webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Continued review of #2169

Browse Source 
- Removed uneeded custom refresh or logout actions for OIDC.
- Restructured how the services and guards are setup for external auth
  systems. SAML2 and OIDC now directly share a lot more logic.
- Renamed any OpenId references to OIDC or OpenIdConnect
- Removed non-required CSRF excemption for OIDC

Not tested, Come to roadblock due to lack of PHP8 support in upstream
dependancies. Certificate was deemed to be non-valid on every test
attempt due to changes in PHP8.
This commit is contained in:
Dan Brown
2021-10-06 23:05:26 +01:00
parent 2ec0aa85ca
commit 41438adbd1
24 changed files with 319 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
app/Http/Controllers/Auth/OpenIdConnectController.php Normal file
View File

@ -0,0 +1,56 @@
<?php
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\OpenIdConnectService;
use BookStack\Http\Controllers\Controller;
use Illuminate\Http\Request;
class OpenIdConnectController extends Controller
{
protected $oidcService;
/**
* OpenIdController constructor.
*/
public function __construct(OpenIdConnectService $oidcService)
{
$this->oidcService = $oidcService;
$this->middleware('guard:oidc');
}
/**
* Start the authorization login flow via OIDC.
*/
public function login()
{
$loginDetails = $this->oidcService->login();
session()->flash('oidc_state', $loginDetails['state']);
return redirect($loginDetails['url']);
}
/**
* Authorization flow redirect.
* Processes authorization response from the OIDC Authorization Server.
*/
public function redirect(Request $request)
{
$storedState = session()->pull('oidc_state');
$responseState = $request->query('state');
if ($storedState !== $responseState) {
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
return redirect('/login');
}
$user = $this->oidcService->processAuthorizeResponse($request->query('code'));
if ($user === null) {
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
return redirect('/login');
}
return redirect()->intended();
}
}

70
app/Http/Controllers/Auth/OpenIdController.php
View File

@ -1,70 +0,0 @@
<?php
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\OpenIdService;
use BookStack\Http\Controllers\Controller;
class OpenIdController extends Controller
{
protected $openidService;
/**
* OpenIdController constructor.
*/
public function __construct(OpenIdService $openidService)
{
parent::__construct();
$this->openidService = $openidService;
$this->middleware('guard:openid');
}
/**
* Start the authorization login flow via OpenId Connect.
*/
public function login()
{
$loginDetails = $this->openidService->login();
session()->flash('openid_state', $loginDetails['state']);
return redirect($loginDetails['url']);
}
/**
* Start the logout flow via OpenId Connect.
*/
public function logout()
{
$logoutDetails = $this->openidService->logout();
if ($logoutDetails['id']) {
session()->flash('saml2_logout_request_id', $logoutDetails['id']);
}
return redirect($logoutDetails['url']);
}
/**
* Authorization flow Redirect.
* Processes authorization response from the OpenId Connect Authorization Server.
*/
public function redirect()
{
$storedState = session()->pull('openid_state');
$responseState = request()->query('state');
if ($storedState !== $responseState) {
$this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
return redirect('/login');
}
$user = $this->openidService->processAuthorizeResponse(request()->query('code'));
if ($user === null) {
$this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
return redirect('/login');
}
return redirect()->intended();
}
}