diff options
author | Lukas Reschke <lukas@owncloud.com> | 2016-06-29 11:51:07 +0300 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2016-06-29 11:51:07 +0300 |
commit | 0e6602802502ce3889a00ad12c331ed5a9d506f7 (patch) | |
tree | b0aa781e5948e7a5292b51e93a16d06bc04d8e9e /lib | |
parent | 99bbde20dc9926519ee3492be2edc060b9824133 (diff) |
Add CSRF token and track AuthnRequestID
Fixes https://github.com/nextcloud/user_saml/issues/11
Diffstat (limited to 'lib')
-rw-r--r-- | lib/controller/samlcontroller.php | 13 | ||||
-rw-r--r-- | lib/userbackend.php | 2 |
2 files changed, 11 insertions, 4 deletions
diff --git a/lib/controller/samlcontroller.php b/lib/controller/samlcontroller.php index 57fecce2..812da871 100644 --- a/lib/controller/samlcontroller.php +++ b/lib/controller/samlcontroller.php @@ -56,11 +56,14 @@ class SAMLController extends Controller { /** * @PublicPage - * @NoCSRFRequired + * @UseSession */ public function login() { $auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray()); $auth->login(\OC::$server->getURLGenerator()->getAbsoluteURL('/')); + $ssoUrl = $auth->login(null, array(), false, false, true); + $this->session->set('user_saml.AuthNRequestID', $auth->getLastRequestID()); + return new Http\RedirectResponse($ssoUrl); } /** @@ -87,8 +90,13 @@ class SAMLController extends Controller { * @UseSession */ public function assertionConsumerService() { + $AuthNRequestID = $this->session->get('AuthNRequestID'); + if(is_null($AuthNRequestID) || $AuthNRequestID === '') { + return; + } + $auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray()); - $auth->processResponse(null); + $auth->processResponse($this->session->get('AuthNRequestID')); $errors = $auth->getErrors(); @@ -111,7 +119,6 @@ class SAMLController extends Controller { /** * @PublicPage - * @NoCSRFRequired */ public function singleLogoutService() { $auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray()); diff --git a/lib/userbackend.php b/lib/userbackend.php index 0679d788..b248ebd0 100644 --- a/lib/userbackend.php +++ b/lib/userbackend.php @@ -155,7 +155,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { */ public function getLogoutAttribute() { // FIXME: Detect if SLO is configured - return 'href="'.$this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService').'"'; + return 'href="'.$this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.singleLogoutService').'?requesttoken='.urlencode(\OC::$server->getCsrfTokenManager()->getToken()->getEncryptedValue()).'"'; } /** |