fix admin login
This commit is contained in:
parent
7f5e0fadf7
commit
a2e3ad20e7
@ -49,10 +49,18 @@ public function launchSSO($id)
|
||||
session(['sso_target_url' => $app->url]);
|
||||
|
||||
try {
|
||||
// Redirect to Microsoft OAuth authorize page with login_hint and custom callback
|
||||
// Determine domain hint based on user's email domain to skip account type prompt
|
||||
$domainHint = (str_ends_with($user->email, '.onmicrosoft.com') || (str_contains($user->email, '@') && !str_ends_with($user->email, 'outlook.com') && !str_ends_with($user->email, 'hotmail.com') && !str_ends_with($user->email, 'live.com')))
|
||||
? 'organizations'
|
||||
: 'consumers';
|
||||
|
||||
// Redirect to Microsoft OAuth authorize page with login_hint, domain_hint and custom callback
|
||||
return Socialite::driver('microsoft')
|
||||
->redirectUrl(route('sso.callback'))
|
||||
->with(['login_hint' => $user->email])
|
||||
->with([
|
||||
'login_hint' => $user->email,
|
||||
'domain_hint' => $domainHint
|
||||
])
|
||||
->redirect();
|
||||
} catch (\Exception $e) {
|
||||
\Illuminate\Support\Facades\Log::error('Microsoft SSO launch failed', [
|
||||
|
||||
BIN
public/Screenshot_2.png
Normal file
BIN
public/Screenshot_2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 473 KiB |
@ -363,19 +363,6 @@
|
||||
Login as Administrator
|
||||
</button>
|
||||
</form>
|
||||
|
||||
<div class="divider">or</div>
|
||||
|
||||
<!-- Microsoft Login Alternative for Admin -->
|
||||
<a href="{{ route('auth.microsoft.redirect') }}" class="btn btn-microsoft" style="text-decoration: none;">
|
||||
<div class="microsoft-icon-grid">
|
||||
<div class="micro-rect r1"></div>
|
||||
<div class="micro-rect r2"></div>
|
||||
<div class="micro-rect r3"></div>
|
||||
<div class="micro-rect r4"></div>
|
||||
</div>
|
||||
Sign in with Microsoft
|
||||
</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
@ -158,4 +158,34 @@ public function test_additional_service_is_displayed_to_the_user(): void
|
||||
$response->assertSee('Outlook');
|
||||
$response->assertSee('Keka HR');
|
||||
}
|
||||
|
||||
/**
|
||||
* Test admin user cannot authenticate via Microsoft OAuth callback.
|
||||
*/
|
||||
public function test_admin_cannot_authenticate_via_microsoft_oauth_callback(): void
|
||||
{
|
||||
$admin = User::create([
|
||||
'name' => 'Admin User',
|
||||
'email' => 'admin@company.com',
|
||||
'role' => 'admin',
|
||||
'microsoft_id' => 'admin-microsoft-id-999'
|
||||
]);
|
||||
|
||||
$mockSocialite = \Mockery::mock('Laravel\Socialite\Contracts\Provider');
|
||||
$mockUser = \Mockery::mock('Laravel\Socialite\Two\User');
|
||||
|
||||
$mockUser->shouldReceive('getId')->andReturn('admin-microsoft-id-999');
|
||||
$mockUser->shouldReceive('getEmail')->andReturn('admin@company.com');
|
||||
$mockUser->shouldReceive('getName')->andReturn('Admin User');
|
||||
$mockUser->shouldReceive('getAvatar')->andReturn(null);
|
||||
|
||||
$mockSocialite->shouldReceive('user')->andReturn($mockUser);
|
||||
\Laravel\Socialite\Facades\Socialite::shouldReceive('driver')->with('microsoft')->andReturn($mockSocialite);
|
||||
|
||||
$response = $this->get('/auth/microsoft/callback');
|
||||
|
||||
$response->assertRedirect(route('admin.login'));
|
||||
$response->assertSessionHas('error', 'Security protocol: Administrators are restricted to email and password authentication only.');
|
||||
$this->assertFalse(auth()->check());
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user