update #4

Merged
subhajit.pal merged 1 commits from subhajit_changes_06_07 into main 2026-07-08 09:25:37 +00:00
3 changed files with 10 additions and 53 deletions

View File

@ -112,6 +112,13 @@ public function handleSSOCallback(Request $request)
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.'); return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
} }
// If this request was triggered by VerifyMicrosoftSession middleware, redirect back to origin
if (session()->has('sso_check_origin')) {
$origin = session('sso_check_origin');
session()->forget('sso_check_origin');
return redirect($origin);
}
$targetUrl = session('sso_target_url', 'https://outlook.office.com/mail/'); $targetUrl = session('sso_target_url', 'https://outlook.office.com/mail/');
session()->forget('sso_target_url'); session()->forget('sso_target_url');
@ -127,53 +134,6 @@ public function handleSSOCallback(Request $request)
return redirect($targetUrl); return redirect($targetUrl);
} }
/**
* Handle silent session verification callback from Microsoft.
*/
public function handleSessionCheckCallback(Request $request)
{
// If Microsoft returns an error (user logged out or session expired)
if ($request->has('error')) {
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login')->with('error', 'You have been signed out because you signed out of your Microsoft account.');
}
try {
$microsoftUser = Socialite::driver('microsoft')
->redirectUrl(route('sso.callback-check'))
->user();
$user = Auth::user();
if ($microsoftUser && $user) {
// Update active tokens in DB
$user->update([
'microsoft_token' => $microsoftUser->token,
'microsoft_refresh_token' => $microsoftUser->refreshToken ?? $user->microsoft_refresh_token,
]);
// Update verification timestamp
session(['ms_session_last_checked' => now()]);
}
} catch (\Exception $e) {
\Illuminate\Support\Facades\Log::error('Microsoft session check callback failed', [
'message' => $e->getMessage()
]);
// Treat token exchange failure as an expired session
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login')->with('error', 'Your Microsoft session has expired. Please log in again.');
}
// Redirect back to the page they were trying to access
$origin = session('sso_check_origin', route('dashboard'));
session()->forget('sso_check_origin');
return redirect($origin);
}
/** /**
* Render the desktop application launcher page with web fallback. * Render the desktop application launcher page with web fallback.
*/ */

View File

@ -21,8 +21,8 @@ public function handle(Request $request, Closure $next): Response
if ($user && $user->microsoft_id) { if ($user && $user->microsoft_id) {
$lastChecked = session('ms_session_last_checked'); $lastChecked = session('ms_session_last_checked');
// Check every 30 seconds upon page access/refresh // Check every 5 seconds upon page access/refresh
if (!$lastChecked || now()->diffInSeconds($lastChecked) > 30) { if (!$lastChecked || now()->diffInSeconds($lastChecked) > 5) {
// Set timestamp immediately to prevent redirect loop // Set timestamp immediately to prevent redirect loop
session(['ms_session_last_checked' => now()]); session(['ms_session_last_checked' => now()]);
@ -37,7 +37,7 @@ public function handle(Request $request, Closure $next): Response
try { try {
// Redirect to Microsoft with prompt=none to check session status // Redirect to Microsoft with prompt=none to check session status
return Socialite::driver('microsoft') return Socialite::driver('microsoft')
->redirectUrl(route('sso.callback-check')) ->redirectUrl(route('sso.callback'))
->with([ ->with([
'login_hint' => $user->email, 'login_hint' => $user->email,
'domain_hint' => $domainHint, 'domain_hint' => $domainHint,

View File

@ -29,9 +29,6 @@
Route::get('/sso/launch-app', [DashboardController::class, 'launchApp'])->name('sso.launch-app'); Route::get('/sso/launch-app', [DashboardController::class, 'launchApp'])->name('sso.launch-app');
}); });
Route::middleware('auth')->group(function () {
Route::get('/sso/check-session-callback', [DashboardController::class, 'handleSessionCheckCallback'])->name('sso.callback-check');
});
// Admin Control Panel (requires admin role) // Admin Control Panel (requires admin role)
Route::middleware(['auth', 'role:admin'])->group(function () { Route::middleware(['auth', 'role:admin'])->group(function () {