BookStack/app/Http/Controllers/Auth/OidcController.php

<?php

namespace BookStack\Http\Controllers\Auth;

use BookStack\Auth\Access\Oidc\OidcService;
use BookStack\Http\Controllers\Controller;
use Illuminate\Http\Request;

class OidcController extends Controller
{
    protected $oidcService;

    /**
     * OpenIdController constructor.
     */
    public function __construct(OidcService $oidcService)
    {
        $this->oidcService = $oidcService;
        $this->middleware('guard:oidc');
    }

    /**
     * Start the authorization login flow via OIDC.
     */
    public function login()
    {
        $loginDetails = $this->oidcService->login();
        session()->flash('oidc_state', $loginDetails['state']);

        return redirect($loginDetails['url']);
    }

    /**
     * Authorization flow redirect callback.
     * Processes authorization response from the OIDC Authorization Server.
     */
    public function callback(Request $request)
    {
        $storedState = session()->pull('oidc_state');
        $responseState = $request->query('state');

        if ($storedState !== $responseState) {
            $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));

            return redirect('/login');
        }

        $this->oidcService->processAuthorizeResponse($request->query('code'));

        return redirect()->intended();
    }
}
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`<?php`

			`namespace BookStack\Http\Controllers\Auth;`

Renamed OIDC files to all be aligned 2021-10-12 18:04:28 -04:00			`use BookStack\Auth\Access\Oidc\OidcService;`
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`use BookStack\Http\Controllers\Controller;`
			`use Illuminate\Http\Request;`

Fleshed out testing for OIDC system 2021-10-13 11:51:27 -04:00			`class OidcController extends Controller`
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`{`
			`protected $oidcService;`

			`/**`
			`* OpenIdController constructor.`
			`*/`
Renamed OIDC files to all be aligned 2021-10-12 18:04:28 -04:00			`public function __construct(OidcService $oidcService)`
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`{`
			`$this->oidcService = $oidcService;`
			`$this->middleware('guard:oidc');`
			`}`

			`/**`
			`* Start the authorization login flow via OIDC.`
			`*/`
			`public function login()`
			`{`
			`$loginDetails = $this->oidcService->login();`
			`session()->flash('oidc_state', $loginDetails['state']);`

			`return redirect($loginDetails['url']);`
			`}`

			`/**`
Fleshed out testing for OIDC system 2021-10-13 11:51:27 -04:00			`* Authorization flow redirect callback.`
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`* Processes authorization response from the OIDC Authorization Server.`
			`*/`
Fleshed out testing for OIDC system 2021-10-13 11:51:27 -04:00			`public function callback(Request $request)`
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`{`
			`$storedState = session()->pull('oidc_state');`
			`$responseState = $request->query('state');`

			`if ($storedState !== $responseState) {`
			`$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));`
Applied latest styles changes from style CI 2021-10-16 11:01:59 -04:00
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`return redirect('/login');`
			`}`

Fleshed out testing for OIDC system 2021-10-13 11:51:27 -04:00			`$this->oidcService->processAuthorizeResponse($request->query('code'));`
Applied latest styles changes from style CI 2021-10-16 11:01:59 -04:00
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 18:05:26 -04:00			`return redirect()->intended();`
			`}`
			`}`