1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Zefy\LaravelSSO\Middleware; |
4
|
|
|
|
5
|
|
|
use Closure; |
6
|
|
|
use Illuminate\Http\Request; |
7
|
|
|
use Zefy\LaravelSSO\LaravelSSOBroker; |
8
|
|
|
|
9
|
|
|
class SSOAutoLogin |
10
|
|
|
{ |
11
|
|
|
/** |
12
|
|
|
* Handle an incoming request. |
13
|
|
|
* |
14
|
|
|
* @param \Illuminate\Http\Request $request |
15
|
|
|
* @param \Closure $next |
16
|
|
|
* @return mixed |
17
|
|
|
*/ |
18
|
|
|
public function handle(Request $request, Closure $next) |
19
|
|
|
{ |
20
|
|
|
$broker = new LaravelSSOBroker(); |
21
|
|
|
$response = $broker->getUserInfo(); |
22
|
|
|
|
23
|
|
|
// If client is logged out in SSO server but still logged in broker. |
24
|
|
|
if (!isset($response['data']) && !auth()->guest()) { |
25
|
|
|
return $this->logout($request); |
26
|
|
|
} |
27
|
|
|
|
28
|
|
|
// If there is a problem with data in SSO server, we will re-attach client session. |
29
|
|
|
if (isset($response['error']) && strpos($response['error'], 'There is no saved session data associated with the broker session id') !== false) { |
30
|
|
|
return $this->clearSSOCookie($request); |
31
|
|
|
} |
32
|
|
|
|
33
|
|
|
// If client is logged in SSO server and didn't logged in broker... |
34
|
|
|
if (isset($response['data']) && (auth()->guest() || auth()->user()->id != $response['data']['id'])) { |
35
|
|
|
// ... we will authenticate our client. |
36
|
|
|
auth()->loginUsingId($response['data']['id']); |
37
|
|
|
} |
38
|
|
|
|
39
|
|
|
return $next($request); |
40
|
|
|
} |
41
|
|
|
|
42
|
|
|
/** |
43
|
|
|
* Clearing SSO cookie so broker will re-attach SSO server session. |
44
|
|
|
* |
45
|
|
|
* @param Request $request |
46
|
|
|
* @return \Illuminate\Http\RedirectResponse |
47
|
|
|
*/ |
48
|
|
|
protected function clearSSOCookie(Request $request) |
49
|
|
|
{ |
50
|
|
|
return redirect($request->fullUrl())->cookie(cookie('sso_token_' . config('laravel-sso.brokerName'))); |
51
|
|
|
} |
52
|
|
|
|
53
|
|
|
/** |
54
|
|
|
* Logging out authenticated user. |
55
|
|
|
* Need to make a page refresh because current page may be accessible only for authenticated users. |
56
|
|
|
* |
57
|
|
|
* @param Request $request |
58
|
|
|
* @return \Illuminate\Http\RedirectResponse |
59
|
|
|
*/ |
60
|
|
|
protected function logout(Request $request) |
61
|
|
|
{ |
62
|
|
|
auth()->logout(); |
63
|
|
|
return redirect($request->fullUrl()); |
64
|
|
|
} |
65
|
|
|
} |
66
|
|
|
|