2019-11-17 08:26:43 -05:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace BookStack\Http\Controllers\Auth;
|
|
|
|
|
|
|
|
use BookStack\Auth\Access\Saml2Service;
|
|
|
|
use BookStack\Http\Controllers\Controller;
|
|
|
|
|
|
|
|
class Saml2Controller extends Controller
|
|
|
|
{
|
|
|
|
|
|
|
|
protected $samlService;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Saml2Controller constructor.
|
|
|
|
*/
|
|
|
|
public function __construct(Saml2Service $samlService)
|
|
|
|
{
|
|
|
|
parent::__construct();
|
|
|
|
$this->samlService = $samlService;
|
2019-11-17 14:15:37 -05:00
|
|
|
|
|
|
|
// SAML2 access middleware
|
|
|
|
$this->middleware(function ($request, $next) {
|
2020-02-02 05:59:03 -05:00
|
|
|
|
|
|
|
if (config('auth.method') !== 'saml2') {
|
2019-11-17 14:15:37 -05:00
|
|
|
$this->showPermissionError();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $next($request);
|
|
|
|
});
|
2019-11-17 08:26:43 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Start the login flow via SAML2.
|
|
|
|
*/
|
|
|
|
public function login()
|
|
|
|
{
|
|
|
|
$loginDetails = $this->samlService->login();
|
|
|
|
session()->flash('saml2_request_id', $loginDetails['id']);
|
|
|
|
|
|
|
|
return redirect($loginDetails['url']);
|
|
|
|
}
|
|
|
|
|
2019-11-17 10:40:36 -05:00
|
|
|
/**
|
|
|
|
* Start the logout flow via SAML2.
|
|
|
|
*/
|
|
|
|
public function logout()
|
|
|
|
{
|
|
|
|
$logoutDetails = $this->samlService->logout();
|
|
|
|
|
|
|
|
if ($logoutDetails['id']) {
|
|
|
|
session()->flash('saml2_logout_request_id', $logoutDetails['id']);
|
|
|
|
}
|
|
|
|
|
|
|
|
return redirect($logoutDetails['url']);
|
|
|
|
}
|
|
|
|
|
2019-11-17 08:26:43 -05:00
|
|
|
/*
|
|
|
|
* Get the metadata for this SAML2 service provider.
|
|
|
|
*/
|
|
|
|
public function metadata()
|
|
|
|
{
|
|
|
|
$metaData = $this->samlService->metadata();
|
|
|
|
return response()->make($metaData, 200, [
|
|
|
|
'Content-Type' => 'text/xml'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Single logout service.
|
|
|
|
* Handle logout requests and responses.
|
|
|
|
*/
|
|
|
|
public function sls()
|
|
|
|
{
|
2019-11-17 10:40:36 -05:00
|
|
|
$requestId = session()->pull('saml2_logout_request_id', null);
|
|
|
|
$redirect = $this->samlService->processSlsResponse($requestId) ?? '/';
|
|
|
|
return redirect($redirect);
|
2019-11-17 08:26:43 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Assertion Consumer Service.
|
|
|
|
* Processes the SAML response from the IDP.
|
|
|
|
*/
|
|
|
|
public function acs()
|
|
|
|
{
|
|
|
|
$requestId = session()->pull('saml2_request_id', null);
|
|
|
|
|
|
|
|
$user = $this->samlService->processAcsResponse($requestId);
|
|
|
|
if ($user === null) {
|
|
|
|
$this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
|
|
|
|
return redirect('/login');
|
|
|
|
}
|
|
|
|
|
2019-11-17 10:40:36 -05:00
|
|
|
session()->put('last_login_type', 'saml2');
|
2019-11-17 08:26:43 -05:00
|
|
|
return redirect()->intended();
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|