MYL- 1149 - Login With SAML (#5)

* helpers to identify session protocol * display the saml radio button on the login page * use 2 columns for the different protocol buttons on the login page * specify the login protocol on login redirect * initiate SP-initiated SAML login when requested * listen for the SAML SignedOut event * handle sign out when on a SAML session
wondeltd · Jul 28, 2024 · a5a38ad · a5a38ad
1 parent dd13524
commit a5a38ad
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 6 deletions.
diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
@@ -11,6 +11,7 @@
 use Illuminate\Support\Facades\Http;
 use Illuminate\Support\Str;
 use Illuminate\View\View;
+use Slides\Saml2\Models\Tenant;
 
 class AuthController extends Controller
 {
@@ -21,8 +22,12 @@ public function loginPage(): View
         return view('auth.login')->with(['isLogoutRedirect' => $isLogoutRedirect]);
     }
 
-    public function redirect()
+    public function redirect(Request $request): RedirectResponse
     {
+        if ($request->get('protocol') === SSOProtocol::SAML->value) {
+            return to_route('saml.login', ['uuid' => Tenant::firstOrFail()->uuid, 'returnTo' => route('dashboard')]);
+        }
+
         $query = http_build_query([
             'client_id' => config('services.mylogin.client_id'),
             'redirect_uri' => config('services.mylogin.redirect_uri'),
@@ -83,10 +88,24 @@ public function logout(Request $request): RedirectResponse
     {
         Auth::guard('web')->logout();
 
+        if ($this->isSamlSession()) {
+            return to_route('saml.logout', Tenant::firstOrFail()->uuid);
+        }
+
         $request->session()->invalidate();
 
         $request->session()->regenerateToken();
 
         return redirect()->away(config('services.mylogin.url').'/oauth/logout?client_id='.config('services.mylogin.client_id'));
     }
+
+    private function isSamlSession(): bool
+    {
+        return session()->get('last_login_protocol') === SSOProtocol::SAML->value;
+    }
+
+    private function isOauthSession(): bool
+    {
+        return session()->get('last_login_protocol') === SSOProtocol::OAuth->value;
+    }
 }
diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php
@@ -8,10 +8,13 @@
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Str;
 use Slides\Saml2\Events\SignedIn;
+use Slides\Saml2\Events\SignedOut;
 
 class EventServiceProvider extends ServiceProvider
 {
@@ -47,6 +50,11 @@ public function boot(): void
 
             session()->replace(['last_login_protocol' => SSOProtocol::SAML->value]);
         });
+
+        Event::listen('Slides\Saml2\Events\SignedOut', function (SignedOut $event) {
+            Auth::logout();
+            Session::save();
+        });
     }
 
     /**

diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php
@@ -2,13 +2,13 @@
     <div class="text-center p-4" x-data="{ protocol: 'oauth' }" >
 
         <div class="grid w-full place-items-center pb-6">
-            <div class="grid grid-cols-1 gap-2 rounded-xl bg-gray-200 p-2">
+            <div class="grid grid-cols-2 gap-2 rounded-xl bg-gray-200 p-2">
                 <div>
                     <input type="radio" name="option" id="oauth" value="oauth" class="peer hidden" x-model="protocol" />
                     <label for="oauth" class="block cursor-pointer select-none rounded-xl p-2 text-center peer-checked:bg-mylogin-green-dark peer-checked:font-bold peer-checked:text-white">OAuth</label>
                 </div>
 
-                <div class="hidden">
+                <div>
                     <input type="radio" name="option" id="saml" value="saml" class="peer hidden" x-model="protocol" checked />
                     <label for="saml" class="block cursor-pointer select-none rounded-xl p-2 text-center peer-checked:bg-mylogin-green-dark peer-checked:font-bold peer-checked:text-white">SAML</label>
                 </div>
@@ -25,9 +25,7 @@
     <script>
         async function submitProtocol(protocol)
         {
-            if (protocol === 'oauth') {
-                window.location.href = "/redirect";
-            }
+            window.location.href = "/redirect?protocol=" + protocol;
         }
     </script>
 </x-guest-layout>