Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid

2025-06-02 23:56:56 +08:00 · 2021-10-06 13:17:30 +01:00
parent f99af807d0 69a47319d5
commit 193d7fb3fe
25 changed files with 940 additions and 34 deletions
--- a/app/Http/Controllers/Auth/OpenIdController.php
+++ b/app/Http/Controllers/Auth/OpenIdController.php
@ -0,0 +1,70 @@
+<?php
+
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Auth\Access\OpenIdService;
+use BookStack\Http\Controllers\Controller;
+
+class OpenIdController extends Controller
+{
+
+    protected $openidService;
+
+    /**
+     * OpenIdController constructor.
+     */
+    public function __construct(OpenIdService $openidService)
+    {
+        parent::__construct();
+        $this->openidService = $openidService;
+        $this->middleware('guard:openid');
+    }
+
+    /**
+     * Start the authorization login flow via OpenId Connect.
+     */
+    public function login()
+    {
+        $loginDetails = $this->openidService->login();
+        session()->flash('openid_state', $loginDetails['state']);
+
+        return redirect($loginDetails['url']);
+    }
+
+    /**
+     * Start the logout flow via OpenId Connect.
+     */
+    public function logout()
+    {
+        $logoutDetails = $this->openidService->logout();
+
+        if ($logoutDetails['id']) {
+            session()->flash('saml2_logout_request_id', $logoutDetails['id']);
+        }
+
+        return redirect($logoutDetails['url']);
+    }
+
+    /**
+     * Authorization flow Redirect.
+     * Processes authorization response from the OpenId Connect Authorization Server.
+     */
+    public function redirect()
+    {
+        $storedState = session()->pull('openid_state');
+        $responseState = request()->query('state');
+
+        if ($storedState !== $responseState) {
+            $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
+            return redirect('/login');
+        }
+
+        $user = $this->openidService->processAuthorizeResponse(request()->query('code'));
+        if ($user === null) {
+            $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
+            return redirect('/login');
+        }
+
+        return redirect()->intended();
+    }
+}
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -84,7 +84,7 @@ class UserController extends Controller
        if ($authMethod === 'standard' && !$sendInvite) {
            $validationRules['password'] = 'required|min:6';
            $validationRules['password-confirm'] = 'required|same:password';
-        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
            $validationRules['external_auth_id'] = 'required';
        }
        $this->validate($request, $validationRules);
@ -93,7 +93,7 @@ class UserController extends Controller

        if ($authMethod === 'standard') {
            $user->password = bcrypt($request->get('password', Str::random(32)));
-        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
            $user->external_auth_id = $request->get('external_auth_id');
        }