diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-26 22:40:59 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-09-26 23:07:57 +0300 |
| commit | 547bc665b15e68dd56b22961863699ae72b656e0 (patch) | |
| tree | 94981694663fb5e883572b3b3cfc902b3bff2a05 /appinfo | |
| parent | 57af6687daf80fa0349967f5c5e0e6f4dbfd4fb7 (diff) | |
Handle redirect in PHP and not in JS
Since Nextcloud 10 we have a proper login endpoint that we can match on
Diffstat (limited to 'appinfo')
| -rw-r--r-- | appinfo/app.php | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/appinfo/app.php b/appinfo/app.php index bde5eab2..8d5c188c 100644 --- a/appinfo/app.php +++ b/appinfo/app.php @@ -24,6 +24,7 @@ require_once __DIR__ . '/../3rdparty/vendor/autoload.php'; $urlGenerator = \OC::$server->getURLGenerator(); $config = \OC::$server->getConfig(); $request = \OC::$server->getRequest(); +$userSession = \OC::$server->getUserSession(); $samlSettings = new \OCA\User_SAML\SAMLSettings( $urlGenerator, $config @@ -46,11 +47,12 @@ try { return; } -// Since with Nextcloud 9 we don't have an unique entry point this is a little -// bit hacky and won't necessarily detect all situations. So we inject some magic -// Javascript that does the work for us. -if(!OC_User::isLoggedIn()) { - \OCP\Util::addHeader('script', ['src' => $urlGenerator->linkTo('user_saml', 'js/preauth.js')], ''); +$redirectSituation = false; + +// All requests that are not authenticated and match against the "/login" route are +// redirected to the SAML login endpoint +if(!$userSession->isLoggedIn() && \OC::$server->getRequest()->getPathInfo() === '/login') { + $redirectSituation = true; } // If a request to OCS or remote.php is sent by the official desktop clients it can @@ -58,9 +60,13 @@ if(!OC_User::isLoggedIn()) { // require the usage of application specific passwords there. $currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT)); if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') { - if(!OC_User::isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) { - $csrfToken = \OC::$server->getCsrfTokenManager()->getToken(); - header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue())); - exit(); + if(!$userSession->isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) { + $redirectSituation = true; } } + +if($redirectSituation === true) { + $csrfToken = \OC::$server->getCsrfTokenManager()->getToken(); + header('Location: '.$urlGenerator->linkToRouteAbsolute('user_saml.SAML.login') .'?requesttoken='. urlencode($csrfToken->getEncryptedValue())); + exit(); +} |