X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/3a17ba2cb9e923d70df6439be242df49918389fa..refs/pull/2902/head:/app/Http/Controllers/Auth/Saml2Controller.php

diff --git a/app/Http/Controllers/Auth/Saml2Controller.php b/app/Http/Controllers/Auth/Saml2Controller.php
index d54e925bb..14eb65b71 100644
--- a/app/Http/Controllers/Auth/Saml2Controller.php
+++ b/app/Http/Controllers/Auth/Saml2Controller.php
@@ -4,11 +4,9 @@ namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Auth\Access\Saml2Service;
 use BookStack\Http\Controllers\Controller;
-use Illuminate\Http\Request;
 
 class Saml2Controller extends Controller
 {
-
     protected $samlService;
 
     /**
@@ -16,8 +14,8 @@ class Saml2Controller extends Controller
      */
     public function __construct(Saml2Service $samlService)
     {
-        parent::__construct();
         $this->samlService = $samlService;
+        $this->middleware('guard:saml2');
     }
 
     /**
@@ -31,14 +29,29 @@ class Saml2Controller extends Controller
         return redirect($loginDetails['url']);
     }
 
+    /**
+     * Start the logout flow via SAML2.
+     */
+    public function logout()
+    {
+        $logoutDetails = $this->samlService->logout();
+
+        if ($logoutDetails['id']) {
+            session()->flash('saml2_logout_request_id', $logoutDetails['id']);
+        }
+
+        return redirect($logoutDetails['url']);
+    }
+
     /*
      * Get the metadata for this SAML2 service provider.
      */
     public function metadata()
     {
         $metaData = $this->samlService->metadata();
+
         return response()->make($metaData, 200, [
-            'Content-Type' => 'text/xml'
+            'Content-Type' => 'text/xml',
         ]);
     }
 
@@ -48,7 +61,10 @@ class Saml2Controller extends Controller
      */
     public function sls()
     {
-        // TODO
+        $requestId = session()->pull('saml2_logout_request_id', null);
+        $redirect = $this->samlService->processSlsResponse($requestId) ?? '/';
+
+        return redirect($redirect);
     }
 
     /**
@@ -62,10 +78,10 @@ class Saml2Controller extends Controller
         $user = $this->samlService->processAcsResponse($requestId);
         if ($user === null) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }
 
         return redirect()->intended();
     }
-
 }