Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Request: loginRequired => loginRequirements, SsoRequest, SAML

Browse Source
This commit is contained in:
Roman
2024-12-30 10:41:13 +01:00
parent 50cc0fc5be
commit 2861eaa9a9
15 changed files with 316 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
Core/API/SsoAPI.class.php
View File

@@ -41,26 +41,39 @@ namespace Core\API\Sso {
use Core\API\Parameter\StringType;
use Core\API\Parameter\UuidType;
use Core\API\Request;
use Core\Objects\Context;
use Core\API\SsoAPI;
use Core\Objects\DatabaseEntity\Group;
use Core\Objects\DatabaseEntity\SsoProvider;
use Core\Objects\RateLimiting;
use Core\Objects\RateLimitRule;
use Core\Objects\SSO\SAMLResponse;
class GetProviders extends SsoAPI {
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, []);
// TODO: auto-generated method stub
$this->csrfTokenRequired = false;
}
protected function _execute(): bool {
// TODO: auto-generated method stub
return $this->success;
$sql = $this->context->getSQL();
$query = SsoProvider::createBuilder($sql, false);
if (!$this->context->getUser()) {
$query->whereTrue("active");
}
$providers = SsoProvider::findBy($query);
$this->result["providers"] = SsoProvider::toJsonArray($providers);
return true;
}
public static function getDescription(): string {
// TODO: auto generated endpoint description
return "Short description, what users are able to do with this endpoint.";
return "Allows users to get a list of SSO providers. Unauthenticated users will only see active providers.";
}
}
@@ -138,14 +151,13 @@ namespace Core\API\Sso {
"redirect" => new StringType("redirect", StringType::UNLIMITED, true, null)
]);
$this->csrfTokenRequired = false;
$this->loginRequirements = Request::NOT_LOGGED_IN;
$this->rateLimiting = new RateLimiting(
new RateLimitRule(5, 1, RateLimitRule::MINUTE)
);
}
protected function _execute(): bool {
if ($this->context->getUser()) {
return $this->createError("You are already logged in.");
}
$redirectUrl = $this->getParam("redirect");
if (!$this->validateRedirectURL($redirectUrl)) {
return $this->createError("Invalid redirect URL");
@@ -186,24 +198,30 @@ namespace Core\API\Sso {
public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [
"SAMLResponse" => new StringType("SAMLResponse"),
"provider" => new UuidType("provider"),
"redirect" => new StringType("redirect", StringType::UNLIMITED, true, null)
"SAMLResponse" => new StringType("SAMLResponse")
]);
$this->csrfTokenRequired = false;
$this->loginRequirements = Request::NOT_LOGGED_IN;
$this->forbidMethod("GET");
$this->rateLimiting = new RateLimiting(
new RateLimitRule(15, 1, RateLimitRule::MINUTE)
);
}
protected function _execute(): bool {
if ($this->context->getUser()) {
return $this->createError("You are already logged in.");
$samlResponseEncoded = $this->getParam("SAMLResponse");
if (($samlResponse = @gzinflate(base64_decode($samlResponseEncoded))) === false) {
$samlResponse = base64_decode($samlResponseEncoded);
}
$redirectUrl = $this->getParam("redirect");
if (!$this->validateRedirectURL($redirectUrl)) {
return $this->createError("Invalid redirect URL");
$parsedResponse = SAMLResponse::parseResponse($this->context, $samlResponse);
if (!$parsedResponse->wasSuccessful()) {
return $this->createError("Error parsing SAMLResponse: " . $parsedResponse->getError());
} else {
return $this->processLogin($parsedResponse->getUser(), $parsedResponse->getRedirectURL());
}
$sql = $this->context->getSQL();