BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/OpenIdController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\OpenIdService;
   6 use BookStack\Http\Controllers\Controller;
   7
   8 class OpenIdController extends Controller
   9 {
  10
  11     protected $openidService;
  12
  13     /**
  14      * OpenIdController constructor.
  15      */
  16     public function __construct(OpenIdService $openidService)
  17     {
  18         parent::__construct();
  19         $this->openidService = $openidService;
  20         $this->middleware('guard:openid');
  21     }
  22
  23     /**
  24      * Start the authorization login flow via OpenId Connect.
  25      */
  26     public function login()
  27     {
  28         $loginDetails = $this->openidService->login();
  29         session()->flash('openid_state', $loginDetails['state']);
  30
  31         return redirect($loginDetails['url']);
  32     }
  33
  34     /**
  35      * Start the logout flow via OpenId Connect.
  36      */
  37     public function logout()
  38     {
  39         $logoutDetails = $this->openidService->logout();
  40
  41         if ($logoutDetails['id']) {
  42             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
  43         }
  44
  45         return redirect($logoutDetails['url']);
  46     }
  47
  48     /**
  49      * Authorization flow Redirect.
  50      * Processes authorization response from the OpenId Connect Authorization Server.
  51      */
  52     public function redirect()
  53     {
  54         $storedState = session()->pull('openid_state');
  55         $responseState = request()->query('state');
  56
  57         if ($storedState !== $responseState) {
  58             $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
  59             return redirect('/login');
  60         }
  61
  62         $user = $this->openidService->processAuthorizeResponse(request()->query('code'));
  63         if ($user === null) {
  64             $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
  65             return redirect('/login');
  66         }
  67
  68         return redirect()->intended();
  69     }
  70 }