CM6: Further fixes/improvements after testing

[bookstack] / app / Http / Controllers / Auth / Saml2Controller.php

diff --git a/app/Http/Controllers/Auth/Saml2Controller.php b/app/Http/Controllers/Auth/Saml2Controller.php
index 6a9071f9801331146436189b9c9b8400dc2fea9d..b3f8e76015bd1b990f79efedeef99c244277d0b0 100644 (file)
--- a/app/Http/Controllers/Auth/Saml2Controller.php
+++ b/app/Http/Controllers/Auth/Saml2Controller.php
@@ -5,12 +5,11 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Auth\Access\Saml2Service;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Cache;
-use Str;
+use Illuminate\Support\Str;
 
 class Saml2Controller extends Controller
 {
-    protected $samlService;
+    protected Saml2Service $samlService;
 
     /**
      * Saml2Controller constructor.
@@ -37,7 +36,7 @@ class Saml2Controller extends Controller
      */
     public function logout()
     {
-        $logoutDetails = $this->samlService->logout();
+        $logoutDetails = $this->samlService->logout(auth()->user());
 
         if ($logoutDetails['id']) {
             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
@@ -79,15 +78,11 @@ class Saml2Controller extends Controller
      */
     public function startAcs(Request $request)
     {
-        // Note: This is a bit of a hack to prevent a session being stored
-        // on the response of this request. Within Laravel7+ this could instead
-        // be done via removing the StartSession middleware from the route.
-        config()->set('session.driver', 'array');
-
         $samlResponse = $request->get('SAMLResponse', null);
 
         if (empty($samlResponse)) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }
 
@@ -108,19 +103,23 @@ class Saml2Controller extends Controller
         $acsId = $request->get('id', null);
         $cacheKey = 'saml2_acs:' . $acsId;
         $samlResponse = null;
+
         try {
             $samlResponse = decrypt(cache()->pull($cacheKey));
-        } catch (\Exception $exception) {}
-        $requestId = session()->pull('saml2_request_id', 'unset');
+        } catch (\Exception $exception) {
+        }
+        $requestId = session()->pull('saml2_request_id', null);
 
         if (empty($acsId) || empty($samlResponse)) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }
 
         $user = $this->samlService->processAcsResponse($requestId, $samlResponse);
         if (is_null($user)) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }