forked from silverstripe/silverstripe-saml
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSAMLSecurityExtension.php
62 lines (56 loc) · 2.01 KB
/
SAMLSecurityExtension.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
namespace SilverStripe\SAML\Authenticators;
use SilverStripe\Control\Session;
use SilverStripe\Core\Extension;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Security\Authenticator;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
/**
* Class SAMLSecurityExtension
*
* Extensions to the {@link Security} controller to support {@link SAMLAuthenticator}
*/
class SAMLSecurityExtension extends Extension
{
/**
* Will redirect the user directly to the IdP login endpoint if:
*
* 1) There isn't a GET param showloginform set to 1
* 2) the member is not currently logged in
* 3) there are no form messages (errors or notices)
*
* @return void
*/
public function onBeforeSecurityLogin()
{
// by going to the URL Security/login?showloginform=1 we bypass the auto sign on
if ($this->owner->request->getVar('showloginform') == 1) {
return;
}
// if member is already logged in, don't auto-sign-on, this is most likely because
// of insufficient permissions.
$member = Security::getCurrentUser();
if ($member && $member->exists()) {
return;
}
$session = $this->owner->getRequest()->getSession();
// if there are form messages, don't auto-sign-on, this is most likely because of
// login errors / failures or other notices.
if ($session->get('FormInfo')) {
// since FormInfo can be a "nulled" array, we have to check
foreach ($session->get('FormInfo') as $form => $info) {
foreach ($info as $name => $value) {
if ($value !== null) {
return;
}
}
}
}
$backURL = $session->get('BackURL');
if ($this->owner->request->getVar('BackURL')) {
$backURL = $this->owner->request->getVar('BackURL');
}
$this->owner->getRequest()->getSession()->set('BackURL', $backURL);
}
}