You are here

protected function SamlController::getUrlFromDestination in SAML Authentication 8.3

Same name and namespace in other branches
  1. 8.2 src/Controller/SamlController.php \Drupal\samlauth\Controller\SamlController::getUrlFromDestination()
  2. 4.x src/Controller/SamlController.php \Drupal\samlauth\Controller\SamlController::getUrlFromDestination()

Constructs a full URL from the 'destination' parameter.

Also unsets the destination parameter. This is only considered suitable for feeding a URL string into php-saml's login() / logout() methods.

Return value

string|null The full absolute URL (i.e. our hostname plus the path in the destination parameter), or NULL if no destination parameter was given. This value is tuned to what login() / logout() expect for an input argument.

Throws

\Drupal\samlauth\UserVisibleException If the destination is disallowed.

2 calls to SamlController::getUrlFromDestination()
SamlController::login in src/Controller/SamlController.php
Initiates a SAML2 authentication flow.
SamlController::logout in src/Controller/SamlController.php
Initiates a SAML2 logout flow.

File

src/Controller/SamlController.php, line 330

Class

SamlController
Returns responses for samlauth module routes.

Namespace

Drupal\samlauth\Controller

Code

protected function getUrlFromDestination() {
  $destination_url = NULL;
  $request_query_parameters = $this->requestStack
    ->getCurrentRequest()->query;
  $destination = $request_query_parameters
    ->get('destination');
  if ($destination) {
    if (UrlHelper::isExternal($destination)) {

      // Disallow redirecting to an external URL after we log in.
      throw new UserVisibleException("Destination URL query parameter must not be external: {$destination}");
    }
    $destination_url = $GLOBALS['base_url'] . '/' . $destination;

    // After we return from this controller, Drupal immediately redirects to
    // the path set in the 'destination' parameter (for the current URL being
    // handled). We want to always redirect to the IdP instead (and only use
    // $destination_url after the user gets redirected back here), so remove
    // the parameter.
    $request_query_parameters
      ->remove('destination');
  }
  return $destination_url;
}