mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-02-28 00:58:56 +08:00
71 lines
1.9 KiB
PHP
71 lines
1.9 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Controllers\Auth;
|
|
|
|
use BookStack\Auth\Access\OpenIdService;
|
|
use BookStack\Http\Controllers\Controller;
|
|
|
|
class OpenIdController extends Controller
|
|
{
|
|
|
|
protected $openidService;
|
|
|
|
/**
|
|
* OpenIdController constructor.
|
|
*/
|
|
public function __construct(OpenIdService $openidService)
|
|
{
|
|
parent::__construct();
|
|
$this->openidService = $openidService;
|
|
$this->middleware('guard:openid');
|
|
}
|
|
|
|
/**
|
|
* Start the authorization login flow via OpenId Connect.
|
|
*/
|
|
public function login()
|
|
{
|
|
$loginDetails = $this->openidService->login();
|
|
session()->flash('openid_state', $loginDetails['state']);
|
|
|
|
return redirect($loginDetails['url']);
|
|
}
|
|
|
|
/**
|
|
* Start the logout flow via OpenId Connect.
|
|
*/
|
|
public function logout()
|
|
{
|
|
$logoutDetails = $this->openidService->logout();
|
|
|
|
if ($logoutDetails['id']) {
|
|
session()->flash('saml2_logout_request_id', $logoutDetails['id']);
|
|
}
|
|
|
|
return redirect($logoutDetails['url']);
|
|
}
|
|
|
|
/**
|
|
* Authorization flow Redirect.
|
|
* Processes authorization response from the OpenId Connect Authorization Server.
|
|
*/
|
|
public function redirect()
|
|
{
|
|
$storedState = session()->pull('openid_state');
|
|
$responseState = request()->query('state');
|
|
|
|
if ($storedState !== $responseState) {
|
|
$this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
|
|
return redirect('/login');
|
|
}
|
|
|
|
$user = $this->openidService->processAuthorizeResponse(request()->query('code'));
|
|
if ($user === null) {
|
|
$this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
|
|
return redirect('/login');
|
|
}
|
|
|
|
return redirect()->intended();
|
|
}
|
|
}
|