bba7dcce49
Extracted logout to the login service so the logic can be shared instead of re-implemented at each stage. For this, the SocialAuthService was split so the driver management is in its own class, so it can be used elsewhere without use (or circular dependencies) of the SocialAuthService. During review of #4467
71 lines
1.8 KiB
PHP
71 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Access\Controllers;
|
|
|
|
use BookStack\Access\Oidc\OidcException;
|
|
use BookStack\Access\Oidc\OidcService;
|
|
use BookStack\Http\Controller;
|
|
use Illuminate\Http\Request;
|
|
|
|
class OidcController extends Controller
|
|
{
|
|
protected OidcService $oidcService;
|
|
|
|
public function __construct(OidcService $oidcService)
|
|
{
|
|
$this->oidcService = $oidcService;
|
|
$this->middleware('guard:oidc');
|
|
}
|
|
|
|
/**
|
|
* Start the authorization login flow via OIDC.
|
|
*/
|
|
public function login()
|
|
{
|
|
try {
|
|
$loginDetails = $this->oidcService->login();
|
|
} catch (OidcException $exception) {
|
|
$this->showErrorNotification($exception->getMessage());
|
|
|
|
return redirect('/login');
|
|
}
|
|
|
|
session()->flash('oidc_state', $loginDetails['state']);
|
|
|
|
return redirect($loginDetails['url']);
|
|
}
|
|
|
|
/**
|
|
* Authorization flow redirect callback.
|
|
* Processes authorization response from the OIDC Authorization Server.
|
|
*/
|
|
public function callback(Request $request)
|
|
{
|
|
$storedState = session()->pull('oidc_state');
|
|
$responseState = $request->query('state');
|
|
|
|
if ($storedState !== $responseState) {
|
|
$this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
|
|
|
|
return redirect('/login');
|
|
}
|
|
|
|
try {
|
|
$this->oidcService->processAuthorizeResponse($request->query('code'));
|
|
} catch (OidcException $oidcException) {
|
|
$this->showErrorNotification($oidcException->getMessage());
|
|
|
|
return redirect('/login');
|
|
}
|
|
|
|
return redirect()->intended();
|
|
}
|
|
|
|
/**
|
|
* Log the user out then start the OIDC RP-initiated logout process.
|
|
*/
|
|
public function logout()
|
|
{
|
|
return redirect($this->oidcService->logout());
|
|
}
|
|
}
|