laravel-saml2 icon indicating copy to clipboard operation
laravel-saml2 copied to clipboard

Published 20 hours ago verified publisher icon 24Slides

Session loss when refreshing the page.

Open maarccnj93 opened this issue 1 year ago • 0 comments

I have this code lo listen SignedIn. This part seems to work fine, I retrieve the User from SSO and save it as User in my database and log in. The problem is when I reload the page, I realize that the session has been lost. What could be the error?

Event::listen(\Slides\Saml2\Events\SignedIn::class, function (\Slides\Saml2\Events\SignedIn $event) {
            $messageId = $event->getAuth()->getLastMessageId();

            // your own code preventing reuse of a $messageId to stop replay attacks
            $samlUser = $event->getSaml2User();

            $userData = [
                'id' => $samlUser->getUserId(),
                'attributes' => $samlUser->getAttributes(),
                'assertion' => $samlUser->getRawSamlAssertion()
            ];

            if (isset($userData['attributes']['urn:oid:1.2.840.113549.1.9.1']['0'])){
                $email = $userData['attributes']['urn:oid:1.2.840.113549.1.9.1']['0'];
                $name = $userData['attributes']['urn:oid:2.5.4.42']['0'];
                $surnames = $userData['attributes']['urn:oid:2.5.4.4']['0'];
                $userName = $userData['attributes']['urn:oid:0.9.2342.19200300.100.1.1']['0'];
            }


            $user = User::where('email', $email)->first();

            if (!$user) {
                $user = User::create([
                    'name' => $name ." ".$surnames,
                    'email' => $email,
                    // Si no tienes una contraseña, puedes generar una aleatoria
                    'password' => Hash::make(Str::random(24)),
                    'username' => $userName
                ]);
            }else{
                $user->update([
                    'name' => $attributes['name'] ?? $name ." ".$surnames,
                ]);
            }

            $roles = app(LdapDataService::class);
            $roles = $roles->getUserGroupApli($user->username);

            foreach ($roles as $role) {
                $role = Role::findByName($role, 'web')->first();

                if(!$role){
                    Role::create(['guard_name' => 'web', 'name' => $role]);
                }

                $user->assignRole($role);
            }

            Auth::guard('web')->login($user);
           
        });

And I also have a "CheckIfAdmin" midelware which is where I detect that the login is lost when refreshing the page

 private function checkIfUserIsAdmin($user)
    {
        // return ($user->is_admin == 1);
        return true;
    }

    private function respondToUnauthorizedRequest($request)
    {
        if ($request->ajax() || $request->wantsJson()) {
            return response(trans('backpack::base.unauthorized'), 401);
        } else {
            return redirect()->guest(backpack_url('login'));
        }
    }

   
    public function handle($request, Closure $next)
    {

        if (!auth()->check()) {
            //When I do refresh this returns null
        }else{
           // The first load on page auth is OK!
        }

        if (backpack_auth()->guest()) {
            return $this->respondToUnauthorizedRequest($request);
        }

        if (! $this->checkIfUserIsAdmin(backpack_user())) {
            return $this->respondToUnauthorizedRequest($request);
        }

        return $next($request);
    }

maarccnj93 avatar Sep 19 '24 12:09 maarccnj93