-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathACSController.php
85 lines (75 loc) · 3.05 KB
/
ACSController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
namespace Askvortsov\FlarumSAML\Controllers;
use Askvortsov\FlarumSAML\Controllers\BaseSAMLController;
use Askvortsov\FlarumAuthSync\Models\AuthSyncEvent;
use Carbon\Carbon;
use Flarum\Forum\Auth\Registration;
use OneLogin\Saml2\Constants;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
use Zend\Diactoros\Response\HtmlResponse;
class ACSController extends BaseSAMLController implements RequestHandlerInterface
{
public function handle(Request $request): Response
{
try {
$saml = $this->auth();
} catch (\Exception $e) {
return new HtmlResponse("Invalid SAML Configuration: Check Settings");
}
try {
$saml->processResponse();
} catch (\Exception $e) {
throw $e;
return new HtmlResponse("Could not process response: " . $e->getMessage());
}
if (!empty($saml->getErrors())) {
$errors = implode(', ', $saml->getErrors());
return new HtmlResponse("Could not process response: " . $errors . ": " . $saml->getLastErrorReason());
}
if (!$saml->isAuthenticated()) {
return new HtmlResponse("Authentication Failed");
}
$is_email_auth = $saml->getNameIdFormat() === Constants::NAMEID_EMAIL_ADDRESS;
$attributes = [];
foreach($saml->getAttributes() as $key => $val) {
$attributes[$key] = $val[0];
}
if ($is_email_auth) {
$email = filter_var($saml->getNameId(), FILTER_VALIDATE_EMAIL);
} else {
$email = filter_var($attributes['urn:oid:1.2.840.113549.1.9.1.1'][0], FILTER_VALIDATE_EMAIL);
unset($attributes['urn:oid:1.2.840.113549.1.9.1.1']);
}
$masquerade_attributes = [];
foreach($attributes as $key => $attribute) {
if ($key != "avatar" && $key != "bio" && $key != "groups") {
$masquerade_attributes[] = $attribute[0];
}
}
if ($this->extensions->isEnabled('askvortsov-auth-sync') && $this->settings . get('askvortsov-saml.sync_attributes', '')) {
$event = new AuthSyncEvent();
$event->email=$email;
$event->attributes = json_encode([
"avatar" => $saml->getAttribute('avatar')[0],
"bio" => $saml->getAttribute('bio')[0],
"groups" => explode(",", $saml->getAttribute('groups')[0]),
"masquerade_attributes" => $masquerade_attributes
]);
$event->time = Carbon::now();
$event->save();
}
return $this->response->make(
'saml-sso',
$saml->getNameId(),
function (Registration $registration) use ($saml, $email) {
$registration
->provideTrustedEmail($email)
->provideAvatar($saml->getAttribute('avatar')[0])
->suggestUsername("")
->setPayload([]);
}
);
}
}