*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see
'.implode(', ', $errors).'
'); } if (!$auth->isAuthenticated()) { echo "Not authenticated
"; exit(); } // Check whether the user actually exists, if not redirect to an error page // explaining the issue. $uidMapping = \OC::$server->getConfig()->getAppValue('user_saml', 'general-uid_mapping', ''); if(isset($auth->getAttributes()[$uidMapping])) { $uid = $auth->getAttributes()[$uidMapping][0]; $userExists = \OC::$server->getUserManager()->userExists($uid); if(!$userExists && !$this->userBackend->autoprovisionAllowed()) { return new Http\RedirectResponse(\OC::$server->getURLGenerator()->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); } elseif(!$userExists && $this->userBackend->autoprovisionAllowed()) { $this->userBackend->createUserIfNotExists($uid); } } $this->session->set('user_saml.samlUserData', $auth->getAttributes()); $this->session->set('user_saml.samlNameId', $auth->getNameId()); $this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex()); $this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration()); $response = new Http\RedirectResponse(\OC::$server->getURLGenerator()->getAbsoluteURL('/')); // The Nextcloud desktop client expects a cookie with the key of "_shibsession" // to be there. if($this->request->isUserAgent(['/^.*(mirall|csyncoC)\/.*$/'])) { $response->addCookie('_shibsession_', 'authenticated'); } return $response; } /** * @NoAdminRequired */ public function singleLogoutService() { $auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray()); $returnTo = null; $parameters = array(); $nameId = $this->session->get('user_saml.samlNameId'); $sessionIndex = $this->session->get('user_saml.samlSessionIndex'); $this->userSession->logout(); $auth->logout($returnTo, $parameters, $nameId, $sessionIndex); } /** * @PublicPage * @NoCSRFRequired * @OnlyUnauthenticatedUsers */ public function notProvisioned() { return new Http\TemplateResponse($this->appName, 'notProvisioned', [], 'guest'); } }