class WindowsAadSSOController in OpenID Connect Microsoft Azure Active Directory client 2.0.x
Same name and namespace in other branches
- 8 src/Controller/WindowsAadSSOController.php \Drupal\openid_connect_windows_aad\Controller\WindowsAadSSOController
Controller routines for Azure AD single sign out user routes.
Hierarchy
- class \Drupal\Core\Controller\ControllerBase implements ContainerInjectionInterface uses LoggerChannelTrait, MessengerTrait, RedirectDestinationTrait, StringTranslationTrait
- class \Drupal\openid_connect_windows_aad\Controller\WindowsAadSSOController
Expanded class hierarchy of WindowsAadSSOController
File
- src/
Controller/ WindowsAadSSOController.php, line 17
Namespace
Drupal\openid_connect_windows_aad\ControllerView source
class WindowsAadSSOController extends ControllerBase {
/**
* A logger instance.
*
* @var \Psr\Log\LoggerInterface
*/
protected $logger;
/*
* @param \Drupal\openid_connect\OpenIDConnectAuthmap $authmap
* The authmap storage.
*/
protected $authmap;
/**
* Constructs a WindowsAadSSOController object.
*
* @param \Psr\Log\LoggerInterface $logger
* A logger instance.
*/
public function __construct(LoggerInterface $logger, OpenIDConnectAuthmap $authmap) {
$this->logger = $logger;
$this->authmap = $authmap;
}
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container) {
return new static($container
->get('logger.factory')
->get('openid_connect_windows_aad'), $container
->get('openid_connect.authmap'));
}
/**
* Single Sign Out callback to log the current user out.
*
* Called by Windows Azure AD when a user logs out of their SSO session from
* another application such as Office 365.
*
* @return \Symfony\Component\HttpFoundation\Response
* Either a 200 or 403 response without any content.
*/
public function signout() {
$configuration = $this
->config('openid_connect.settings.windows_aad');
$settings = $configuration
->get('settings');
$enabled = $configuration
->get('enabled');
// Check that the windows_aad client is enabled and so is SSOut.
if ($enabled && isset($settings['enable_single_sign_out']) && $settings['enable_single_sign_out']) {
// Ensure the user has a connected account.
$user = \Drupal::currentUser();
$connected_accounts = $this->authmap
->getConnectedAccounts($user);
$connected = $connected_accounts && isset($connected_accounts['windows_aad']);
$logged_in = $user
->isAuthenticated();
// Only log the user out if they are logged in and have a connected
// account. Return a 200 OK in any case since all is good.
if ($logged_in && $connected) {
user_logout();
}
return new Response('', Response::HTTP_OK);
}
// Likely a misconfiguration since SSOut attempts should not be made to the
// logout uri unless it has been configured in Azure AD; if you had
// configured it in Azure AD then you should have also enabled SSOut in the
// OpenID Connect settings. Also, a possible malicious CSRF attempt. Log a
// warning either way.
$this->logger
->warning('Windows AAD Single Sign Out attempt, but SSOut has not been enabled in the OpenID Connect Windows AAD configuration.');
return new Response('', Response::HTTP_FORBIDDEN);
}
/**
* Logs the current user out. Overrides UserController::logout().
*
* If Single Sign out has been enabled in OpenID Connect Windows AAD config
* then redirect the user when they try to log out of the app to the Windows
* single sign out endpoint. They will be logged out of their other SSO apps.
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* A redirection to either the home page or to Azure AD Single Sign out.
*/
public function logout() {
$connected = FALSE;
$configuration = $this
->config('openid_connect.settings.windows_aad');
$settings = $configuration
->get('settings');
// Check that the windows_aad client is enabled and so is SSOut.
$enabled = $configuration
->get('enabled') && isset($settings['enable_single_sign_out']) && $settings['enable_single_sign_out'];
// Check for a connected account before we log the Drupal user out.
if ($enabled) {
// Ensure the user has a connected account.
