEnabled()) {
 				return new JSONResponse([
@@ -922,6 +926,22 @@ private function getBackchannelLogoutErrorResponse(
 		);
 	}
 
+	private function isMobileDevice(): bool {
+		$mobileKeywords = $this->config->getSystemValue('user_oidc.mobile_keywords', ['Android', 'iPhone', 'iPad', 'iPod', 'Windows Phone', 'Mobile', 'webOS', 'BlackBerry', 'Opera Mini', 'IEMobile']);
+
+		if (!isset($_SERVER['HTTP_USER_AGENT'])) {
+			return false; // if no user-agent is set, assume desktop
+		}
+
+		foreach ($mobileKeywords as $keyword) {
+			if (stripos($_SERVER['HTTP_USER_AGENT'], $keyword) !== false) {
+				return true; // device is mobile
+			}
+		}
+
+		return false; // device is desktop
+	}
+
 	private function toCodeChallenge(string $data): string {
 		// Basically one big work around for the base64url decode being weird
 		$h = pack('H*', hash('sha256', $data));
