// Options: standard, ldap, saml2, oidc
'method' => env('AUTH_METHOD', 'standard'),
+ // Automatically redirect to external login provider if only one provider is being used
+ // instead of displaying a single-button login page and requiring users to click through
+ // Supported methods: saml2, oidc
+ 'auto_redirect' => env('AUTH_AUTO_REDIRECT', false),
+
// Authentication Defaults
// This option controls the default authentication "guard" and password
// reset options for your application.
|
*/
- use AuthenticatesUsers;
+ use AuthenticatesUsers { logout as traitLogout; }
/**
* Redirection paths.
*/
protected $redirectTo = '/';
protected $redirectPath = '/';
- protected $redirectAfterLogout = '/login';
+ protected $redirectAfterLogout = '/';
protected $socialAuthService;
protected $loginService;
$this->loginService = $loginService;
$this->redirectPath = url('/');
- $this->redirectAfterLogout = url('/login');
+ $this->redirectAfterLogout = url(config('auth.auto_redirect') ? '/login?logout=1' : '/');
}
public function username()
{
$socialDrivers = $this->socialAuthService->getActiveDrivers();
$authMethod = config('auth.method');
+ $autoRedirect = config('auth.auto_redirect');
if ($request->has('email')) {
session()->flashInput([
// Store the previous location for redirect after login
$this->updateIntendedFromPrevious();
+ if ($autoRedirect && !($request->has('logout') && $request->get('logout') == '1') && count($socialDrivers) == 0 && in_array($authMethod, ['oidc', 'saml2'])) {
+ return view('auth.login-redirect', [
+ 'authMethod' => $authMethod,
+ ]);
+ }
+
return view('auth.login', [
'socialDrivers' => $socialDrivers,
'authMethod' => $authMethod,
redirect()->setIntendedUrl($previous);
}
+
+ /**
+ * Logout user and perform subsequent redirect.
+ *
+ * @param \Illuminate\Http\Request $request
+ *
+ * @return mixed
+ */
+ public function logout(Request $request)
+ {
+ $this->traitLogout($request);
+
+ return redirect($this->redirectAfterLogout);
+ }
}
--- /dev/null
+<!DOCTYPE html>
+<html lang="{{ config('app.lang') }}"
+ dir="{{ config('app.rtl') ? 'rtl' : 'ltr' }}">
+<head>
+ <meta charset="utf-8">
+</head>
+<body>
+ <div id="loginredirect-wrapper" style="display:none">
+ @include('auth.parts.login-form-' . $authMethod)
+ </div>
+
+ <script nonce="{{ $cspNonce }}">
+ window.onload = function(){document.forms['login-form'].submit()};
+ </script>
+</body>
+</html>
config()->set([
'auth.method' => 'oidc',
+ 'auth.auto_redirect' => false,
'auth.defaults.guard' => 'oidc',
'oidc.name' => 'SingleSignOn-Testing',
'oidc.display_name_claims' => ['name'],
$this->assertPermissionError($resp);
}
+ public function test_automatic_redirect_on_login()
+ {
+ config()->set([
+ 'auth.auto_redirect' => true,
+ 'services.google.client_id' => false,
+ 'services.github.client_id' => false,
+ ]);
+ $req = $this->get('/login');
+ $req->assertSeeText('SingleSignOn-Testing');
+ $req->assertElementExists('form[action$="/oidc/login"][method=POST] button');
+ $req->assertElementExists('div#loginredirect-wrapper');
+ }
+
public function test_login()
{
$req = $this->post('/oidc/login');
projects / bookstack / commitdiff