Merge branch 'oidc'

2025-07-30 04:23:11 +03:00 · 2021-10-16 15:50:50 +01:00
parent 5ba964b677 855409bc4f
commit 263384cf99
39 changed files with 2068 additions and 72 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -43,7 +43,8 @@ class LoginController extends Controller
    public function __construct(SocialAuthService $socialAuthService, LoginService $loginService)
    {
        $this->middleware('guest', ['only' => ['getLogin', 'login']]);
-        $this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]);
+        $this->middleware('guard:standard,ldap', ['only' => ['login']]);
+        $this->middleware('guard:standard,ldap,oidc', ['only' => ['logout']]);

        $this->socialAuthService = $socialAuthService;
        $this->loginService = $loginService;
--- a/app/Http/Controllers/Auth/OidcController.php
+++ b/app/Http/Controllers/Auth/OidcController.php
@ -0,0 +1,51 @@
+<?php
+
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Auth\Access\Oidc\OidcService;
+use BookStack\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+
+class OidcController extends Controller
+{
+
+    protected $oidcService;
+
+    /**
+     * OpenIdController constructor.
+     */
+    public function __construct(OidcService $oidcService)
+    {
+        $this->oidcService = $oidcService;
+        $this->middleware('guard:oidc');
+    }
+
+    /**
+     * Start the authorization login flow via OIDC.
+     */
+    public function login()
+    {
+        $loginDetails = $this->oidcService->login();
+        session()->flash('oidc_state', $loginDetails['state']);
+
+        return redirect($loginDetails['url']);
+    }
+
+    /**
+     * Authorization flow redirect callback.
+     * Processes authorization response from the OIDC Authorization Server.
+     */
+    public function callback(Request $request)
+    {
+        $storedState = session()->pull('oidc_state');
+        $responseState = $request->query('state');
+
+        if ($storedState !== $responseState) {
+            $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
+            return redirect('/login');
+        }
+
+        $this->oidcService->processAuthorizeResponse($request->query('code'));
+        return redirect()->intended();
+    }
+}