dcovington
/
KCI-PHP-KANBAN
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
267KB
Tree: 7fb48edcf1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7fb48edcf1'
${ noResults }
KCI-PHP-KANBAN/app/Controllers/AuthController.php

81 lines
2.4KB
Raw Blame History 

  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. namespace App\Controllers;

  6. 

  7. use App\Services\AuthService;

  8. use Core\Controller;

  9. use Core\Request;

  10. 

  11. class AuthController extends Controller

  12. {

  13.     public function login(Request $request): mixed

  14.     {

  15.         $returnTo = trim((string) $request->input('returnTo', ''));

  16.         if ($returnTo !== '') {

  17.             $_SESSION['auth_return_to'] = $returnTo;

  18.         }

  19. 

  20.         $provider = AuthService::provider();

  21.         $authUrl  = $provider->getAuthorizationUrl();

  22. 

  23.         $_SESSION['oauth2_state'] = $provider->getState();

  24. 

  25.         return $this->redirect($authUrl);

  26.     }

  27. 

  28.     public function callback(Request $request): mixed

  29.     {

  30.         $state = (string) $request->input('state', '');

  31.         $code  = (string) $request->input('code', '');

  32. 

  33.         if ($state === '' || $state !== ($_SESSION['oauth2_state'] ?? '')) {

  34.             unset($_SESSION['oauth2_state']);

  35. 

  36.             return $this->view('auth.callback-error', [

  37.                 'pageTitle' => 'Authentication Error',

  38.                 'error'     => 'Invalid state parameter. Please try logging in again.',

  39.             ]);

  40.         }

  41. 

  42.         unset($_SESSION['oauth2_state']);

  43. 

  44.         try {

  45.             $provider = AuthService::provider();

  46.             $token    = $provider->getAccessToken('authorization_code', ['code' => $code]);

  47.             $userInfo = AuthService::claimsFromToken($token->getToken());

  48. 

  49.             if (empty($userInfo)) {

  50.                 throw new \RuntimeException('Access token payload was empty or undecodable.');

  51.             }

  52. 

  53.             AuthService::storeUser($userInfo);

  54. 

  55.             $redirectTo = $_SESSION['auth_return_to'] ?? '/boards';

  56.             unset($_SESSION['auth_return_to']);

  57. 

  58.             return $this->redirect($redirectTo);

  59.         } catch (\Throwable $e) {

  60.             error_log('Keycloak callback error: ' . $e->getMessage());

  61. 

  62.             $debug = filter_var(getenv('APP_DEBUG'), FILTER_VALIDATE_BOOLEAN);

  63.             $error = $debug

  64.                 ? get_class($e) . ': ' . $e->getMessage()

  65.                 : 'Authentication failed. Please try again.';

  66. 

  67.             return $this->view('auth.callback-error', [

  68.                 'pageTitle' => 'Authentication Error',

  69.                 'error'     => $error,

  70.             ]);

  71.         }

  72.     }

  73. 

  74.     public function logout(): mixed

  75.     {

  76.         AuthService::clearSession();

  77. 

  78.         return $this->redirect(AuthService::logoutUrl());

  79.     }

  80. }

Powered by TurnKey Linux.