BookStack/app/Access/Controllers/OidcController.php

72 lines
1.8 KiB
PHP
Raw Normal View History

<?php
2023-05-18 00:56:55 +08:00
namespace BookStack\Access\Controllers;
2023-05-18 00:56:55 +08:00
use BookStack\Access\Oidc\OidcException;
use BookStack\Access\Oidc\OidcService;
use BookStack\Http\Controller;
use Illuminate\Http\Request;
2021-10-13 23:51:27 +08:00
class OidcController extends Controller
{
protected OidcService $oidcService;
2021-10-13 06:04:28 +08:00
public function __construct(OidcService $oidcService)
{
$this->oidcService = $oidcService;
$this->middleware('guard:oidc');
}
/**
* Start the authorization login flow via OIDC.
*/
public function login()
{
try {
$loginDetails = $this->oidcService->login();
} catch (OidcException $exception) {
$this->showErrorNotification($exception->getMessage());
2022-02-24 23:04:09 +08:00
return redirect('/login');
}
session()->flash('oidc_state', $loginDetails['state']);
return redirect($loginDetails['url']);
}
/**
2021-10-13 23:51:27 +08:00
* Authorization flow redirect callback.
* Processes authorization response from the OIDC Authorization Server.
*/
2021-10-13 23:51:27 +08:00
public function callback(Request $request)
{
$storedState = session()->pull('oidc_state');
$responseState = $request->query('state');
if ($storedState !== $responseState) {
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
return redirect('/login');
}
try {
$this->oidcService->processAuthorizeResponse($request->query('code'));
} catch (OidcException $oidcException) {
$this->showErrorNotification($oidcException->getMessage());
2022-02-24 23:04:09 +08:00
return redirect('/login');
}
return redirect()->intended();
}
2023-08-29 13:07:21 +08:00
/**
* Log the user out then start the OIDC RP-initiated logout process.
2023-08-29 13:07:21 +08:00
*/
public function logout()
{
return redirect($this->oidcService->logout());
2023-08-29 13:07:21 +08:00
}
}