lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Merge pull request #11076 from johnson-yi/fixes/saml_slo

Browse source 
Fixes #10706 - Fix saml slo for logout
This commit is contained in:
snipe 2022-05-14 08:10:50 -07:00 committed by GitHub
commit d904fb1d80
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/Http/Controllers/Auth/LoginController.php
View file

@ -449,10 +449,17 @@ class LoginController extends Controller
*/ */
public function logout(Request $request) public function logout(Request $request)
{ {
// Logout is only allowed with a http POST but we need to allow GET for SAML SLO
$settings = Setting::getSettings(); $settings = Setting::getSettings();
$saml = $this->saml; $saml = $this->saml;
$samlLogout = $request->session()->get('saml_logout');
$sloRedirectUrl = null; $sloRedirectUrl = null;
$sloRequestUrl = null; $sloRequestUrl = null;
// Only allow GET if we are doing SAML SLO otherwise abort with 405
if ($request->isMethod('GET') && !$samlLogout) {
abort(405);
}
if ($saml->isEnabled()) { if ($saml->isEnabled()) {
$auth = $saml->getAuth(); $auth = $saml->getAuth();

2
app/Http/Controllers/Auth/SamlController.php
View file

@ -142,6 +142,6 @@ class SamlController extends Controller
return view('errors.403'); return view('errors.403');
} }
return redirect()->route('logout')->with('saml_slo_redirect_url', $sloUrl); return redirect()->route('logout')->with(['saml_logout' => true,'saml_slo_redirect_url' => $sloUrl]);
} }
} }

6
routes/web.php
View file

@ -434,6 +434,12 @@ Route::group(['middleware' => 'web'], function () {
'uses' => 'DashboardController@getIndex' ] 'uses' => 'DashboardController@getIndex' ]
); );
// need to keep GET /logout for SAML SLO
Route::get(
'logout',
[LoginController::class, 'logout']
)->name('logout');
Route::post( Route::post(
'logout', 'logout',
[LoginController::class, 'logout'] [LoginController::class, 'logout']