BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/Saml2Controller.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\Saml2Service;
   6 use BookStack\Http\Controllers\Controller;
   7
   8 class Saml2Controller extends Controller
   9 {
  10
  11     protected $samlService;
  12
  13     /**
  14      * Saml2Controller constructor.
  15      */
  16     public function __construct(Saml2Service $samlService)
  17     {
  18         parent::__construct();
  19         $this->samlService = $samlService;
  20         $this->middleware('guard:saml2');
  21     }
  22
  23     /**
  24      * Start the login flow via SAML2.
  25      */
  26     public function login()
  27     {
  28         $loginDetails = $this->samlService->login();
  29         session()->flash('saml2_request_id', $loginDetails['id']);
  30
  31         return redirect($loginDetails['url']);
  32     }
  33
  34     /**
  35      * Start the logout flow via SAML2.
  36      */
  37     public function logout()
  38     {
  39         $logoutDetails = $this->samlService->logout();
  40
  41         if ($logoutDetails['id']) {
  42             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
  43         }
  44
  45         return redirect($logoutDetails['url']);
  46     }
  47
  48     /*
  49      * Get the metadata for this SAML2 service provider.
  50      */
  51     public function metadata()
  52     {
  53         $metaData = $this->samlService->metadata();
  54         return response()->make($metaData, 200, [
  55             'Content-Type' => 'text/xml'
  56         ]);
  57     }
  58
  59     /**
  60      * Single logout service.
  61      * Handle logout requests and responses.
  62      */
  63     public function sls()
  64     {
  65         $requestId = session()->pull('saml2_logout_request_id', null);
  66         $redirect = $this->samlService->processSlsResponse($requestId) ?? '/';
  67         return redirect($redirect);
  68     }
  69
  70     /**
  71      * Assertion Consumer Service.
  72      * Processes the SAML response from the IDP.
  73      */
  74     public function acs()
  75     {
  76         $requestId = session()->pull('saml2_request_id', null);
  77
  78         $user = $this->samlService->processAcsResponse($requestId);
  79         if ($user === null) {
  80             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
  81             return redirect('/login');
  82         }
  83
  84         return redirect()->intended();
  85     }
  86
  87 }