From 7a2280a98168afd3584d3c483ca50a94b609a2ce Mon Sep 17 00:00:00 2001 From: Chris Coutinho Date: Tue, 17 Mar 2026 09:48:28 +0100 Subject: [PATCH] fix: patch OIDC consent flow regression and add CI build step MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The OIDC app 1.16.2 broke the consent flow by only falling back to session params when client_id is missing. After consent, the redirect includes client_id and scope but loses state, response_type, and redirect_uri — causing a 500. The submodule fix restores per-param session fallback when ANY critical param is missing. Also adds a CI build step for the OIDC app (composer + npm) so the JS assets (oidc-consent.js, oidc-redirect.js) are available in OAuth test profiles. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/test.yml | 8 ++++++++ docker-compose.yml | 36 ++++++++++++++++++------------------ third_party/oidc | 2 +- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ce0cbae..116ba4d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -122,6 +122,14 @@ jobs: npm ci npm run build + - name: Build OIDC app + if: matrix.mode != 'single-user' + run: | + cd third_party/oidc + composer install --no-dev --optimize-autoloader + npm ci + npm run build + # Start services with the appropriate profile - name: Run docker compose uses: hoverkraft-tech/compose-action@4894d2492015c1774ee5a13a95b1072093087ec3 # v2.5.0 diff --git a/docker-compose.yml b/docker-compose.yml index 19cdb30..5f139bd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,7 +37,7 @@ services: # The post-installation hook will register /opt/apps as an additional app directory #- ./third_party:/opt/apps:ro - ./third_party/astrolabe:/opt/apps/astrolabe:ro - #- ./third_party/oidc:/opt/apps/oidc:ro # Use app store version; dev mount lacks vendor/ + - ./third_party/oidc:/opt/apps/oidc:ro environment: - NEXTCLOUD_TRUSTED_DOMAINS=app - NEXTCLOUD_ADMIN_USER=admin @@ -65,7 +65,7 @@ services: image: downloads.unstructured.io/unstructured-io/unstructured-api:latest@sha256:ba6cb073af079c498e9466a5a9152ba4b6c9cad12efeeaf053ba383023d5db08 restart: always ports: - - 127.0.0.1:8002:8000 + - 127.0.0.1:8005:8000 # Unstructured API runs on port 8000 internally # We expose it on 8002 externally to avoid conflict profiles: @@ -327,22 +327,22 @@ services: # Smithery stateless deployment mode (ADR-016) # Test with: docker compose --profile smithery up smithery # Then: curl http://localhost:8081/.well-known/mcp-config - smithery: - build: - context: . - dockerfile: Dockerfile.smithery - restart: always - depends_on: - app: - condition: service_healthy - ports: - - 127.0.0.1:8081:8081 - environment: - - SMITHERY_DEPLOYMENT=true - - ENABLE_SEMANTIC_SEARCH=false - - PORT=8081 - profiles: - - smithery + #smithery: + #build: + #context: . + #dockerfile: Dockerfile.smithery + #restart: always + #depends_on: + #app: + #condition: service_healthy + #ports: + #- 127.0.0.1:8081:8081 + #environment: + #- SMITHERY_DEPLOYMENT=true + #- ENABLE_SEMANTIC_SEARCH=false + #- PORT=8081 + #profiles: + #- smithery qdrant: image: docker.io/qdrant/qdrant:v1.17.0@sha256:f1c7272cdac52b38c1a0e89313922d940ba50afd90d593a1605dbbc214e66ffb diff --git a/third_party/oidc b/third_party/oidc index 1f5d9ff..d371a4a 160000 --- a/third_party/oidc +++ b/third_party/oidc @@ -1 +1 @@ -Subproject commit 1f5d9ffe9fdab9237af8ceb767d242a70f05d69d +Subproject commit d371a4a7977275836be9284f7d1061d9375a8d7b