magento
diff --git a/‎app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsCallback.php
+31 b/‎app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsCallback.php
+31
diff --git a/‎app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsReauthCallback.php
+18 b/‎app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsReauthCallback.php
+18
diff --git a/‎app/code/Magento/AdminAdobeIms/Model/ImsConnection.php
+6-2 b/‎app/code/Magento/AdminAdobeIms/Model/ImsConnection.php
+6-2
diff --git a/‎app/code/Magento/AdminAdobeIms/Model/LogOut.php
+6-2 b/‎app/code/Magento/AdminAdobeIms/Model/LogOut.php
+6-2
diff --git a/‎app/code/Magento/AdminAdobeIms/Service/ImsConfig.php
+18-18 b/‎app/code/Magento/AdminAdobeIms/Service/ImsConfig.php
+18-18
diff --git a/‎app/code/Magento/AdminAdobeIms/Service/ImsOrganizationService.php
-1 b/‎app/code/Magento/AdminAdobeIms/Service/ImsOrganizationService.php
-1
@@ -21,7 +21,16 @@
 use Magento\Backend\Model\View\Result\Redirect;
 use Magento\Framework\App\Action\HttpGetActionInterface;
 use Magento\Framework\Exception\AuthenticationException;
+use Magento\Framework\App\ActionInterface;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\App\ResponseInterface;
 
+/**
+ * Class ImsCallback is responsible to get the Access Token, User Profile,
+ * check if the assigned organization is valid, And Check if user exists and then do the login
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class ImsCallback extends Auth implements HttpGetActionInterface
 {
     public const ACTION_NAME = 'imscallback';
@@ -75,6 +84,28 @@ public function __construct(
         $this->logger = $logger;
     }
 
+    /**
+     * Validate IMS state is valid
+     *
+     * @param RequestInterface $request
+     * @return ResponseInterface
+     */
+    public function dispatch(RequestInterface $request)
+    {
+        $request->setParam('form_key', $request->getParam('state', null));
+        if (!$this->_formKeyValidator->validate($request)) {
+            $this->logger->critical(__('Invalid state returned in callback from IMS.'));
+            $this->imsErrorMessage(
+                'Error signing in',
+                'Something went wrong and we could not sign you in. ' .
+                'Please try again or contact your administrator.'
+            );
+            $this->_actionFlag->set('', ActionInterface::FLAG_NO_DISPATCH, true);
+            return $this->_redirect($this->_helper->getHomePageUrl());
+        }
+        return parent::dispatch($request);
+    }
+
     /**
      * Execute AdobeIMS callback
      *
 
@@ -21,6 +21,8 @@
 use Magento\Framework\Controller\Result\Raw;
 use Magento\Framework\Controller\ResultFactory;
 use Magento\Framework\Exception\AuthenticationException;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Exception\NotFoundException;
 
 class ImsReauthCallback extends Auth implements HttpGetActionInterface
 {
@@ -111,6 +113,7 @@ public function execute(): ResultInterface
         }
 
         try {
+            $this->validateStateKey($this->getRequest());
             $code = $this->getRequest()->getParam('code');
 
             if ($code === null) {
@@ -149,4 +152,19 @@ public function execute(): ResultInterface
 
         return $resultRaw;
     }
+
+    /**
+     * Validate IMS state is valid
+     *
+     * @param RequestInterface $request
+     * @return void
+     * @throws NotFoundException
+     */
+    private function validateStateKey(RequestInterface $request): void
+    {
+        $request->setParam('form_key', $request->getParam('state', null));
+        if (!$this->_formKeyValidator->validate($request)) {
+            throw new NotFoundException(__('Invalid state returned from IMS'));
+        }
+    }
 }
@@ -167,8 +167,12 @@ public function validateToken(?string $token, string $tokenType = 'access_token'
         $curl->addHeader('cache-control', 'no-cache');
 
         $curl->post(
-            $this->adminImsConfig->getValidateTokenUrl($token, $tokenType),
-            []
+            $this->adminImsConfig->getValidateTokenUrl(),
+            [
+                'token' => $token,
+                'type' => $tokenType,
+                'client_id' => $this->adminImsConfig->getApiKey()
+            ]
         );
 
         if ($curl->getBody() === '') {
 
@@ -112,8 +112,12 @@ private function externalLogOut(string $accessToken): void
         $curl->addHeader('cache-control', 'no-cache');
 
         $curl->post(
-            $this->adminImsConfig->getBackendLogoutUrl($accessToken),
-            []
+            $this->adminImsConfig->getBackendLogoutUrl(),
+            [
+                'access_token' => $accessToken,
+                'client_secret' => $this->adminImsConfig->getPrivateKey(),
+                'client_id' => $this->adminImsConfig->getApiKey()
+            ]
         );
 
         if ($curl->getStatus() !== self::HTTP_OK || ($this->checkUserProfile($accessToken))) {
 
