]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 859934d)
Updated SAML ACS post to retain user session 2996/head
authorDan Brown <redacted>
Wed, 20 Oct 2021 12:30:45 +0000 (13:30 +0100)
committerDan Brown <redacted>
Wed, 20 Oct 2021 12:34:00 +0000 (13:34 +0100)
commitcdef1b3ab05123ed2d92047dc949f8e8b1e4aaa0
tree7235993a2f54cd1e69d74149ecbd971de7b01bc1tree | snapshot
parent859934d6a3f9c94298dee1f177b95f192f4a90b7commit | diff
Updated SAML ACS post to retain user session

Session was being lost due to the callback POST request cookies
not being provided due to samesite=lax. This instead adds an additional
hop in the flow to route the request via a GET request so the session is
retained. SAML POST data is stored encrypted in cache via a unique ID
then pulled out straight afterwards, and restored into POST for the SAML
toolkit to validate.

Updated testing to cover.
app/Auth/Access/Saml2Service.php diff | blob | history
app/Http/Controllers/Auth/Saml2Controller.php diff | blob | history
routes/web.php diff | blob | history
tests/Auth/Saml2Test.php diff | blob | history
The core source code for the BookStack project.