NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-05-02 09:14:50 +02:00
Code Issues Projects Releases Wiki Activity

Redirect to / if CSRF check does not pass

Browse source 
Some IDPs redirect to the SLS page after pressing the logout link. While this is a questionable behaviour it is unlikely we can change that, so let's work around this by forcing a proper redirect.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-08-30 17:02:11 +02:00
parent 45e52c97c3
commit 082ae7ffd7
No known key found for this signature in database
GPG key ID: B9F6980CF6E759B1
1 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
lib/Controller/SAMLController.php
View file

@ -250,15 +250,24 @@ class SAMLController extends Controller {
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @return Http\RedirectResponse
*/
public function singleLogoutService() {
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
$returnTo = null;
$parameters = array();
$nameId = $this->session->get('user_saml.samlNameId');
$sessionIndex = $this->session->get('user_saml.samlSessionIndex');
$this->userSession->logout();
$auth->logout($returnTo, $parameters, $nameId, $sessionIndex);
if($this->request->passesCSRFCheck()) {
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
$returnTo = null;
$parameters = array();
$nameId = $this->session->get('user_saml.samlNameId');
$sessionIndex = $this->session->get('user_saml.samlSessionIndex');
$this->userSession->logout();
$targetUrl = $auth->logout($returnTo, $parameters, $nameId, $sessionIndex, true);
} else {
$targetUrl = $this->urlGenerator->getAbsoluteURL('/');
}
return new Http\RedirectResponse($targetUrl);
}
/**