mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-04 01:53:42 +02:00
Make compatible with desktop clients
The cookie "_SHIBSESSION_" is expected. Fixes https://github.com/nextcloud/user_saml/issues/9
This commit is contained in:
parent
943797c329
commit
03646e6159
|
@ -25,6 +25,7 @@ require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
|
||||||
|
|
||||||
$urlGenerator = \OC::$server->getURLGenerator();
|
$urlGenerator = \OC::$server->getURLGenerator();
|
||||||
$config = \OC::$server->getConfig();
|
$config = \OC::$server->getConfig();
|
||||||
|
$request = \OC::$server->getRequest();
|
||||||
$samlSettings = new \OCA\User_SAML\SAMLSettings(
|
$samlSettings = new \OCA\User_SAML\SAMLSettings(
|
||||||
$urlGenerator,
|
$urlGenerator,
|
||||||
$config
|
$config
|
||||||
|
@ -45,10 +46,20 @@ OC_User::useBackend($userBackend);
|
||||||
OC_User::handleApacheAuth();
|
OC_User::handleApacheAuth();
|
||||||
|
|
||||||
// Redirect all requests to the login page to the SAML login
|
// Redirect all requests to the login page to the SAML login
|
||||||
$currentUrl = substr(explode('?', \OC::$server->getRequest()->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
|
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
|
||||||
if($currentUrl === '/index.php/login' && !OC_User::isLoggedIn()) {
|
if($currentUrl === '/index.php/login' && !OC_User::isLoggedIn()) {
|
||||||
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
|
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
|
||||||
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
|
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If a request to OCS or remote.php is sent by the official desktop clients it can
|
||||||
|
// be intercepted as it supports SAML. All other clients don't yet and thus we
|
||||||
|
// require the usage of application specific passwords there.
|
||||||
|
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
|
||||||
|
if(!OC_User::isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
|
||||||
|
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
|
||||||
|
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -108,12 +108,19 @@ class SAMLController extends Controller {
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$this->session->set('user_saml.samlUserData', $auth->getAttributes());
|
$this->session->set('user_saml.samlUserData', $auth->getAttributes());
|
||||||
$this->session->set('user_saml.samlNameId', $auth->getNameId());
|
$this->session->set('user_saml.samlNameId', $auth->getNameId());
|
||||||
$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
|
$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
|
||||||
$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
|
$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
|
||||||
|
|
||||||
return new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
|
$response = new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
|
||||||
|
// The Nextcloud desktop client expects a cookie with the key of "_shibsession"
|
||||||
|
// to be there.
|
||||||
|
if($this->request->isUserAgent(['/^.*(mirall|csyncoC)\/.*$/'])) {
|
||||||
|
$response->addCookie('_shibsession_', 'authenticated');
|
||||||
|
}
|
||||||
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue