Fixed #10436 on master, applies #10449

Signed-off-by: snipe <snipe@snipe.net>
2022-02-22 21:06:54 -08:00 · 2022-02-22 21:06:54 -08:00 · 42fcd29200
commit 42fcd29200
parent 0cfc0a4bee
5 changed files with 29 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@ -152,4 +152,5 @@ LDAP_TIME_LIM=600
 IMPORT_TIME_LIMIT=600
 IMPORT_MEMORY_LIMIT=500M
 REPORT_TIME_LIMIT=12000
 REQUIRE_SAML=false
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -75,6 +75,13 @@ class LoginController extends Controller
            return redirect()->intended('/');
        }
        // If the environment is set to ALWAYS require SAML, go straight to the SAML route.
        // We don't need to check other settings, as this should override those.
        if (config('app.require_saml')) {
            return redirect()->route('saml.login');
        }
        if ($this->saml->isEnabled() && Setting::getSettings()->saml_forcelogin == "1" && !($request->has('nosaml') || $request->session()->has('error'))) {
            return redirect()->route('saml.login');
        }
@ -197,6 +204,12 @@ class LoginController extends Controller
     */
    public function login(Request $request)
    {
        //If the environment is set to ALWAYS require SAML, return access denied
        if (config('app.require_saml')) {
            return view('errors.403');
        }
        if (Setting::getSettings()->login_common_disabled == "1") {
            return view('errors.403');
        }
--- a/config/app.php
+++ b/config/app.php
@ -255,7 +255,20 @@ return [
    'enable_csp' => env('ENABLE_CSP', false),
    /*
     |--------------------------------------------------------------------------
     | Require SAML Login
     |--------------------------------------------------------------------------
     |
     | Disable the ability to login via form login, and disables the 'nosaml'
     | workaround. It requires all logins to process via SAML login.
     | (This is for high security setups. If your SAML configuration is not
     | working, this option should be set to false. This option is not needed
     | to successfully configure SAML authentication.)
     |
     */
    'require_saml' => env('REQUIRE_SAML', false),
    /*
    |--------------------------------------------------------------------------
--- a/resources/lang/en/admin/settings/general.php
+++ b/resources/lang/en/admin/settings/general.php
@ -174,7 +174,7 @@ return [
    'saml_idp_metadata_help'    => 'You can specify the IdP metadata using a URL or XML file.',
    'saml_attr_mapping_username' => 'Attribute Mapping - Username',
    'saml_attr_mapping_username_help' => 'NameID will be used if attribute mapping is unspecified or invalid.',
-    'saml_forcelogin_label'     => 'SAML Force Login',
+    'saml_forcelogin_label'     => 'SAML Default Login',
    'saml_forcelogin'           => 'Make SAML the primary login',
    'saml_forcelogin_help'      => 'You can use \'/login?nosaml\' to get to the normal login page.',
    'saml_slo_label'            => 'SAML Single Log Out',
--- a/resources/views/settings/saml.blade.php
+++ b/resources/views/settings/saml.blade.php
@ -39,7 +39,7 @@
                <div class="box-header with-border">
                    <h2 class="box-title">
                        <i class="fa fa-sign-in"></i> SAML
-                    </h4>
+                    </h2>
                </div>
                <div class="box-body">