NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-05-02 09:14:50 +02:00
Code Issues Projects Releases Wiki Activity

Handle redirect in PHP and not in JS

Browse source 
Since Nextcloud 10 we have a proper login endpoint that we can match on
This commit is contained in:
Lukas Reschke 2016-09-26 21:40:59 +02:00
parent 57af6687da
commit 547bc665b1
No known key found for this signature in database
GPG key ID: B9F6980CF6E759B1
2 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
appinfo/app.php
View file

@ -24,6 +24,7 @@ require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
$urlGenerator = \OC::$server->getURLGenerator();
$config = \OC::$server->getConfig();
$request = \OC::$server->getRequest();
$userSession = \OC::$server->getUserSession();
$samlSettings = new \OCA\User_SAML\SAMLSettings(
$urlGenerator,
$config
@ -46,11 +47,12 @@ try {
return;
}
// Since with Nextcloud 9 we don't have an unique entry point this is a little
// bit hacky and won't necessarily detect all situations. So we inject some magic
// Javascript that does the work for us.
if(!OC_User::isLoggedIn()) {
\OCP\Util::addHeader('script', ['src' => $urlGenerator->linkTo('user_saml', 'js/preauth.js')], '');
$redirectSituation = false;
// All requests that are not authenticated and match against the "/login" route are
// redirected to the SAML login endpoint
if(!$userSession->isLoggedIn() && \OC::$server->getRequest()->getPathInfo() === '/login') {
$redirectSituation = true;
}
// If a request to OCS or remote.php is sent by the official desktop clients it can
@ -58,9 +60,13 @@ if(!OC_User::isLoggedIn()) {
// require the usage of application specific passwords there.
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
if(!OC_User::isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
exit();
if(!$userSession->isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
$redirectSituation = true;
}
}
if($redirectSituation === true) {
$csrfToken = \OC::$server->getCsrfTokenManager()->getToken();
header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue()));
exit();
}

4
js/preauth.js
View file

@ -1,4 +0,0 @@
if(typeof OC.Login !== "undefined") {
// Redirect to login page
window.location = OC.generateUrl('/apps/user_saml/saml/login')+'?requesttoken='+encodeURIComponent(OC.requestToken);
}