vendor/nbgrp/onelogin-saml-bundle/src/Controller/Login.php line 17

Open in your IDE?
  1. <?php declare(strict_types=1);
  2. // SPDX-License-Identifier: BSD-3-Clause
  4. namespace Nbgrp\OneloginSamlBundle\Controller;
  6. use Nbgrp\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator;
  7. use OneLogin\Saml2\Auth;
  8. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  9. use Symfony\Component\HttpFoundation\RedirectResponse;
  10. use Symfony\Component\HttpFoundation\Request;
  11. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  12. use Symfony\Component\HttpKernel\Attribute\AsController;
  13. use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
  14. use Symfony\Component\Security\Core\Security;
  16. #[AsController]
  17. class Login
  18. {
  19.     public function __construct(
  20.         private FirewallMap $firewallMap,
  21.     ) {}
  23.     public function __invoke(Request $requestAuth $auth): RedirectResponse
  24.     {
  25.         $targetPath null;
  26.         $session null;
  27.         /** @var \Throwable|null $error */
  28.         $error $request->attributes->get(Security::AUTHENTICATION_ERROR);
  30.         if ($request->hasSession()) {
  31.             $session $request->getSession();
  32.             $targetPath $this->getTargetPath($request$session);
  34.             if ($session->has(Security::AUTHENTICATION_ERROR)) {
  35.                 /** @var \Throwable|null $error */
  36.                 $error $session->get(Security::AUTHENTICATION_ERROR);
  37.                 $session->remove(Security::AUTHENTICATION_ERROR);
  38.             }
  39.         }
  41.         if ($error instanceof \Throwable) {
  42.             throw new \RuntimeException($error->getMessage());
  43.         }
  45.         return new RedirectResponse($this->processLoginAndGetRedirectUrl($auth$targetPath$session));
  46.     }
  48.     /** @psalm-suppress MixedInferredReturnType, MixedReturnStatement */
  49.     private function getTargetPath(Request $requestSessionInterface $session): ?string
  50.     {
  51.         $firewallName $this->firewallMap->getFirewallConfig($request)?->getName();
  52.         if (!$firewallName) {
  53.             throw new ServiceUnavailableHttpException(message'Unknown firewall.');
  54.         }
  56.         /** @phpstan-ignore-next-line */
  57.         return $session->get('_security.'.$firewallName.'.target_path');
  58.     }
  60.     private function processLoginAndGetRedirectUrl(Auth $auth, ?string $targetPath, ?SessionInterface $session): string
  61.     {
  62.         $redirectUrl $auth->login(returnTo$targetPathstaytrue);
  63.         if ($redirectUrl === null) {
  64.             throw new \RuntimeException('Login cannot be performed: Auth did not returned redirect url.');
  65.         }
  67.         $security $auth->getSettings()->getSecurityData();
  68.         if (($security['rejectUnsolicitedResponsesWithInResponseTo'] ?? false) && $session instanceof SessionInterface) {
  69.             $session->set(SamlAuthenticator::LAST_REQUEST_ID$auth->getLastRequestID());
  70.         }
  72.         return $redirectUrl;
  73.     }
  74. }