Skip to content
This repository was archived by the owner on Aug 5, 2020. It is now read-only.

feature: ACS route to optionally accept GET and redirect back to login provider #7

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feature: ACS route to optionally accept GET and redirect back to login provider #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
92946b2
testing: acs accept GET to redirect when CF Access redirects back
ralphschindler Mar 20, 2020
59a4bc4
general cleanup, added configuration entry
ralphschindler Apr 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"authors": [
{
"name": "Ralph Schindler",
"email": "ralph_schindler@ziffdavis.com"
"email": "ralph.schindler@ziffmedia.com"
}
],
"require": {
Expand Down
9 changes: 8 additions & 1 deletion config/onelogin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,14 @@
* handler will attempt to redirect to /auth, which the laravel-onelogin package can now handle for you.
*/
'autologin' => false,
]
],

/**
* In certain circumstances (such as using cloudflare edge auth), the initial ACS POST request is
* inadvertantly turned into a GET request to the ACS route. Enabling this will make sure that GET
* requests are also redirected back to the onelogin SAML flow
*/
'enable_acs_redirect_for_get' => false,
],

/**
Expand Down
6 changes: 0 additions & 6 deletions src/Controllers/LocalController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,8 @@
namespace ZiffDavis\Laravel\Onelogin\Controllers;

use Illuminate\Auth\AuthManager;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller;
use Illuminate\Support\Facades\Event;
use OneLogin\Saml2\Auth;
use OneLogin\Saml2\Error;
use ZiffDavis\Laravel\Onelogin\Events\OneloginLoginEvent;
use ZiffDavis\Laravel\User\Auth\OneLoginEloquentUserProvider;

class LocalController extends Controller
{
Expand Down
13 changes: 12 additions & 1 deletion src/Controllers/OneloginController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
use OneLogin\Saml2\ValidationError;
use ZiffDavis\Laravel\Onelogin\Events\OneloginLoginEvent;

class OneLoginController extends Controller
class OneloginController extends Controller
{
use HasRedirector;

Expand Down Expand Up @@ -70,6 +70,17 @@ public function login(Request $request)

public function acs(Request $request, AuthManager $auth)
{
/**
* Support GET requests only when configured to respond, in those cases redirect to onelogin
*/
if ($request->isMethod('GET')) {
abort_if(!config('onelogin.routing.enable_acs_redirect_for_get', false), 405);

return redirect(
$this->oneLogin->login($this->getRedirectUrl($request), [], false, false, true)
);
}

try {
$this->oneLogin->processResponse();
$error = $this->oneLogin->getLastErrorReason();
Expand Down
5 changes: 3 additions & 2 deletions src/Middleware/OneloginCsrfDisablerMiddleware.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,11 @@
use Illuminate\Contracts\Container\Container;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Routing\Router;
use Illuminate\Support\Arr;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicated use statement. Should remove line 5.


class OneloginCsrfDisablerMiddleware
{
/** @var \Illuminate\Routing\Router */
/** @var Router */
protected $router;

protected $container;
Expand All @@ -35,4 +36,4 @@ public function __invoke($request, \Closure $next)

return $next($request);
}
}
}
16 changes: 8 additions & 8 deletions src/OneloginServiceProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,35 @@

namespace ZiffDavis\Laravel\Onelogin;

use Illuminate\Support\Arr;
use Illuminate\Auth\AuthManager;
use Illuminate\Routing\Router;
use Illuminate\Support\Arr;
use Illuminate\Support\ServiceProvider;
use OneLogin\Saml2;

class OneloginServiceProvider extends ServiceProvider
{
protected $defer = false;

public function boot(AuthManager $auth, Router $router)
public function boot(Router $router)
{
$configSourcePath = realpath(__DIR__ . '/../config/onelogin.php');

$router->middlewareGroup('onelogin', [Middleware\OneloginCsrfDisablerMiddleware::class]);

$middlewares = Arr::wrap(config('onelogin.routing.middleware'));

$router->group([
$routeGroupParams = [
'namespace' => 'ZiffDavis\Laravel\Onelogin\Controllers',
'as' => 'onelogin.',
'prefix' => 'onelogin/',
'middleware' => array_merge(['onelogin'], $middlewares),
], function () use ($router) {
];

// @todo implement SSO routes at /logout
$router->group($routeGroupParams, function () use ($router) {
$router->get('/metadata', 'OneloginController@metadata')->name('metadata');
$router->get('/login', 'OneloginController@login')->name('login');
// @todo implement SSO
// $router->get('/logout', 'OneloginController@logout')->name('logout');
$router->post('/acs', 'OneloginController@acs')->name('acs');
$router->match(['get', 'post'], '/acs', 'OneloginController@acs')->name('acs');
});

if (config('onelogin.routing.root_routes.enable')) {
Expand Down