mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-08-07 23:03:00 +03:00
Merge branch 'oidc'
This commit is contained in:
Dan Brown
@@ -43,7 +43,8 @@ class LoginController extends Controller
|
||||
public function __construct(SocialAuthService $socialAuthService, LoginService $loginService)
|
||||
{
|
||||
$this->middleware('guest', ['only' => ['getLogin', 'login']]);
|
||||
$this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]);
|
||||
$this->middleware('guard:standard,ldap', ['only' => ['login']]);
|
||||
$this->middleware('guard:standard,ldap,oidc', ['only' => ['logout']]);
|
||||
|
||||
$this->socialAuthService = $socialAuthService;
|
||||
$this->loginService = $loginService;
|
||||
|
||||
51
app/Http/Controllers/Auth/OidcController.php
Normal file
51
app/Http/Controllers/Auth/OidcController.php
Normal file
@@ -0,0 +1,51 @@
|
||||
<?php
|
||||
|
||||
namespace BookStack\Http\Controllers\Auth;
|
||||
|
||||
use BookStack\Auth\Access\Oidc\OidcService;
|
||||
use BookStack\Http\Controllers\Controller;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class OidcController extends Controller
|
||||
{
|
||||
|
||||
protected $oidcService;
|
||||
|
||||
/**
|
||||
* OpenIdController constructor.
|
||||
*/
|
||||
public function __construct(OidcService $oidcService)
|
||||
{
|
||||
$this->oidcService = $oidcService;
|
||||
$this->middleware('guard:oidc');
|
||||
}
|
||||
|
||||
/**
|
||||
* Start the authorization login flow via OIDC.
|
||||
*/
|
||||
public function login()
|
||||
{
|
||||
$loginDetails = $this->oidcService->login();
|
||||
session()->flash('oidc_state', $loginDetails['state']);
|
||||
|
||||
return redirect($loginDetails['url']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Authorization flow redirect callback.
|
||||
* Processes authorization response from the OIDC Authorization Server.
|
||||
*/
|
||||
public function callback(Request $request)
|
||||
{
|
||||
$storedState = session()->pull('oidc_state');
|
||||
$responseState = $request->query('state');
|
||||
|
||||
if ($storedState !== $responseState) {
|
||||
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
|
||||
return redirect('/login');
|
||||
}
|
||||
|
||||
$this->oidcService->processAuthorizeResponse($request->query('code'));
|
||||
return redirect()->intended();
|
||||
}
|
||||
}
|
||||
@@ -84,7 +84,7 @@ class UserController extends Controller
|
||||
if ($authMethod === 'standard' && !$sendInvite) {
|
||||
$validationRules['password'] = 'required|min:6';
|
||||
$validationRules['password-confirm'] = 'required|same:password';
|
||||
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
|
||||
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
|
||||
$validationRules['external_auth_id'] = 'required';
|
||||
}
|
||||
$this->validate($request, $validationRules);
|
||||
@@ -93,7 +93,7 @@ class UserController extends Controller
|
||||
|
||||
if ($authMethod === 'standard') {
|
||||
$user->password = bcrypt($request->get('password', Str::random(32)));
|
||||
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
|
||||
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
|
||||
$user->external_auth_id = $request->get('external_auth_id');
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user