71 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			PHP
		
	
	
	
			
		
		
	
	
			71 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			PHP
		
	
	
	
| <?php
 | |
| 
 | |
| namespace BookStack\Http\Controllers\Auth;
 | |
| 
 | |
| use BookStack\Auth\Access\OpenIdService;
 | |
| use BookStack\Http\Controllers\Controller;
 | |
| 
 | |
| class OpenIdController extends Controller
 | |
| {
 | |
| 
 | |
|     protected $openidService;
 | |
| 
 | |
|     /**
 | |
|      * OpenIdController constructor.
 | |
|      */
 | |
|     public function __construct(OpenIdService $openidService)
 | |
|     {
 | |
|         parent::__construct();
 | |
|         $this->openidService = $openidService;
 | |
|         $this->middleware('guard:openid');
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Start the authorization login flow via OpenId Connect.
 | |
|      */
 | |
|     public function login()
 | |
|     {
 | |
|         $loginDetails = $this->openidService->login();
 | |
|         session()->flash('openid_state', $loginDetails['state']);
 | |
| 
 | |
|         return redirect($loginDetails['url']);
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Start the logout flow via OpenId Connect.
 | |
|      */
 | |
|     public function logout()
 | |
|     {
 | |
|         $logoutDetails = $this->openidService->logout();
 | |
| 
 | |
|         if ($logoutDetails['id']) {
 | |
|             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
 | |
|         }
 | |
| 
 | |
|         return redirect($logoutDetails['url']);
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Authorization flow Redirect.
 | |
|      * Processes authorization response from the OpenId Connect Authorization Server.
 | |
|      */
 | |
|     public function redirect()
 | |
|     {
 | |
|         $storedState = session()->pull('openid_state');
 | |
|         $responseState = request()->query('state');
 | |
| 
 | |
|         if ($storedState !== $responseState) {
 | |
|             $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
 | |
|             return redirect('/login');
 | |
|         }
 | |
| 
 | |
|         $user = $this->openidService->processAuthorizeResponse(request()->query('code'));
 | |
|         if ($user === null) {
 | |
|             $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
 | |
|             return redirect('/login');
 | |
|         }
 | |
| 
 | |
|         return redirect()->intended();
 | |
|     }
 | |
| }
 |