Fix Oauth issues with use_secure_urls=true (#9722)

CHANGELOG.md

@@ -73,6 +73,7 @@
 - Fix plugin "virtuser_file" to handle backward slashes in username (#9668)
 - Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689)
 - Fix insert_or_update() and reading database server config on PostgreSQL (#9710)
+- Fix Oauth issues with use_secure_urls=true (#9722)
 
 ## Release 1.6.9
 

config/defaults.inc.php

@@ -346,7 +346,7 @@
 $config['oauth_client_secret'] = null;
 
 // Optional: the OIDC discovery URI (the 'https://.../.well-known/openid-configuration')
-// if specified, the discovery will supersede `oauth_issuer`, `auth_auth_uri`, `oauth_token_uri`, `oauth_identity_uri`, `oauth_logout_uri`, `oauth_jwks_uri`
+// if specified, the discovery will supersede `oauth_issuer`, `oauth_auth_uri`, `oauth_token_uri`, `oauth_identity_uri`, `oauth_logout_uri`, `oauth_jwks_uri`
 // it is recommanded to activate a cache via `oauth_cache` and `oauth_cache_ttl`
 $config['oauth_config_uri'] = null;
 

program/include/rcmail_oauth.php

@@ -454,11 +454,20 @@ public function jwt_decode($jwt)
      */
     public function get_redirect_uri()
     {
-        $url = $this->rcmail->url([], true, true);
+        $url = $this->rcmail->url([]);
 
         // rewrite redirect URL to not contain query parameters because some providers do not support this
         $url = preg_replace('/\?.*/', '', $url);
 
+        // Get rid of the use_secure_urls token from the path
+        // It can happen after you log out that the token is still in the current request path
+        if ($len = $this->rcmail->config->get('use_secure_urls')) {
+             $length = $len > 1 ? $len : 16;
+             $url = preg_replace("~^/[0-9a-zA-Z]{{$length}}/~", '/', $url);
+        }
+
+        $url = rcube_utils::resolve_url($url);
+
         return slashify($url) . 'index.php/login/oauth';
     }