update #4
@ -112,6 +112,13 @@ public function handleSSOCallback(Request $request)
|
|||||||
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
|
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If this request was triggered by VerifyMicrosoftSession middleware, redirect back to origin
|
||||||
|
if (session()->has('sso_check_origin')) {
|
||||||
|
$origin = session('sso_check_origin');
|
||||||
|
session()->forget('sso_check_origin');
|
||||||
|
return redirect($origin);
|
||||||
|
}
|
||||||
|
|
||||||
$targetUrl = session('sso_target_url', 'https://outlook.office.com/mail/');
|
$targetUrl = session('sso_target_url', 'https://outlook.office.com/mail/');
|
||||||
session()->forget('sso_target_url');
|
session()->forget('sso_target_url');
|
||||||
|
|
||||||
@ -127,53 +134,6 @@ public function handleSSOCallback(Request $request)
|
|||||||
return redirect($targetUrl);
|
return redirect($targetUrl);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Handle silent session verification callback from Microsoft.
|
|
||||||
*/
|
|
||||||
public function handleSessionCheckCallback(Request $request)
|
|
||||||
{
|
|
||||||
// If Microsoft returns an error (user logged out or session expired)
|
|
||||||
if ($request->has('error')) {
|
|
||||||
Auth::logout();
|
|
||||||
$request->session()->invalidate();
|
|
||||||
$request->session()->regenerateToken();
|
|
||||||
return redirect()->route('login')->with('error', 'You have been signed out because you signed out of your Microsoft account.');
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
$microsoftUser = Socialite::driver('microsoft')
|
|
||||||
->redirectUrl(route('sso.callback-check'))
|
|
||||||
->user();
|
|
||||||
|
|
||||||
$user = Auth::user();
|
|
||||||
if ($microsoftUser && $user) {
|
|
||||||
// Update active tokens in DB
|
|
||||||
$user->update([
|
|
||||||
'microsoft_token' => $microsoftUser->token,
|
|
||||||
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? $user->microsoft_refresh_token,
|
|
||||||
]);
|
|
||||||
|
|
||||||
// Update verification timestamp
|
|
||||||
session(['ms_session_last_checked' => now()]);
|
|
||||||
}
|
|
||||||
} catch (\Exception $e) {
|
|
||||||
\Illuminate\Support\Facades\Log::error('Microsoft session check callback failed', [
|
|
||||||
'message' => $e->getMessage()
|
|
||||||
]);
|
|
||||||
|
|
||||||
// Treat token exchange failure as an expired session
|
|
||||||
Auth::logout();
|
|
||||||
$request->session()->invalidate();
|
|
||||||
$request->session()->regenerateToken();
|
|
||||||
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
|
|
||||||
}
|
|
||||||
|
|
||||||
// Redirect back to the page they were trying to access
|
|
||||||
$origin = session('sso_check_origin', route('dashboard'));
|
|
||||||
session()->forget('sso_check_origin');
|
|
||||||
return redirect($origin);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Render the desktop application launcher page with web fallback.
|
* Render the desktop application launcher page with web fallback.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -21,8 +21,8 @@ public function handle(Request $request, Closure $next): Response
|
|||||||
if ($user && $user->microsoft_id) {
|
if ($user && $user->microsoft_id) {
|
||||||
$lastChecked = session('ms_session_last_checked');
|
$lastChecked = session('ms_session_last_checked');
|
||||||
|
|
||||||
// Check every 30 seconds upon page access/refresh
|
// Check every 5 seconds upon page access/refresh
|
||||||
if (!$lastChecked || now()->diffInSeconds($lastChecked) > 30) {
|
if (!$lastChecked || now()->diffInSeconds($lastChecked) > 5) {
|
||||||
// Set timestamp immediately to prevent redirect loop
|
// Set timestamp immediately to prevent redirect loop
|
||||||
session(['ms_session_last_checked' => now()]);
|
session(['ms_session_last_checked' => now()]);
|
||||||
|
|
||||||
@ -37,7 +37,7 @@ public function handle(Request $request, Closure $next): Response
|
|||||||
try {
|
try {
|
||||||
// Redirect to Microsoft with prompt=none to check session status
|
// Redirect to Microsoft with prompt=none to check session status
|
||||||
return Socialite::driver('microsoft')
|
return Socialite::driver('microsoft')
|
||||||
->redirectUrl(route('sso.callback-check'))
|
->redirectUrl(route('sso.callback'))
|
||||||
->with([
|
->with([
|
||||||
'login_hint' => $user->email,
|
'login_hint' => $user->email,
|
||||||
'domain_hint' => $domainHint,
|
'domain_hint' => $domainHint,
|
||||||
|
|||||||
@ -29,9 +29,6 @@
|
|||||||
Route::get('/sso/launch-app', [DashboardController::class, 'launchApp'])->name('sso.launch-app');
|
Route::get('/sso/launch-app', [DashboardController::class, 'launchApp'])->name('sso.launch-app');
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::middleware('auth')->group(function () {
|
|
||||||
Route::get('/sso/check-session-callback', [DashboardController::class, 'handleSessionCheckCallback'])->name('sso.callback-check');
|
|
||||||
});
|
|
||||||
|
|
||||||
// Admin Control Panel (requires admin role)
|
// Admin Control Panel (requires admin role)
|
||||||
Route::middleware(['auth', 'role:admin'])->group(function () {
|
Route::middleware(['auth', 'role:admin'])->group(function () {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user