fix admin login
This commit is contained in:
parent
7f5e0fadf7
commit
a2e3ad20e7
@ -49,10 +49,18 @@ public function launchSSO($id)
|
|||||||
session(['sso_target_url' => $app->url]);
|
session(['sso_target_url' => $app->url]);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Redirect to Microsoft OAuth authorize page with login_hint and custom callback
|
// Determine domain hint based on user's email domain to skip account type prompt
|
||||||
|
$domainHint = (str_ends_with($user->email, '.onmicrosoft.com') || (str_contains($user->email, '@') && !str_ends_with($user->email, 'outlook.com') && !str_ends_with($user->email, 'hotmail.com') && !str_ends_with($user->email, 'live.com')))
|
||||||
|
? 'organizations'
|
||||||
|
: 'consumers';
|
||||||
|
|
||||||
|
// Redirect to Microsoft OAuth authorize page with login_hint, domain_hint and custom callback
|
||||||
return Socialite::driver('microsoft')
|
return Socialite::driver('microsoft')
|
||||||
->redirectUrl(route('sso.callback'))
|
->redirectUrl(route('sso.callback'))
|
||||||
->with(['login_hint' => $user->email])
|
->with([
|
||||||
|
'login_hint' => $user->email,
|
||||||
|
'domain_hint' => $domainHint
|
||||||
|
])
|
||||||
->redirect();
|
->redirect();
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
\Illuminate\Support\Facades\Log::error('Microsoft SSO launch failed', [
|
\Illuminate\Support\Facades\Log::error('Microsoft SSO launch failed', [
|
||||||
|
|||||||
BIN
public/Screenshot_2.png
Normal file
BIN
public/Screenshot_2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 473 KiB |
@ -363,19 +363,6 @@
|
|||||||
Login as Administrator
|
Login as Administrator
|
||||||
</button>
|
</button>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<div class="divider">or</div>
|
|
||||||
|
|
||||||
<!-- Microsoft Login Alternative for Admin -->
|
|
||||||
<a href="{{ route('auth.microsoft.redirect') }}" class="btn btn-microsoft" style="text-decoration: none;">
|
|
||||||
<div class="microsoft-icon-grid">
|
|
||||||
<div class="micro-rect r1"></div>
|
|
||||||
<div class="micro-rect r2"></div>
|
|
||||||
<div class="micro-rect r3"></div>
|
|
||||||
<div class="micro-rect r4"></div>
|
|
||||||
</div>
|
|
||||||
Sign in with Microsoft
|
|
||||||
</a>
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -158,4 +158,34 @@ public function test_additional_service_is_displayed_to_the_user(): void
|
|||||||
$response->assertSee('Outlook');
|
$response->assertSee('Outlook');
|
||||||
$response->assertSee('Keka HR');
|
$response->assertSee('Keka HR');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test admin user cannot authenticate via Microsoft OAuth callback.
|
||||||
|
*/
|
||||||
|
public function test_admin_cannot_authenticate_via_microsoft_oauth_callback(): void
|
||||||
|
{
|
||||||
|
$admin = User::create([
|
||||||
|
'name' => 'Admin User',
|
||||||
|
'email' => 'admin@company.com',
|
||||||
|
'role' => 'admin',
|
||||||
|
'microsoft_id' => 'admin-microsoft-id-999'
|
||||||
|
]);
|
||||||
|
|
||||||
|
$mockSocialite = \Mockery::mock('Laravel\Socialite\Contracts\Provider');
|
||||||
|
$mockUser = \Mockery::mock('Laravel\Socialite\Two\User');
|
||||||
|
|
||||||
|
$mockUser->shouldReceive('getId')->andReturn('admin-microsoft-id-999');
|
||||||
|
$mockUser->shouldReceive('getEmail')->andReturn('admin@company.com');
|
||||||
|
$mockUser->shouldReceive('getName')->andReturn('Admin User');
|
||||||
|
$mockUser->shouldReceive('getAvatar')->andReturn(null);
|
||||||
|
|
||||||
|
$mockSocialite->shouldReceive('user')->andReturn($mockUser);
|
||||||
|
\Laravel\Socialite\Facades\Socialite::shouldReceive('driver')->with('microsoft')->andReturn($mockSocialite);
|
||||||
|
|
||||||
|
$response = $this->get('/auth/microsoft/callback');
|
||||||
|
|
||||||
|
$response->assertRedirect(route('admin.login'));
|
||||||
|
$response->assertSessionHas('error', 'Security protocol: Administrators are restricted to email and password authentication only.');
|
||||||
|
$this->assertFalse(auth()->check());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user