HDK/hyperf-saml
1
0
Fork 0
mirror of http://124.126.16.154:8888/singularity/hyperf-saml.git synced 2026-01-15 07:35:07 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(sp): 完善了退出登录回调的逻辑

Browse Source 
添加了 Redis 中的 token 映射

Signed-off-by: 李东云 <dongyun.li@luxcreo.ai>
This commit is contained in:
李东云
2022-04-29 00:47:00 +08:00
parent 2e34b63bd1
commit ae81687b3d
3 changed files with 49 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
publish/saml.php
View File

@@ -6,10 +6,14 @@ return [
// 当前项目类型
'type' => 'sp', // 可选值sp/idp
// 是否支持多用户同时在线
'allow_multi_online' => true,
// IDP 相关配置
'server' => [
// common config
'idp_id' => env('IDP_ID', 'https://test-accountx.luxcreo.cn/api/v1/auth'), // 单点登录
'idp_id' => env('IDP_ID', 'https://test-accountx.luxcreo.cn/api/v1/auth'),
// 单点登录
// idp config

25
src/Services/Sp/Assertion.php
View File

@@ -12,9 +12,11 @@ namespace Singularity\HyperfSaml\Services\Sp;
use Exception;
use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\HttpServer\Contract\ResponseInterface;
use Hyperf\Redis\Redis;
use LightSaml\Model\Protocol\LogoutResponse;
use LightSaml\Model\Protocol\Response;
use LightSaml\SamlConstants;
use Singularity\HDK\Account\Resource\User;
use Singularity\HDK\Account\Services\Auth\AuthenticationInterface;
use Singularity\HDK\Utils\Exceptions\Unauthorized;
use Singularity\HyperfSaml\Constants\SamlErrorCode;
@@ -38,7 +40,8 @@ class Assertion
private Base $base,
private RequestInterface $request,
private ResponseInterface $response,
private AuthenticationInterface $tokenService
private AuthenticationInterface $authentication,
private Redis $redis,
) {
}
@@ -78,9 +81,25 @@ class Assertion
*/
public function consumeResponse(Response $response): \Psr\Http\Message\ResponseInterface
{
$allow_multi_online = config('saml.allow_multi_online');
$redis_prefix = config('common.redis.prefix');
$oldUser = $this->authentication->getCurrentUser(returnNull: true);
$user = $this->base->getAllAttributes($response);
$this->tokenService->generate($user);
$user = array_replace($user->toArray(), $oldUser?->toArray() ?? []);
$user = new User($user);
// 更新
$token = $this->authentication->generate($user);
// 记录映射
$key = "{$redis_prefix}user:token_map:$user->uid";
if ($allow_multi_online) {
$this->redis->hSet($key, $user->originToken, $token);
} else {
$this->redis->set($key, $token);
}
return $user->toResponse();
}

24
src/Services/Sp/Slo.php
View File

@@ -11,6 +11,7 @@ namespace Singularity\HyperfSaml\Services\Sp;
use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\HttpServer\Contract\ResponseInterface;
use Hyperf\Redis\Redis;
use Psr\Http\Message\ResponseInterface as PsrResponseInterface;
use Singularity\HDK\Account\Services\Auth\AuthenticationInterface;
use Singularity\HyperfSaml\Services\Base;
@@ -30,7 +31,8 @@ class Slo
private Base $base,
private RequestInterface $request,
private ResponseInterface $response,
private AuthenticationInterface $authentication
private AuthenticationInterface $authentication,
private Redis $redis
) {
}
@@ -67,7 +69,25 @@ class Slo
*/
public function callback(): PsrResponseInterface
{
$this->authentication->invalid();
$allow_multi_online = config('saml.allow_multi_online');
$redis_prefix = config('common.redis.prefix');
$uid = $this->request->query('uid');
$originToken = $this->request->query('token');
if (empty($originToken)) {
$this->authentication->invalidByUser($uid);
} else {
$key = "{$redis_prefix}user:token_map:$uid";
if ($allow_multi_online) {
$token = $this->redis->hGet($key, $originToken);
$this->redis->hDel($key, $originToken);
} else {
$token = $this->redis->get($key);
$this->redis->del($key);
}
$this->authentication->invalidByToken($token);
}
return $this->response->raw('')->withStatus(RFC7231::NO_CONTENT);
}
}