From 9333f1490683a5e76d7e7b4169185ae4350c1b9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20St=C3=BCckler?= <moritz@bitbetter.de>
Date: Wed, 1 Apr 2026 00:10:58 +0200
Subject: [PATCH] feat: always pass jwt for a jwt-enabled site
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Moritz Stückler <moritz@bitbetter.de>
---
 lib/Controller/APIController.php  |  2 +-
 lib/Controller/SiteController.php | 12 ++++++++++--
 lib/SitesManager.php              |  4 ++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/Controller/APIController.php b/lib/Controller/APIController.php
index aa2e3689..4e3be6cd 100644
--- a/lib/Controller/APIController.php
+++ b/lib/Controller/APIController.php
@@ -74,7 +74,7 @@ public function get(): DataResponse {
 
 			$site['redirect'] = (int)$site['redirect'];
 
-			unset($site['lang'], $site['device'], $site['groups']);
+			unset($site['lang'], $site['device'], $site['groups'], $site['jwt']);
 			$sites[] = $site;
 		}
 
diff --git a/lib/Controller/SiteController.php b/lib/Controller/SiteController.php
index 120ab1cf..0fc66286 100644
--- a/lib/Controller/SiteController.php
+++ b/lib/Controller/SiteController.php
@@ -109,9 +109,17 @@ protected function createResponse(int $id, array $site, string $path = ''): Temp
 				$url .= ':' . $parts['port'];
 			}
 			$url .= rtrim($parts['path'] ?? '', '/') . '/' . $path;
-			if (isset($parts['query'])) {
-				$url .= '?' . $parts['query'];
+
+			// Ensure the JWT is attached as a query parameter for deep links
+			$query = $parts['query'] ?? '';
+			if (isset($site['jwt']) && !preg_match('/(^|&)jwt=/', $query)) {
+				$jwtParam = 'jwt=' . rawurlencode($site['jwt']);
+				$query = $query !== '' ? $query . '&' . $jwtParam : $jwtParam;
+			}
+			if ($query !== '') {
+				$url .= '?' . $query;
 			}
+
 			if (isset($parts['fragment'])) {
 				$url .= '#' . $parts['fragment'];
 			}
diff --git a/lib/SitesManager.php b/lib/SitesManager.php
index c720759f..16a23146 100644
--- a/lib/SitesManager.php
+++ b/lib/SitesManager.php
@@ -139,6 +139,10 @@ public function getSitesToDisplay() {
 				continue;
 			}
 
+			if (str_contains($site['url'], '{jwt}') && $jwt !== '') {
+				$site['jwt'] = $jwt;
+			}
+
 			$site['url'] = str_replace(
 				['{email}', '{uid}', '{displayname}', '{jwt}', '{groups}', '{language}', '{locale}'],
 				array_map('rawurlencode', [$email, $uid, $displayName, $jwt, implode(',', $groups), $lang, $locale]),