Inicio Explorar Axuda
Iniciar sesión
LBP
/
Organizr
réplica de https://github.com/causefx/Organizr.git
4
0
Fork 0
Ficheiros Incidencias 0 Wiki
Rama: v2-master
Ramas Etiquetas
Organizr
/
api
/
v2
/
routes
/
oidc.php

oidc.php 3.3 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * OIDC Authentication Routes
    4. 

  4.  */
    5. 

  5. 

  6. // Ensure PHP sessions are started for OIDC state management
    7. 

  7. if (session_status() === PHP_SESSION_NONE) {
    8. 

  8. 	// Configure session cookies for cross-site requests (OIDC redirect flow)
    9. 

  9. 	session_set_cookie_params([
    10. 

  10. 		'lifetime' => 600, // 10 minutes for OIDC flow
    11. 

  11. 		'path' => '/',
    12. 

  12. 		'secure' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
    13. 

  13. 		'httponly' => true,
    14. 

  14. 		'samesite' => 'Lax' // Lax allows the session cookie to be sent on top-level navigations
    15. 

  15. 	]);
    16. 

  16. 	session_start();
    17. 

  17. }
    18. 

  18. 

  19. /**
    20. 

  20.  * Get enabled OIDC providers (public endpoint)
    21. 

  21.  */
    22. 

  22. $app->get('/oidc/providers', function ($request, $response, $args) {
    23. 

  23. 	$Organizr = ($request->getAttribute('Organizr')) ?? new Organizr();
    24. 

  24. 	$providers = $Organizr->getEnabledOIDCProviders();
    25. 

  25. 	$result = [];
    26. 

  26. 	foreach ($providers as $provider => $config) {
    27. 

  27. 		$result[$provider] = [
    28. 

  28. 			'name' => $Organizr->config[$config['configPrefix'] . 'Name'] ?? ucfirst($provider),
    29. 

  29. 			'enabled' => true,
    30. 

  30. 		];
    31. 

  31. 	}
    32. 

  32. 	$GLOBALS['api']['response']['data'] = $result;
    33. 

  33. 	$response->getBody()->write(jsonE($GLOBALS['api']));
    34. 

  34. 	return $response
    35. 

  35. 		->withHeader('Content-Type', 'application/json;charset=UTF-8')
    36. 

  36. 		->withStatus($GLOBALS['responseCode']);
    37. 

  37. });
    38. 

  38. 

  39. /**
    40. 

  40.  * Initiate OIDC authorization flow
    41. 

  41.  */
    42. 

  42. $app->get('/oidc/{provider}/authorize', function ($request, $response, $args) {
    43. 

  43. 	$Organizr = ($request->getAttribute('Organizr')) ?? new Organizr();
    44. 

  44. 	$provider = $args['provider'] ?? '';
    45. 

  45. 	// This will redirect to the provider, exit happens in initiateOIDCFlow
    46. 

  46. 	$Organizr->initiateOIDCFlow($provider);
    47. 

  47. 	// If we get here, there was an error
    48. 

  48. 	$response->getBody()->write(jsonE($GLOBALS['api']));
    49. 

  49. 	return $response
    50. 

  50. 		->withHeader('Content-Type', 'application/json;charset=UTF-8')
    51. 

  51. 		->withStatus($GLOBALS['responseCode']);
    52. 

  52. });
    53. 

  53. 

  54. /**
    55. 

  55.  * OIDC callback handler
    56. 

  56.  */
    57. 

  57. $app->get('/oidc/{provider}/callback', function ($request, $response, $args) {
    58. 

  58. 	$Organizr = ($request->getAttribute('Organizr')) ?? new Organizr();
    59. 

  59. 	$provider = $args['provider'] ?? '';
    60. 

  60. 	$params = $request->getQueryParams();
    61. 

  61. 	$code = $params['code'] ?? null;
    62. 

  62. 	$state = $params['state'] ?? null;
    63. 

  63. 	$error = $params['error'] ?? null;
    64. 

  64. 	$errorDescription = $params['error_description'] ?? 'Unknown error';
    65. 

  65. 	// Handle error from provider
    66. 

  66. 	if ($error) {
    67. 

  67. 		$Organizr->outputOIDCCallbackError($errorDescription);
    68. 

  68. 		return $response;
    69. 

  69. 	}
    70. 

  70. 	// Validate required parameters
    71. 

  71. 	if (!$code || !$state) {
    72. 

  72. 		$Organizr->outputOIDCCallbackError('Missing code or state parameter');
    73. 

  73. 		return $response;
    74. 

  74. 	}
    75. 

  75. 	// Process callback
    76. 

  76. 	$user = $Organizr->processOIDCCallback($provider, $code, $state);
    77. 

  77. 	if ($user) {
    78. 

  78. 		$Organizr->outputOIDCCallbackSuccess($user['username']);
    79. 

  79. 	} else {
    80. 

  80. 		$Organizr->outputOIDCCallbackError($GLOBALS['api']['response']['message'] ?? 'Authentication failed');
    81. 

  81. 	}
    82. 

  82. 	return $response;
    83. 

  83. });
    84. 

  84. 

  85. /**
    86. 

  86.  * Test OIDC provider connection (admin only)
    87. 

  87.  */
    88. 

  88. $app->get('/oidc/{provider}/test', function ($request, $response, $args) {
    89. 

  89. 	$Organizr = ($request->getAttribute('Organizr')) ?? new Organizr();
    90. 

  90. 	if ($Organizr->checkRoute($request)) {
    91. 

  91. 		if ($Organizr->qualifyRequest(1, true)) {
    92. 

  92. 			$provider = $args['provider'] ?? '';
    93. 

  93. 			$Organizr->testOIDCConnection($provider);
    94. 

  94. 		}
    95. 

  95. 	}
    96. 

  96. 	$response->getBody()->write(jsonE($GLOBALS['api']));
    97. 

  97. 	return $response
    98. 

  98. 		->withHeader('Content-Type', 'application/json;charset=UTF-8')
    99. 

  99. 		->withStatus($GLOBALS['responseCode']);
    100. 

  100. });
    101.