BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/Saml2Controller.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\Saml2Service;
   6 use BookStack\Http\Controllers\Controller;
   7
   8 class Saml2Controller extends Controller
   9 {
  10
  11     protected $samlService;
  12
  13     /**
  14      * Saml2Controller constructor.
  15      */
  16     public function __construct(Saml2Service $samlService)
  17     {
  18         parent::__construct();
  19         $this->samlService = $samlService;
  20
  21         // SAML2 access middleware
  22         $this->middleware(function ($request, $next) {
  23
  24             if (config('auth.method') !== 'saml2') {
  25                 $this->showPermissionError();
  26             }
  27
  28             return $next($request);
  29         });
  30     }
  31
  32     /**
  33      * Start the login flow via SAML2.
  34      */
  35     public function login()
  36     {
  37         $loginDetails = $this->samlService->login();
  38         session()->flash('saml2_request_id', $loginDetails['id']);
  39
  40         return redirect($loginDetails['url']);
  41     }
  42
  43     /**
  44      * Start the logout flow via SAML2.
  45      */
  46     public function logout()
  47     {
  48         $logoutDetails = $this->samlService->logout();
  49
  50         if ($logoutDetails['id']) {
  51             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
  52         }
  53
  54         return redirect($logoutDetails['url']);
  55     }
  56
  57     /*
  58      * Get the metadata for this SAML2 service provider.
  59      */
  60     public function metadata()
  61     {
  62         $metaData = $this->samlService->metadata();
  63         return response()->make($metaData, 200, [
  64             'Content-Type' => 'text/xml'
  65         ]);
  66     }
  67
  68     /**
  69      * Single logout service.
  70      * Handle logout requests and responses.
  71      */
  72     public function sls()
  73     {
  74         $requestId = session()->pull('saml2_logout_request_id', null);
  75         $redirect = $this->samlService->processSlsResponse($requestId) ?? '/';
  76         return redirect($redirect);
  77     }
  78
  79     /**
  80      * Assertion Consumer Service.
  81      * Processes the SAML response from the IDP.
  82      */
  83     public function acs()
  84     {
  85         $requestId = session()->pull('saml2_request_id', null);
  86
  87         $user = $this->samlService->processAcsResponse($requestId);
  88         if ($user === null) {
  89             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
  90             return redirect('/login');
  91         }
  92
  93         session()->put('last_login_type', 'saml2');
  94         return redirect()->intended();
  95     }
  96
  97 }