From df02322d6a38e6691ec066d83ee7e6ca34a1054d Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 3 Dec 2024 12:36:18 +0100
Subject: [PATCH] Fix Oauth issues with use_secure_urls=true (#9722)

---
 CHANGELOG.md                     |  1 +
 program/actions/login/oauth.php  |  3 +--
 program/include/rcmail_oauth.php | 11 ++++++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 57dc11ceedc..d7b020adfc1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@
 - Fix plugin "virtuser_file" to handle backward slashes in username (#9668)
 - Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689)
 - Fix insert_or_update() and reading database server config on PostgreSQL (#9710)
+- Fix Oauth issues with use_secure_urls=true (#9722)
 
 ## Release 1.6.9
 
diff --git a/program/actions/login/oauth.php b/program/actions/login/oauth.php
index 9842f4db0e5..03a80c7bfee 100644
--- a/program/actions/login/oauth.php
+++ b/program/actions/login/oauth.php
@@ -66,8 +66,7 @@ public function run($args = [])
                     unset($redir['abort'], $redir['_err']);
 
                     // send redirect
-                    header('Location: ' . $rcmail->url($redir, true, false));
-                    exit;
+                    $rcmail->output->redirect($redir, 0, true);
                 }
                 else {
                     $rcmail->output->show_message('loginfailed', 'warning');
diff --git a/program/include/rcmail_oauth.php b/program/include/rcmail_oauth.php
index c5859dc1d02..1c2244eac84 100644
--- a/program/include/rcmail_oauth.php
+++ b/program/include/rcmail_oauth.php
@@ -121,11 +121,20 @@ public function is_enabled()
      */
     public function get_redirect_uri()
     {
-        $url = $this->rcmail->url([], true, true);
+        $url = $this->rcmail->url([]);
 
         // rewrite redirect URL to not contain query parameters because some providers do not support this
         $url = preg_replace('/\?.*/', '', $url);
 
+        // Get rid of the use_secure_urls token from the path
+        // It can happen after you log out that the token is still in the current request path
+        if ($len = $this->rcmail->config->get('use_secure_urls')) {
+             $length = $len > 1 ? $len : 16;
+             $url = preg_replace("~^/[0-9a-zA-Z]{{$length}}/~", '/', $url);
+        }
+
+        $url = rcube_utils::resolve_url($url);
+
         return slashify($url) . 'index.php/login/oauth';
     }