Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
06a0d829c8
BookStack/app/Http/Controllers/Auth/OpenIdConnectController.php

57 lines
1.5 KiB
PHP
Raw Normal View History

Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8.
2021-10-06 18:05:26 -04:00
<?php
namespace BookStack\Http\Controllers\Auth;
Added token and key handling elements for oidc jwt - Got basic signing support and structure checking done. - Need to run through actual claim checking before providing details back to app.
2021-10-11 14:05:16 -04:00
use BookStack\Auth\Access\OpenIdConnect\OpenIdConnectService;
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8.
2021-10-06 18:05:26 -04:00
use BookStack\Http\Controllers\Controller;
use Illuminate\Http\Request;
class OpenIdConnectController extends Controller
{
protected $oidcService;
/**
* OpenIdController constructor.
*/
public function __construct(OpenIdConnectService $oidcService)
{
$this->oidcService = $oidcService;
$this->middleware('guard:oidc');
}
/**
* Start the authorization login flow via OIDC.
*/
public function login()
{
$loginDetails = $this->oidcService->login();
session()->flash('oidc_state', $loginDetails['state']);
return redirect($loginDetails['url']);
}
/**
* Authorization flow redirect.
* Processes authorization response from the OIDC Authorization Server.
*/
public function redirect(Request $request)
{
$storedState = session()->pull('oidc_state');
$responseState = $request->query('state');
if ($storedState !== $responseState) {
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
return redirect('/login');
}
$user = $this->oidcService->processAuthorizeResponse($request->query('code'));
if ($user === null) {
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
return redirect('/login');
}
return redirect()->intended();
}
}
Reference in New Issue Copy Permalink