@@ -18,6 +18,7 @@
 use Magento\Framework\Encryption\EncryptorInterface;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\UrlInterface;
+use Magento\Framework\Data\Form\FormKey;
 
 class ImsConfig extends Config
 {
@@ -58,25 +59,33 @@ class ImsConfig extends Config
      */
     private BackendUrlInterface $backendUrl;
 
+    /**
+     * @var FormKey
+     */
+    private FormKey $formKey;
+
     /**
      * @param ScopeConfigInterface $scopeConfig
      * @param UrlInterface $url
      * @param WriterInterface $writer
      * @param EncryptorInterface $encryptor
      * @param BackendUrlInterface $backendUrl
+     * @param FormKey $formKey
      */
     public function __construct(
         ScopeConfigInterface $scopeConfig,
         UrlInterface $url,
         WriterInterface $writer,
         EncryptorInterface $encryptor,
-        BackendUrlInterface $backendUrl
+        BackendUrlInterface $backendUrl,
+        FormKey $formKey
     ) {
         parent::__construct($scopeConfig, $url);
         $this->writer = $writer;
         $this->encryptor = $encryptor;
         $this->scopeConfig = $scopeConfig;
         $this->backendUrl = $backendUrl;
+        $this->formKey = $formKey;
     }
 
     /**
@@ -180,17 +189,11 @@ public function getProfileUrl(): string
     /**
      * Get Token validation url
      *
-     * @param string $code
-     * @param string $tokenType
      * @return string
      */
-    public function getValidateTokenUrl(string $code, string $tokenType): string
+    public function getValidateTokenUrl(): string
     {
-        return str_replace(
-            ['#{token}', '#{client_id}', '#{token_type}'],
-            [$code, $this->getApiKey(), $tokenType],
-            $this->scopeConfig->getValue(self::XML_PATH_VALIDATE_TOKEN_URL)
-        );
+        return $this->scopeConfig->getValue(self::XML_PATH_VALIDATE_TOKEN_URL);
     }
 
     /**
@@ -253,11 +256,12 @@ public function getAdminAdobeImsAuthUrl(?string $clientId): string
         }
 
         return str_replace(
-            ['#{client_id}', '#{redirect_uri}', '#{scope}', '#{locale}'],
+            ['#{client_id}', '#{redirect_uri}', '#{scope}', '#{state}', '#{locale}'],
             [
                 $clientId,
                 $this->getAdminAdobeImsCallBackUrl(),
                 $this->getScopes(),
+                $this->formKey->getFormKey(),
                 $this->getLocale()
             ],
             $this->scopeConfig->getValue(self::XML_PATH_ADMIN_AUTH_URL_PATTERN)
@@ -272,11 +276,12 @@ public function getAdminAdobeImsAuthUrl(?string $clientId): string
     public function getAdminAdobeImsReAuthUrl(): string
     {
         return str_replace(
-            ['#{client_id}', '#{redirect_uri}', '#{scope}', '#{locale}'],
+            ['#{client_id}', '#{redirect_uri}', '#{scope}', '#{state}', '#{locale}'],
             [
                 $this->getApiKey(),
                 $this->getAdminAdobeImsReAuthCallBackUrl(),
                 $this->getScopes(),
+                $this->formKey->getFormKey(),
                 $this->getLocale()
             ],
             $this->scopeConfig->getValue(self::XML_PATH_ADMIN_REAUTH_URL_PATTERN)
@@ -345,16 +350,11 @@ private function getLocale(): string
     /**
      * Get BackendLogout URL
      *
-     * @param string $accessToken
      * @return string
      */
-    public function getBackendLogoutUrl(string $accessToken) : string
+    public function getBackendLogoutUrl() : string
     {
-        return str_replace(
-            ['#{access_token}', '#{client_secret}', '#{client_id}'],
-            [$accessToken, $this->getPrivateKey(), $this->getApiKey()],
-            $this->scopeConfig->getValue(self::XML_PATH_ADMIN_LOGOUT_URL)
-        );
+        return $this->scopeConfig->getValue(self::XML_PATH_ADMIN_LOGOUT_URL);
     }
 
     /**
 
@@ -75,7 +75,6 @@ public function checkOrganizationMembership(string $access_token): void
                     __('User is not a member of configured Adobe Organization.')
                 );
             }
-
         } catch (\Exception $exception) {
             throw new AdobeImsOrganizationAuthorizationException(
                 __('Organization Membership check can\'t be performed')
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,6 @@ public function checkOrganizationMembership(string $access_token): void`
`75`	`75`	`__('User is not a member of configured Adobe Organization.')`
`76`	`76`	`);`
`77`	`77`	`}`
`78`		`-`
`79`	`78`	`} catch (\Exception $exception) {`
`80`	`79`	`throw new AdobeImsOrganizationAuthorizationException(`
`81`	`80`	`__('Organization Membership check can\'t be performed')`