$user = \Drupal::currentUser();
$connected_accounts = $this->authmap
->getConnectedAccounts($user);
$connected = $connected_accounts && isset($connected_accounts['windows_aad']);
}
user_logout();
if ($connected) {
// Redirect back to the home page once signed out.
$redirect_uri = Url::fromRoute('<front>', [], [
'absolute' => TRUE,
])
->toString(TRUE)
->getGeneratedUrl();
$query_parameters = [
'post_logout_redirect_uri' => $redirect_uri,
];
$query = UrlHelper::buildQuery($query_parameters);
$response = new TrustedRedirectResponse('https://login.microsoftonline.com/common/oauth2/v2.0/logout?' . $query);
// We can't cache the response, since we need the user to get logged out
// prior to being redirected. The kill switch will prevent the page
// getting cached when page cache is active.
\Drupal::service('page_cache_kill_switch')
->trigger();
return $response;
}
// No SSOut so do the usual thing and redirect to the front page.
return $this
->redirect('<front>');
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
ControllerBase:: |
protected | property | The configuration factory. | |
ControllerBase:: |
protected | property | The current user service. | 1 |
ControllerBase:: |
protected | property | The entity form builder. | |
ControllerBase:: |
protected | property | The entity type manager. | |
ControllerBase:: |
protected | property | The form builder. | 2 |
ControllerBase:: |
protected | property | The key-value storage. | 1 |
ControllerBase:: |
protected | property | The language manager. | 1 |
ControllerBase:: |
protected | property | The module handler. | 2 |
ControllerBase:: |
protected | property | The state service. | |
ControllerBase:: |
protected | function | Returns the requested cache bin. | |
ControllerBase:: |
protected | function | Retrieves a configuration object. | |
ControllerBase:: |
private | function | Returns the service container. | |
ControllerBase:: |
protected | function | Returns the current user. | 1 |
ControllerBase:: |
protected | function | Retrieves the entity form builder. | |
ControllerBase:: |
protected | function | Retrieves the entity type manager. | |
ControllerBase:: |
protected | function | Returns the form builder service. | 2 |
ControllerBase:: |
protected | function | Returns a key/value storage collection. | 1 |
ControllerBase:: |
protected | function | Returns the language manager service. | 1 |
ControllerBase:: |
protected | function | Returns the module handler. | 2 |
ControllerBase:: |
protected | function | Returns a redirect response object for the specified route. | |
ControllerBase:: |
protected | function | Returns the state storage service. | |
LoggerChannelTrait:: |
protected | property | The logger channel factory service. | |
LoggerChannelTrait:: |
protected | function | Gets the logger for a specific channel. | |
LoggerChannelTrait:: |
public | function | Injects the logger channel factory. | |
MessengerTrait:: |
protected | property | The messenger. | 27 |
MessengerTrait:: |
public | function | Gets the messenger. | 27 |
MessengerTrait:: |
public | function | Sets the messenger. | |
RedirectDestinationTrait:: |
protected | property | The redirect destination service. | 1 |
RedirectDestinationTrait:: |
protected | function | Prepares a 'destination' URL query parameter for use with \Drupal\Core\Url. | |
RedirectDestinationTrait:: |
protected | function | Returns the redirect destination service. | |
RedirectDestinationTrait:: |
public | function | Sets the redirect destination service. | |
StringTranslationTrait:: |
protected | property | The string translation service. | 4 |
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. | |
WindowsAadSSOController:: |
protected | property | ||
WindowsAadSSOController:: |
protected | property | A logger instance. | |
WindowsAadSSOController:: |
public static | function |
Instantiates a new instance of this class. Overrides ControllerBase:: |
|
WindowsAadSSOController:: |
public | function | Logs the current user out. Overrides UserController::logout(). | |
WindowsAadSSOController:: |
public | function | Single Sign Out callback to log the current user out. | |
WindowsAadSSOController:: |
public | function | Constructs a WindowsAadSSOController object. |