BookStack/app/Http/Controllers/Auth/OidcController.php

65 lines
1.7 KiB
PHP
Raw Normal View History

<?php
namespace BookStack\Http\Controllers\Auth;
2021-10-12 18:04:28 -04:00
use BookStack\Auth\Access\Oidc\OidcService;
use BookStack\Auth\Access\Oidc\OidcException;
use BookStack\Http\Controllers\Controller;
use Illuminate\Http\Request;
2021-10-13 11:51:27 -04:00
class OidcController extends Controller
{
protected OidcService $oidcService;
/**
* OpenIdController constructor.
*/
2021-10-12 18:04:28 -04:00
public function __construct(OidcService $oidcService)
{
$this->oidcService = $oidcService;
$this->middleware('guard:oidc');
}
/**
* Start the authorization login flow via OIDC.
*/
public function login()
{
try {
$loginDetails = $this->oidcService->login();
} catch (OidcException $exception) {
$this->showErrorNotification($exception->getMessage());
return redirect('/login');
}
session()->flash('oidc_state', $loginDetails['state']);
return redirect($loginDetails['url']);
}
/**
2021-10-13 11:51:27 -04:00
* Authorization flow redirect callback.
* Processes authorization response from the OIDC Authorization Server.
*/
2021-10-13 11:51:27 -04:00
public function callback(Request $request)
{
$storedState = session()->pull('oidc_state');
$responseState = $request->query('state');
if ($storedState !== $responseState) {
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
return redirect('/login');
}
try {
$this->oidcService->processAuthorizeResponse($request->query('code'));
} catch (OidcException $oidcException) {
$this->showErrorNotification($oidcException->getMessage());
return redirect('/login');
}
return redirect()->intended();
}
}