Skip to content

Commit

Permalink
fix: clarify the claass for auto sso
Browse files Browse the repository at this point in the history
  • Loading branch information
Sebastian Thulin committed Jan 15, 2025
1 parent ff26e76 commit adbf586
Showing 1 changed file with 66 additions and 48 deletions.
114 changes: 66 additions & 48 deletions library/Integrations/MiniOrange/RequireSsoLogin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,79 +5,97 @@
use Municipio\Integrations\MiniOrange\Config\MiniOrangeConfig;
use Municipio\HooksRegistrar\Hookable;
use WpService\WpService;

/**
* Require SSO login for all users.
*
* This will automaticly redirect the user to the selected SSO provider when visiting the login page.
* This is done simply by adding the `option=saml_user_login` parameter to the URL and reload the page.
*
*/
class RequireSsoLogin implements Hookable
{
private const ACTIONS_TO_EXCLUDE = ['logout', 'log-out'];
private const ALLOWED_PROTOCOLS = ['http', 'https'];

public function __construct(private WpService $wpService, private MiniOrangeConfig $config)
{
}

/**
* Add hooks
*/
public function addHooks(): void
{
if (!$this->isEnabled()) {
return;
}

$this->wpService->addAction('init', array($this, 'redirectToSsoProvider'));
$this->wpService->addAction('init', function () {
if ($this->isEnabled()) {
$this->redirectToSsoProvider();
}
});
}

/**
* Check if the SSO login required is enabled
*
* @return bool
*/
/**
* Check if the automatic SSO login is enabled.
*
* @return bool
*/
private function isEnabled(): bool
{
return $this->config->requireSsoLogin();
}

/**
* Redirect to the SSO provider if the user tries to access the login page
*
* @return void
*/
public function redirectToSsoProvider(): void
/**
* Redirect to the SSO provider if the current request should be redirected.
*/
private function redirectToSsoProvider(): void
{
if (strpos($_SERVER['REQUEST_URI'], 'wp-login.php') === false) {
if (!$this->shouldRedirectToSso()) {
return;
}

if (($_GET['option'] ?? null) === 'saml_user_login') {
return;
}
$redirectUrl = $this->getSsoUrlWithAllParams();
$redirectUrl = $this->wpService->escUrlRaw(
$redirectUrl,
self::ALLOWED_PROTOCOLS
);

if (in_array(($_GET['action'] ?? null), ['logout', 'log-out'])) {
return;
if ($redirectUrl) {
$this->wpService->wpSafeRedirect($redirectUrl);
exit;
}

// Redirect to the SSO URL
$this->wpService->wpRedirect($this->getSsoUrl());
exit;
}

/**
* Get the SSO URL with redirect parameter
*
* @return string|null
*/
private function getSsoUrl(): ?string
/*
* Check if the current request should be redirected to the SSO provider.
*
* @return bool
*/
private function shouldRedirectToSso(): bool
{
$url = $_SERVER['REQUEST_URI'] ?? $this->wpService->homeUrl('/wp-login.php');
$requestUri = $_SERVER['REQUEST_URI'] ?? null;
$option = $_GET['option'] ?? null;
$action = $_GET['action'] ?? null;

$url = add_query_arg(
'option',
'saml_user_login',
$url
);
return $requestUri && strpos($requestUri, 'wp-login.php') !== false
&& $option !== 'saml_user_login'
&& !in_array($action, self::ACTIONS_TO_EXCLUDE, true);
}

if (isset($_GET['redirect_to'])) {
$url = add_query_arg(
'redirect_to',
$_GET['redirect_to'],
$url
);
}
/*
* Get the URL to the SSO provider with all existing GET parameters
* and the `option` parameter set to `saml_user_login`.
*
* When the login page is accessed with the `option` parameter set to `
* saml_user_login`, it will trigger the SSO login in miniOrange plugin.
*
* @return string|null
*/
private function getSsoUrlWithAllParams(): ?string
{
$base = $_SERVER['REQUEST_URI'] ?? $this->wpService->homeUrl('/wp-login.php');
$params = $_GET ?? [];

$params['option'] = 'saml_user_login';

return $url;
return $this->wpService->addQueryArg($params, $base);
}
}
}

0 comments on commit adbf586

Please sign in to comment.