update
This commit is contained in:
parent
4f12285e7a
commit
8635ccd135
@ -112,6 +112,13 @@ public function handleSSOCallback(Request $request)
|
||||
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
|
||||
}
|
||||
|
||||
// If this request was triggered by VerifyMicrosoftSession middleware, redirect back to origin
|
||||
if (session()->has('sso_check_origin')) {
|
||||
$origin = session('sso_check_origin');
|
||||
session()->forget('sso_check_origin');
|
||||
return redirect($origin);
|
||||
}
|
||||
|
||||
$targetUrl = session('sso_target_url', 'https://outlook.office.com/mail/');
|
||||
session()->forget('sso_target_url');
|
||||
|
||||
@ -127,53 +134,6 @@ public function handleSSOCallback(Request $request)
|
||||
return redirect($targetUrl);
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle silent session verification callback from Microsoft.
|
||||
*/
|
||||
public function handleSessionCheckCallback(Request $request)
|
||||
{
|
||||
// If Microsoft returns an error (user logged out or session expired)
|
||||
if ($request->has('error')) {
|
||||
Auth::logout();
|
||||
$request->session()->invalidate();
|
||||
$request->session()->regenerateToken();
|
||||
return redirect()->route('login')->with('error', 'You have been signed out because you signed out of your Microsoft account.');
|
||||
}
|
||||
|
||||
try {
|
||||
$microsoftUser = Socialite::driver('microsoft')
|
||||
->redirectUrl(route('sso.callback-check'))
|
||||
->user();
|
||||
|
||||
$user = Auth::user();
|
||||
if ($microsoftUser && $user) {
|
||||
// Update active tokens in DB
|
||||
$user->update([
|
||||
'microsoft_token' => $microsoftUser->token,
|
||||
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? $user->microsoft_refresh_token,
|
||||
]);
|
||||
|
||||
// Update verification timestamp
|
||||
session(['ms_session_last_checked' => now()]);
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
\Illuminate\Support\Facades\Log::error('Microsoft session check callback failed', [
|
||||
'message' => $e->getMessage()
|
||||
]);
|
||||
|
||||
// Treat token exchange failure as an expired session
|
||||
Auth::logout();
|
||||
$request->session()->invalidate();
|
||||
$request->session()->regenerateToken();
|
||||
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
|
||||
}
|
||||
|
||||
// Redirect back to the page they were trying to access
|
||||
$origin = session('sso_check_origin', route('dashboard'));
|
||||
session()->forget('sso_check_origin');
|
||||
return redirect($origin);
|
||||
}
|
||||
|
||||
/**
|
||||
* Render the desktop application launcher page with web fallback.
|
||||
*/
|
||||
|
||||
@ -21,8 +21,8 @@ public function handle(Request $request, Closure $next): Response
|
||||
if ($user && $user->microsoft_id) {
|
||||
$lastChecked = session('ms_session_last_checked');
|
||||
|
||||
// Check every 30 seconds upon page access/refresh
|
||||
if (!$lastChecked || now()->diffInSeconds($lastChecked) > 30) {
|
||||
// Check every 5 seconds upon page access/refresh
|
||||
if (!$lastChecked || now()->diffInSeconds($lastChecked) > 5) {
|
||||
// Set timestamp immediately to prevent redirect loop
|
||||
session(['ms_session_last_checked' => now()]);
|
||||
|
||||
@ -37,7 +37,7 @@ public function handle(Request $request, Closure $next): Response
|
||||
try {
|
||||
// Redirect to Microsoft with prompt=none to check session status
|
||||
return Socialite::driver('microsoft')
|
||||
->redirectUrl(route('sso.callback-check'))
|
||||
->redirectUrl(route('sso.callback'))
|
||||
->with([
|
||||
'login_hint' => $user->email,
|
||||
'domain_hint' => $domainHint,
|
||||
|
||||
@ -29,9 +29,6 @@
|
||||
Route::get('/sso/launch-app', [DashboardController::class, 'launchApp'])->name('sso.launch-app');
|
||||
});
|
||||
|
||||
Route::middleware('auth')->group(function () {
|
||||
Route::get('/sso/check-session-callback', [DashboardController::class, 'handleSessionCheckCallback'])->name('sso.callback-check');
|
||||
});
|
||||
|
||||
// Admin Control Panel (requires admin role)
|
||||
Route::middleware(['auth', 'role:admin'])->group(function () {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user