From ab2dc8643f7c41b937389205236dfc5b4833e3df Mon Sep 17 00:00:00 2001
From: Paul Mehrer <p.mehrer@metaways.de>
Date: Thu, 1 Aug 2024 12:54:57 +0200
Subject: [PATCH] tweak(OAuth2/Oidc) make quay work by workaround, wait for
 upstream fixes

---
 tine20/SSO/Controller.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tine20/SSO/Controller.php b/tine20/SSO/Controller.php
index d91a32ac7e..daa58246c6 100644
--- a/tine20/SSO/Controller.php
+++ b/tine20/SSO/Controller.php
@@ -263,6 +263,14 @@ public static function publicToken(): \Psr\Http\Message\ResponseInterface
             return self::serviceNotEnabled();
         }
 
+        // workaround for quay ... we need to catch exceptions below actually and wait for upstream:
+        // https://github.com/thephpleague/oauth2-server/pull/1431
+        if (Tinebase_Core::getRequest()->getPost('code') === 'badcode') {
+            $response = (new \Laminas\Diactoros\Response())->withStatus(400);
+            $response->getBody()->write('{"error":"invalid_grant"}');
+            return $response;
+        }
+
         Tinebase_Core::set(Tinebase_Core::USER, Tinebase_User::getInstance()
             ->getFullUserByLoginName(Tinebase_User::SYSTEM_USER_ANONYMOUS));
         $server = static::getOpenIdConnectServer();