Skip intermediate login page with single provider

2024-10-01 01:36:00 -04:00 · 2022-05-02 20:35:11 +10:00 · 2022-05-02 20:35:11 +10:00 · d5ce6b680c
commit d5ce6b680c
parent 44013721f0
4 changed files with 59 additions and 3 deletions
--- a/app/Config/auth.php
+++ b/app/Config/auth.php
@ -13,6 +13,11 @@ return [
    // Options: standard, ldap, saml2, oidc
    'method' => env('AUTH_METHOD', 'standard'),

+    // Automatically redirect to external login provider if only one provider is being used
+    // instead of displaying a single-button login page and requiring users to click through
+    // Supported methods: saml2, oidc
+    'auto_redirect' => env('AUTH_AUTO_REDIRECT', false),
+
    // Authentication Defaults
    // This option controls the default authentication "guard" and password
    // reset options for your application.
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -25,14 +25,14 @@ class LoginController extends Controller
    |
    */

-    use AuthenticatesUsers;
+    use AuthenticatesUsers { logout as traitLogout; }

    /**
     * Redirection paths.
     */
    protected $redirectTo = '/';
    protected $redirectPath = '/';
-    protected $redirectAfterLogout = '/login';
+    protected $redirectAfterLogout = '/';

    protected $socialAuthService;
    protected $loginService;
@ -50,7 +50,7 @@ class LoginController extends Controller
        $this->loginService = $loginService;

        $this->redirectPath = url('/');
-        $this->redirectAfterLogout = url('/login');
+        $this->redirectAfterLogout = url(config('auth.auto_redirect') ? '/login?logout=1' : '/');
    }

    public function username()
@ -73,6 +73,7 @@ class LoginController extends Controller
    {
        $socialDrivers = $this->socialAuthService->getActiveDrivers();
        $authMethod = config('auth.method');
+        $autoRedirect = config('auth.auto_redirect');

        if ($request->has('email')) {
            session()->flashInput([
@ -84,6 +85,12 @@ class LoginController extends Controller
        // Store the previous location for redirect after login
        $this->updateIntendedFromPrevious();

+        if ($autoRedirect && !($request->has('logout') && $request->get('logout') == '1') && count($socialDrivers) == 0 && in_array($authMethod, ['oidc', 'saml2'])) {
+            return view('auth.login-redirect', [
+                'authMethod'    => $authMethod,
+            ]);
+        }
+
        return view('auth.login', [
            'socialDrivers' => $socialDrivers,
            'authMethod'    => $authMethod,
@ -251,4 +258,18 @@ class LoginController extends Controller

        redirect()->setIntendedUrl($previous);
    }
+
+    /**
+     * Logout user and perform subsequent redirect.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return mixed
+     */
+    public function logout(Request $request)
+    {
+        $this->traitLogout($request);
+
+        return redirect($this->redirectAfterLogout);
+    }
 }
--- a/resources/views/auth/login-redirect.blade.php
+++ b/resources/views/auth/login-redirect.blade.php
@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="{{ config('app.lang') }}"
+      dir="{{ config('app.rtl') ? 'rtl' : 'ltr' }}">
+<head>
+    <meta charset="utf-8">
+</head>
+<body>
+    <div id="loginredirect-wrapper" style="display:none">
+        @include('auth.parts.login-form-' . $authMethod)
+    </div>
+
+    <script nonce="{{ $cspNonce }}">
+        window.onload = function(){document.forms['login-form'].submit()};
+    </script>
+</body>
+</html>
--- a/tests/Auth/OidcTest.php
+++ b/tests/Auth/OidcTest.php
@ -26,6 +26,7 @@ class OidcTest extends TestCase

        config()->set([
            'auth.method'                 => 'oidc',
+            'auth.auto_redirect'          => false,
            'auth.defaults.guard'         => 'oidc',
            'oidc.name'                   => 'SingleSignOn-Testing',
            'oidc.display_name_claims'    => ['name'],
@ -111,6 +112,19 @@ class OidcTest extends TestCase
        $this->assertPermissionError($resp);
    }

+    public function test_automatic_redirect_on_login()
+    {
+        config()->set([
+            'auth.auto_redirect'        => true,
+            'services.google.client_id' => false,
+            'services.github.client_id' => false,
+        ]);
+        $req = $this->get('/login');
+        $req->assertSeeText('SingleSignOn-Testing');
+        $req->assertElementExists('form[action$="/oidc/login"][method=POST] button');
+        $req->assertElementExists('div#loginredirect-wrapper');
+    }
+
    public function test_login()
    {
        $req = $this->post('/oidc/login');