BookStack Code Mirror - bookstack/blob - app/Access/Controllers/OidcController.php

   1 <?php
   2
   3 namespace BookStack\Access\Controllers;
   4
   5 use BookStack\Access\Oidc\OidcException;
   6 use BookStack\Access\Oidc\OidcService;
   7 use BookStack\Http\Controller;
   8 use Illuminate\Http\Request;
   9
  10 class OidcController extends Controller
  11 {
  12     protected OidcService $oidcService;
  13
  14     /**
  15      * OpenIdController constructor.
  16      */
  17     public function __construct(OidcService $oidcService)
  18     {
  19         $this->oidcService = $oidcService;
  20         $this->middleware('guard:oidc');
  21     }
  22
  23     /**
  24      * Start the authorization login flow via OIDC.
  25      */
  26     public function login()
  27     {
  28         try {
  29             $loginDetails = $this->oidcService->login();
  30         } catch (OidcException $exception) {
  31             $this->showErrorNotification($exception->getMessage());
  32
  33             return redirect('/login');
  34         }
  35
  36         session()->flash('oidc_state', $loginDetails['state']);
  37
  38         return redirect($loginDetails['url']);
  39     }
  40
  41     /**
  42      * Authorization flow redirect callback.
  43      * Processes authorization response from the OIDC Authorization Server.
  44      */
  45     public function callback(Request $request)
  46     {
  47         $storedState = session()->pull('oidc_state');
  48         $responseState = $request->query('state');
  49
  50         if ($storedState !== $responseState) {
  51             $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
  52
  53             return redirect('/login');
  54         }
  55
  56         try {
  57             $this->oidcService->processAuthorizeResponse($request->query('code'));
  58         } catch (OidcException $oidcException) {
  59             $this->showErrorNotification($oidcException->getMessage());
  60
  61             return redirect('/login');
  62         }
  63
  64         return redirect()->intended();
  65     }
  66
  67     /**
  68      * OIDC Logout Feature: Start the authorization logout flow via OIDC.
  69      */
  70     public function logout()
  71     {
  72         try {
  73             return $this->oidcService->logout();
  74         } catch (OidcException $exception) {
  75             $this->showErrorNotification($exception->getMessage());
  76             return redirect('/logout');
  77         }
  78     }
  79
  80 }