Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid

2025-07-28 17:02:04 +03:00 · 2021-10-06 13:17:30 +01:00
parent f99af807d0 69a47319d5
commit 193d7fb3fe
25 changed files with 940 additions and 34 deletions
--- a/app/Http/Controllers/Auth/OpenIdController.php
+++ b/app/Http/Controllers/Auth/OpenIdController.php
@ -0,0 +1,70 @@
+<?php
+
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Auth\Access\OpenIdService;
+use BookStack\Http\Controllers\Controller;
+
+class OpenIdController extends Controller
+{
+
+    protected $openidService;
+
+    /**
+     * OpenIdController constructor.
+     */
+    public function __construct(OpenIdService $openidService)
+    {
+        parent::__construct();
+        $this->openidService = $openidService;
+        $this->middleware('guard:openid');
+    }
+
+    /**
+     * Start the authorization login flow via OpenId Connect.
+     */
+    public function login()
+    {
+        $loginDetails = $this->openidService->login();
+        session()->flash('openid_state', $loginDetails['state']);
+
+        return redirect($loginDetails['url']);
+    }
+
+    /**
+     * Start the logout flow via OpenId Connect.
+     */
+    public function logout()
+    {
+        $logoutDetails = $this->openidService->logout();
+
+        if ($logoutDetails['id']) {
+            session()->flash('saml2_logout_request_id', $logoutDetails['id']);
+        }
+
+        return redirect($logoutDetails['url']);
+    }
+
+    /**
+     * Authorization flow Redirect.
+     * Processes authorization response from the OpenId Connect Authorization Server.
+     */
+    public function redirect()
+    {
+        $storedState = session()->pull('openid_state');
+        $responseState = request()->query('state');
+
+        if ($storedState !== $responseState) {
+            $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
+            return redirect('/login');
+        }
+
+        $user = $this->openidService->processAuthorizeResponse(request()->query('code'));
+        if ($user === null) {
+            $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
+            return redirect('/login');
+        }
+
+        return redirect()->intended();
+    }
+}