You are here

Home » API reference » SAML Authentication 8.3 » SamlController.php » SamlController

protected function SamlController::getRedirectUrlAfterProcessing in SAML Authentication 8.3

Same name and namespace in other branches
  1. 8.2 src/Controller/SamlController.php \Drupal\samlauth\Controller\SamlController::getRedirectUrlAfterProcessing()
  2. 4.x src/Controller/SamlController.php \Drupal\samlauth\Controller\SamlController::getRedirectUrlAfterProcessing()

Returns a URL to redirect to.

This should be called only after processing an ACS/logout response.

Parameters

bool $after_acs: (Optional) TRUE if an ACS request was just processed.

bool $ignore_relay_state: (Optional) TRUE if the RelayState parameter in the current request should not be used.

Return value

\Drupal\Core\Url The URL to redirect to.

2 calls to SamlController::getRedirectUrlAfterProcessing()
SamlController::acs in src/Controller/SamlController.php
Performs the Attribute Consumer Service.
SamlController::sls in src/Controller/SamlController.php
Performs the Single Logout Service.

File

src/Controller/SamlController.php, line 366

Class

SamlController
Returns responses for samlauth module routes.

Namespace

Drupal\samlauth\Controller

Code

protected function getRedirectUrlAfterProcessing($after_acs = FALSE, $ignore_relay_state = FALSE) {
  if (!$ignore_relay_state) {
    $relay_state = $this->requestStack
      ->getCurrentRequest()
      ->get('RelayState');
    if ($relay_state) {

      // We should be able to trust the RelayState parameter at this point
      // because the response from the IdP was verified. Only validate general
      // syntax.
      if (!UrlHelper::isValid($relay_state, TRUE)) {
        $this->logger
          ->error('Invalid RelayState parameter found in request: @relaystate', [
          '@relaystate' => $relay_state,
        ]);
      }
      elseif (!preg_match('|//[^/]+/saml/log|', $relay_state)) {
        $url = $relay_state;
      }
    }
  }
  if (empty($url)) {

    // If no url was specified, we check if it was configured.
    $url = $this
      ->config(self::CONFIG_OBJECT_NAME)
      ->get($after_acs ? 'login_redirect_url' : 'logout_redirect_url');
    $url = $this->token
      ->replace($url);
  }
  if ($url) {

    // We don't check access here. If a URL was explicitly specified, we
    // prefer returning a 403 over silently redirecting somewhere else.
    $url_object = $this->pathValidator
      ->getUrlIfValidWithoutAccessCheck($url);
    if (empty($url_object)) {
      $type = $after_acs ? 'Login' : 'Logout';
      $this->logger
        ->warning("The {$type} Redirect URL is not a valid path; falling back to default.");
    }
  }
  if (empty($url_object)) {

    // If no url was configured, fall back to a hardcoded route.
    if ($this
      ->currentUser()
      ->isAuthenticated()) {
      $url_object = Url::fromRoute('entity.user.canonical', [
        'user' => $this
          ->currentUser()
          ->id(),
      ]);
    }
    else {
      $url_object = Url::fromRoute('<front>');
    }
  }
  return $url_object;
}