Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/user_saml.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2016-06-29 11:51:07 +0300
committerLukas Reschke <lukas@owncloud.com>2016-06-29 11:51:07 +0300
commit0e6602802502ce3889a00ad12c331ed5a9d506f7 (patch)
treeb0aa781e5948e7a5292b51e93a16d06bc04d8e9e /lib
parent99bbde20dc9926519ee3492be2edc060b9824133 (diff)
Add CSRF token and track AuthnRequestID
Fixes https://github.com/nextcloud/user_saml/issues/11
Diffstat (limited to 'lib')
-rw-r--r--lib/controller/samlcontroller.php13
-rw-r--r--lib/userbackend.php2
2 files changed, 11 insertions, 4 deletions
diff --git a/lib/controller/samlcontroller.php b/lib/controller/samlcontroller.php
index 57fecce2..812da871 100644
--- a/lib/controller/samlcontroller.php
+++ b/lib/controller/samlcontroller.php
@@ -56,11 +56,14 @@ class SAMLController extends Controller {
/**
* @PublicPage
- * @NoCSRFRequired
+ * @UseSession
*/
public function login() {
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
$auth->login(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
+ $ssoUrl = $auth->login(null, array(), false, false, true);
+ $this->session->set('user_saml.AuthNRequestID', $auth->getLastRequestID());
+ return new Http\RedirectResponse($ssoUrl);
}
/**
@@ -87,8 +90,13 @@ class SAMLController extends Controller {
* @UseSession
*/
public function assertionConsumerService() {
+ $AuthNRequestID = $this->session->get('AuthNRequestID');
+ if(is_null($AuthNRequestID) || $AuthNRequestID === '') {
+ return;
+ }
+
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
- $auth->processResponse(null);
+ $auth->processResponse($this->session->get('AuthNRequestID'));
$errors = $auth->getErrors();
@@ -111,7 +119,6 @@ class SAMLController extends Controller {
/**
* @PublicPage
- * @NoCSRFRequired
*/
public function singleLogoutService() {
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
diff --git a/lib/userbackend.php b/lib/userbackend.php
index 0679d788..b248ebd0 100644
--- a/lib/userbackend.php
+++ b/lib/userbackend.php
@@ -155,7 +155,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
*/
public function getLogoutAttribute() {
// FIXME: Detect if SLO is configured
- return 'href="'.$this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService').'"';
+ return 'href="'.$this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService').'?requesttoken='.urlencode(\OC::$server->getCsrfTokenManager()->getToken()->getEncryptedValue()).'"';
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-24 11:38:22 +0300