Skip intermediate login page with single provider

This commit is contained in:
Robert Meredith 2022-05-02 20:35:11 +10:00
parent 44013721f0
commit d5ce6b680c
4 changed files with 59 additions and 3 deletions

View File

@ -13,6 +13,11 @@ return [
// Options: standard, ldap, saml2, oidc // Options: standard, ldap, saml2, oidc
'method' => env('AUTH_METHOD', 'standard'), 'method' => env('AUTH_METHOD', 'standard'),
// Automatically redirect to external login provider if only one provider is being used
// instead of displaying a single-button login page and requiring users to click through
// Supported methods: saml2, oidc
'auto_redirect' => env('AUTH_AUTO_REDIRECT', false),
// Authentication Defaults // Authentication Defaults
// This option controls the default authentication "guard" and password // This option controls the default authentication "guard" and password
// reset options for your application. // reset options for your application.

View File

@ -25,14 +25,14 @@ class LoginController extends Controller
| |
*/ */
use AuthenticatesUsers; use AuthenticatesUsers { logout as traitLogout; }
/** /**
* Redirection paths. * Redirection paths.
*/ */
protected $redirectTo = '/'; protected $redirectTo = '/';
protected $redirectPath = '/'; protected $redirectPath = '/';
protected $redirectAfterLogout = '/login'; protected $redirectAfterLogout = '/';
protected $socialAuthService; protected $socialAuthService;
protected $loginService; protected $loginService;
@ -50,7 +50,7 @@ class LoginController extends Controller
$this->loginService = $loginService; $this->loginService = $loginService;
$this->redirectPath = url('/'); $this->redirectPath = url('/');
$this->redirectAfterLogout = url('/login'); $this->redirectAfterLogout = url(config('auth.auto_redirect') ? '/login?logout=1' : '/');
} }
public function username() public function username()
@ -73,6 +73,7 @@ class LoginController extends Controller
{ {
$socialDrivers = $this->socialAuthService->getActiveDrivers(); $socialDrivers = $this->socialAuthService->getActiveDrivers();
$authMethod = config('auth.method'); $authMethod = config('auth.method');
$autoRedirect = config('auth.auto_redirect');
if ($request->has('email')) { if ($request->has('email')) {
session()->flashInput([ session()->flashInput([
@ -84,6 +85,12 @@ class LoginController extends Controller
// Store the previous location for redirect after login // Store the previous location for redirect after login
$this->updateIntendedFromPrevious(); $this->updateIntendedFromPrevious();
if ($autoRedirect && !($request->has('logout') && $request->get('logout') == '1') && count($socialDrivers) == 0 && in_array($authMethod, ['oidc', 'saml2'])) {
return view('auth.login-redirect', [
'authMethod' => $authMethod,
]);
}
return view('auth.login', [ return view('auth.login', [
'socialDrivers' => $socialDrivers, 'socialDrivers' => $socialDrivers,
'authMethod' => $authMethod, 'authMethod' => $authMethod,
@ -251,4 +258,18 @@ class LoginController extends Controller
redirect()->setIntendedUrl($previous); redirect()->setIntendedUrl($previous);
} }
/**
* Logout user and perform subsequent redirect.
*
* @param \Illuminate\Http\Request $request
*
* @return mixed
*/
public function logout(Request $request)
{
$this->traitLogout($request);
return redirect($this->redirectAfterLogout);
}
} }

View File

@ -0,0 +1,16 @@
<!DOCTYPE html>
<html lang="{{ config('app.lang') }}"
dir="{{ config('app.rtl') ? 'rtl' : 'ltr' }}">
<head>
<meta charset="utf-8">
</head>
<body>
<div id="loginredirect-wrapper" style="display:none">
@include('auth.parts.login-form-' . $authMethod)
</div>
<script nonce="{{ $cspNonce }}">
window.onload = function(){document.forms['login-form'].submit()};
</script>
</body>
</html>

View File

@ -26,6 +26,7 @@ class OidcTest extends TestCase
config()->set([ config()->set([
'auth.method' => 'oidc', 'auth.method' => 'oidc',
'auth.auto_redirect' => false,
'auth.defaults.guard' => 'oidc', 'auth.defaults.guard' => 'oidc',
'oidc.name' => 'SingleSignOn-Testing', 'oidc.name' => 'SingleSignOn-Testing',
'oidc.display_name_claims' => ['name'], 'oidc.display_name_claims' => ['name'],
@ -111,6 +112,19 @@ class OidcTest extends TestCase
$this->assertPermissionError($resp); $this->assertPermissionError($resp);
} }
public function test_automatic_redirect_on_login()
{
config()->set([
'auth.auto_redirect' => true,
'services.google.client_id' => false,
'services.github.client_id' => false,
]);
$req = $this->get('/login');
$req->assertSeeText('SingleSignOn-Testing');
$req->assertElementExists('form[action$="/oidc/login"][method=POST] button');
$req->assertElementExists('div#loginredirect-wrapper');
}
public function test_login() public function test_login()
{ {
$req = $this->post('/oidc/login'); $req = $this->post('/oidc/login');