| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-18 00:56:55 +08:00
										 |  |  | namespace BookStack\Access\Controllers; | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-18 00:56:55 +08:00
										 |  |  | use BookStack\Access\Oidc\OidcException; | 
					
						
							|  |  |  | use BookStack\Access\Oidc\OidcService; | 
					
						
							| 
									
										
										
										
											2023-05-19 03:53:39 +08:00
										 |  |  | use BookStack\Http\Controller; | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  | use Illuminate\Http\Request; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-13 23:51:27 +08:00
										 |  |  | class OidcController extends Controller | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2022-02-24 22:16:09 +08:00
										 |  |  |     protected OidcService $oidcService; | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-13 06:04:28 +08:00
										 |  |  |     public function __construct(OidcService $oidcService) | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         $this->oidcService = $oidcService; | 
					
						
							|  |  |  |         $this->middleware('guard:oidc'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Start the authorization login flow via OIDC. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function login() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-02-24 22:16:09 +08:00
										 |  |  |         try { | 
					
						
							|  |  |  |             $loginDetails = $this->oidcService->login(); | 
					
						
							|  |  |  |         } catch (OidcException $exception) { | 
					
						
							|  |  |  |             $this->showErrorNotification($exception->getMessage()); | 
					
						
							| 
									
										
										
										
											2022-02-24 23:04:09 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-24 22:16:09 +08:00
										 |  |  |             return redirect('/login'); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  |         session()->flash('oidc_state', $loginDetails['state']); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return redirect($loginDetails['url']); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2021-10-13 23:51:27 +08:00
										 |  |  |      * Authorization flow redirect callback. | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  |      * Processes authorization response from the OIDC Authorization Server. | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2021-10-13 23:51:27 +08:00
										 |  |  |     public function callback(Request $request) | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         $storedState = session()->pull('oidc_state'); | 
					
						
							|  |  |  |         $responseState = $request->query('state'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ($storedState !== $responseState) { | 
					
						
							|  |  |  |             $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')])); | 
					
						
							| 
									
										
										
										
											2021-10-16 23:01:59 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  |             return redirect('/login'); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-24 22:16:09 +08:00
										 |  |  |         try { | 
					
						
							|  |  |  |             $this->oidcService->processAuthorizeResponse($request->query('code')); | 
					
						
							|  |  |  |         } catch (OidcException $oidcException) { | 
					
						
							|  |  |  |             $this->showErrorNotification($oidcException->getMessage()); | 
					
						
							| 
									
										
										
										
											2022-02-24 23:04:09 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-24 22:16:09 +08:00
										 |  |  |             return redirect('/login'); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2021-10-16 23:01:59 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  |         return redirect()->intended(); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2023-08-29 13:07:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2023-12-06 21:49:53 +08:00
										 |  |  |      * Log the user out then start the OIDC RP-initiated logout process. | 
					
						
							| 
									
										
										
										
											2023-08-29 13:07:21 +08:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function logout() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-12-06 21:49:53 +08:00
										 |  |  |         return redirect($this->oidcService->logout()); | 
					
						
							| 
									
										
										
										
											2023-08-29 13:07:21 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-10-07 06:05:26 +08:00
										 |  |  | } |