-
-
Notifications
You must be signed in to change notification settings - Fork 204
V8.0.0 #1414
V8.0.0 #1414
Changes from 5 commits
9f24d50
e42fbf9
4a0ccf6
2bcd474
0629167
334c90b
379457d
3ba3708
9816a4a
555ba2f
8f15ad6
0989b31
557a83b
f7de858
cf99912
4c4722f
685d236
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,7 @@ | |
use Directus\Application\Route; | ||
use function Directus\array_get; | ||
use function Directus\get_directus_setting; | ||
use function Directus\get_directus_path; | ||
use function Directus\get_project_session_cookie_name; | ||
use function Directus\get_request_authorization_token; | ||
use function Directus\encrypt_static_token; | ||
|
@@ -36,7 +37,7 @@ public function __invoke(Application $app) | |
$app->post('/logout/{user}', [$this, 'logoutFromAll']); | ||
$app->post('/logout/{user}/{id}', [$this, 'logoutFromOne']); | ||
$app->post('/password/request', [$this, 'forgotPassword']); | ||
$app->get('/password/reset/{token}', [$this, 'resetPassword']); | ||
$app->post('/password/reset', [$this, 'resetPassword']); | ||
$app->post('/refresh', [$this, 'refresh']); | ||
$app->get('/sso', [$this, 'listSsoAuthServices']); | ||
$app->post('/sso/access_token', [$this, 'ssoAccessToken']); | ||
|
@@ -255,7 +256,8 @@ public function resetPassword(Request $request, Response $response) | |
$authService = $this->container->get('services')->get('auth'); | ||
|
||
$authService->resetPasswordWithToken( | ||
$request->getAttribute('token') | ||
$request->getParsedBodyParam('token'), | ||
$request->getParsedBodyParam('password') | ||
); | ||
|
||
return $this->responseWithData($request, $response, []); | ||
|
@@ -291,10 +293,10 @@ public function listSsoAuthServices(Request $request, Response $response) | |
{ | ||
/** @var AuthService $authService */ | ||
$authService = $this->container->get('services')->get('auth'); | ||
|
||
/** @var Social $externalAuth */ | ||
$externalAuth = $this->container->get('external_auth'); | ||
|
||
$services = []; | ||
foreach ($externalAuth->getAll() as $name => $provider) { | ||
$services[] = $authService->getSsoBasicInfo($name); | ||
|
@@ -367,18 +369,22 @@ public function ssoServiceCallback(Request $request, Response $response) | |
{ | ||
/** @var AuthService $authService */ | ||
$authService = $this->container->get('services')->get('auth'); | ||
|
||
$session = $this->container->get('session'); | ||
// TODO: Implement a pull method | ||
$redirectUrl = $session->get('sso_origin_url'); | ||
$session->remove('sso_origin_url'); | ||
$mode = $session->get('mode'); | ||
|
||
$redirectUrl = $mode == DirectusUserSessionsTableGateway::TOKEN_COOKIE | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @bjgajjar I'm thinking we might want to add There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
But yes - IMO, we should return the array of responses when this redirect_url is not set in the system. |
||
? get_directus_path() . '/admin/#/' | ||
: $session->get('sso_origin_url'); | ||
|
||
$needs2FA = false; | ||
$responseData = []; | ||
$urlParams = []; | ||
|
||
try { | ||
$responseData = $authService->handleAuthenticationRequestCallback( | ||
$request->getAttribute('service'), | ||
!!$redirectUrl, | ||
true, | ||
$mode | ||
); | ||
|
||
|
@@ -388,6 +394,7 @@ public function ssoServiceCallback(Request $request, Response $response) | |
if($tfa_enforced || !is_null($responseData['data']['user']['2fa_secret'])){ | ||
throw new SsoNotAllowedException(); | ||
} | ||
|
||
switch($mode){ | ||
case DirectusUserSessionsTableGateway::TOKEN_COOKIE : | ||
$response = $this->storeCookieSession($request,$response,$responseData['data']); | ||
|
@@ -410,7 +417,7 @@ public function ssoServiceCallback(Request $request, Response $response) | |
$urlParams['error'] = true; | ||
} | ||
|
||
|
||
if ($redirectUrl) { | ||
$redirectQueryString = parse_url($redirectUrl, PHP_URL_QUERY); | ||
$redirectUrlParts = explode('?', $redirectUrl); | ||
|
@@ -419,10 +426,16 @@ public function ssoServiceCallback(Request $request, Response $response) | |
if (is_array($redirectQueryParams)) { | ||
$urlParams = array_merge($redirectQueryParams, $urlParams); | ||
} | ||
$urlToRedirect = !empty($urlParams) ? $redirectUrl . '?' . http_build_query($urlParams) : $redirectUrl; | ||
$response = $response->withRedirect($urlToRedirect); | ||
|
||
if (!empty($urlParams) && $mode == DirectusUserSessionsTableGateway::TOKEN_COOKIE) { | ||
$redirectUrl .= 'login?' . http_build_query($urlParams); | ||
} else { | ||
$redirectUrl .= '?' . http_build_query($urlParams); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we still need to pass There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The else also runs for jwt mode There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. But there's a possibility that
Will this work? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We don't need to hardcode to /login anymore with the redirect_url param we're adding |
||
} | ||
|
||
$response = $response->withRedirect($redirectUrl); | ||
}else{ | ||
$response = $response->withRedirect('/admin'); | ||
$response = $response->withRedirect($redirectUrl); | ||
} | ||
|
||
$session->remove('mode'); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,7 +10,7 @@ class Home extends Route | |
{ | ||
public function __invoke(Request $request, Response $response) | ||
{ | ||
$response = $response->withRedirect('/admin'); | ||
$response = $response->withRedirect('./admin/'); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This makes sure the redirect works well when the API is nested in another folder, eg |
||
return $this->responseWithData($request, $response, []); | ||
} | ||
} |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Passwords are now being passed in the body instead of being auto-generated.
The previous method was done that way because the API didn't know where the app was, so by utilizing GET requests, we could circumvent that. The UX now is way nicer