Merge pull request #34 from dnadesign/master

Provide login hook, phpcs linting
silverstripe · Aug 8, 2023 · 6b51fb5 · 6b51fb5
2 parents b7dc3c2 + d6d1f88
commit 6b51fb5
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/src/Control/SAMLController.php b/src/Control/SAMLController.php
@@ -3,7 +3,9 @@
 namespace SilverStripe\SAML\Control;
 
 use Exception;
+
 use function gmmktime;
+
 use OneLogin\Saml2\Auth;
 use OneLogin\Saml2\Constants;
 use OneLogin\Saml2\Utils;
@@ -23,6 +25,7 @@
 use SilverStripe\Security\IdentityStore;
 use SilverStripe\Security\Member;
 use SilverStripe\Security\Security;
+
 use function uniqid;
 
 /**
@@ -167,7 +170,8 @@ public function acs()
         // Write a rudimentary member with basic fields on every login, so that we at least have something
         // if there is no further sync (e.g. via LDAP)
         $member = Member::get()->filter('GUID', $guid)->limit(1)->first();
-        if (!($member && $member->exists())
+        if (
+            !($member && $member->exists())
             && Config::inst()->get(SAMLConfiguration::class, 'allow_insecure_email_linking')
             && isset($fieldToClaimMap['Email'])
         ) {
@@ -209,6 +213,9 @@ public function acs()
         // Both SAML and LDAP identify Members by the same GUID field.
         $member->write();
 
+        // Hook for modifying login behaviour
+        $this->extend('updateLogin');
+
         /** @var IdentityStore $identityStore */
         $identityStore = Injector::inst()->get(IdentityStore::class);
         $identityStore->logIn($member, false, $this->getRequest());
@@ -250,14 +257,18 @@ public function metadata()
     protected function getRedirect()
     {
         // Absolute redirection URLs may cause spoofing
-        if ($this->getRequest()->getSession()->get('BackURL')
-            && Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))) {
+        if (
+            $this->getRequest()->getSession()->get('BackURL')
+            && Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))
+        ) {
             return $this->redirect($this->getRequest()->getSession()->get('BackURL'));
         }
 
         // Spoofing attack, redirect to homepage instead of spoofing url
-        if ($this->getRequest()->getSession()->get('BackURL')
-            && !Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))) {
+        if (
+            $this->getRequest()->getSession()->get('BackURL')
+            && !Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))
+        ) {
             return $this->redirect(Director::absoluteBaseURL());
         }