fix admin login

This commit is contained in:
subhajit 2026-06-24 17:36:36 +05:30
parent 7f5e0fadf7
commit a2e3ad20e7
4 changed files with 40 additions and 15 deletions

View File

@ -49,10 +49,18 @@ public function launchSSO($id)
session(['sso_target_url' => $app->url]);
try {
// Redirect to Microsoft OAuth authorize page with login_hint and custom callback
// Determine domain hint based on user's email domain to skip account type prompt
$domainHint = (str_ends_with($user->email, '.onmicrosoft.com') || (str_contains($user->email, '@') && !str_ends_with($user->email, 'outlook.com') && !str_ends_with($user->email, 'hotmail.com') && !str_ends_with($user->email, 'live.com')))
? 'organizations'
: 'consumers';
// Redirect to Microsoft OAuth authorize page with login_hint, domain_hint and custom callback
return Socialite::driver('microsoft')
->redirectUrl(route('sso.callback'))
->with(['login_hint' => $user->email])
->with([
'login_hint' => $user->email,
'domain_hint' => $domainHint
])
->redirect();
} catch (\Exception $e) {
\Illuminate\Support\Facades\Log::error('Microsoft SSO launch failed', [

BIN
public/Screenshot_2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 473 KiB

View File

@ -363,19 +363,6 @@
Login as Administrator
</button>
</form>
<div class="divider">or</div>
<!-- Microsoft Login Alternative for Admin -->
<a href="{{ route('auth.microsoft.redirect') }}" class="btn btn-microsoft" style="text-decoration: none;">
<div class="microsoft-icon-grid">
<div class="micro-rect r1"></div>
<div class="micro-rect r2"></div>
<div class="micro-rect r3"></div>
<div class="micro-rect r4"></div>
</div>
Sign in with Microsoft
</a>
</div>
</div>

View File

@ -158,4 +158,34 @@ public function test_additional_service_is_displayed_to_the_user(): void
$response->assertSee('Outlook');
$response->assertSee('Keka HR');
}
/**
* Test admin user cannot authenticate via Microsoft OAuth callback.
*/
public function test_admin_cannot_authenticate_via_microsoft_oauth_callback(): void
{
$admin = User::create([
'name' => 'Admin User',
'email' => 'admin@company.com',
'role' => 'admin',
'microsoft_id' => 'admin-microsoft-id-999'
]);
$mockSocialite = \Mockery::mock('Laravel\Socialite\Contracts\Provider');
$mockUser = \Mockery::mock('Laravel\Socialite\Two\User');
$mockUser->shouldReceive('getId')->andReturn('admin-microsoft-id-999');
$mockUser->shouldReceive('getEmail')->andReturn('admin@company.com');
$mockUser->shouldReceive('getName')->andReturn('Admin User');
$mockUser->shouldReceive('getAvatar')->andReturn(null);
$mockSocialite->shouldReceive('user')->andReturn($mockUser);
\Laravel\Socialite\Facades\Socialite::shouldReceive('driver')->with('microsoft')->andReturn($mockSocialite);
$response = $this->get('/auth/microsoft/callback');
$response->assertRedirect(route('admin.login'));
$response->assertSessionHas('error', 'Security protocol: Administrators are restricted to email and password authentication only.');
$this->assertFalse(auth()->check());
}
}