NB-Public
/
user_saml
mirror of https://github.com/netzbegruenung/user_saml.git
14
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make compatible with desktop clients 

The cookie "_SHIBSESSION_" is expected.

Fixes https://github.com/nextcloud/user_saml/issues/9
This commit is contained in:
Lukas Reschke 2016-06-29 12:06:50 +02:00
parent 943797c329
commit 03646e6159
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
appinfo/app.php
View File

@ -25,6 +25,7 @@ require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
$urlGenerator = \OC::$server->getURLGenerator();
$config = \OC::$server->getConfig();
$request = \OC::$server->getRequest();
$samlSettings = new \OCA\User_SAML\SAMLSettings(
$urlGenerator,
$config
@ -45,10 +46,20 @@ OC_User::useBackend($userBackend);
OC_User::handleApacheAuth();
// Redirect all requests to the login page to the SAML login
$currentUrl = substr(explode('?', \OC::$server->getRequest()->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
if($currentUrl === '/index.php/login' && !OC_User::isLoggedIn()) {
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
exit();
}
// If a request to OCS or remote.php is sent by the official desktop clients it can
// be intercepted as it supports SAML. All other clients don't yet and thus we
// require the usage of application specific passwords there.
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
if(!OC_User::isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
exit();
}
}

9
lib/controller/samlcontroller.php
View File

@ -108,12 +108,19 @@ class SAMLController extends Controller {
exit();
}
$this->session->set('user_saml.samlUserData', $auth->getAttributes());
$this->session->set('user_saml.samlNameId', $auth->getNameId());
$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
return new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
$response = new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
// The Nextcloud desktop client expects a cookie with the key of "_shibsession"
// to be there.
if($this->request->isUserAgent(['/^.*(mirall|csyncoC)\/.*$/'])) {
$response->addCookie('_shibsession_', 'authenticated');
}
return $response;
}
/**