X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/fe07cdaa06d4a922c83c90fd373ca132a6098637..refs/pull/3994/head:/app/Http/Controllers/Auth/Saml2Controller.php

diff --git a/app/Http/Controllers/Auth/Saml2Controller.php b/app/Http/Controllers/Auth/Saml2Controller.php
index 6a9071f98..b3f8e7601 100644
--- a/app/Http/Controllers/Auth/Saml2Controller.php
+++ b/app/Http/Controllers/Auth/Saml2Controller.php
@@ -5,12 +5,11 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Auth\Access\Saml2Service;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Cache;
-use Str;
+use Illuminate\Support\Str;
 
 class Saml2Controller extends Controller
 {
-    protected $samlService;
+    protected Saml2Service $samlService;
 
     /**
      * Saml2Controller constructor.
@@ -37,7 +36,7 @@ class Saml2Controller extends Controller
      */
     public function logout()
     {
-        $logoutDetails = $this->samlService->logout();
+        $logoutDetails = $this->samlService->logout(auth()->user());
 
         if ($logoutDetails['id']) {
             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
@@ -79,15 +78,11 @@ class Saml2Controller extends Controller
      */
     public function startAcs(Request $request)
     {
-        // Note: This is a bit of a hack to prevent a session being stored
-        // on the response of this request. Within Laravel7+ this could instead
-        // be done via removing the StartSession middleware from the route.
-        config()->set('session.driver', 'array');
-
         $samlResponse = $request->get('SAMLResponse', null);
 
         if (empty($samlResponse)) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }
 
@@ -108,19 +103,23 @@ class Saml2Controller extends Controller
         $acsId = $request->get('id', null);
         $cacheKey = 'saml2_acs:' . $acsId;
         $samlResponse = null;
+
         try {
             $samlResponse = decrypt(cache()->pull($cacheKey));
-        } catch (\Exception $exception) {}
-        $requestId = session()->pull('saml2_request_id', 'unset');
+        } catch (\Exception $exception) {
+        }
+        $requestId = session()->pull('saml2_request_id', null);
 
         if (empty($acsId) || empty($samlResponse)) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }
 
         $user = $this->samlService->processAcsResponse($requestId, $samlResponse);
         if (is_null($user)) {
             $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+
             return redirect('/login');
         }