- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks - Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists - Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services - Add Microsoft OIDC SSO, API token management, and user lifecycle features - Add swagger-ui vendor integration and OpenAPI spec - Add production Docker setup and bin/ scripts - Update composer dependencies, config, templates, and frontend assets throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
58 lines
2.0 KiB
PHP
58 lines
2.0 KiB
PHP
<?php
|
|
|
|
use MintyPHP\Router;
|
|
use MintyPHP\Support\Flash;
|
|
use MintyPHP\Service\Auth\AuthService;
|
|
use MintyPHP\Service\Auth\MicrosoftOidcService;
|
|
use MintyPHP\Service\Auth\SsoUserLinkService;
|
|
use MintyPHP\Service\Auth\TenantSsoService;
|
|
|
|
$state = trim((string) ($_GET['state'] ?? ''));
|
|
$code = trim((string) ($_GET['code'] ?? ''));
|
|
$error = trim((string) ($_GET['error'] ?? ''));
|
|
|
|
if ($error !== '') {
|
|
Flash::error(t('Microsoft login was cancelled or failed'), 'login', 'microsoft_login_error');
|
|
Router::redirect('login');
|
|
return;
|
|
}
|
|
|
|
$callbackResult = MicrosoftOidcService::handleCallback($state, $code);
|
|
if (!($callbackResult['ok'] ?? false)) {
|
|
Flash::error(t('Microsoft login failed'), 'login', 'microsoft_login_failed');
|
|
Router::redirect('login');
|
|
return;
|
|
}
|
|
|
|
$tenant = $callbackResult['tenant'] ?? null;
|
|
if (!is_array($tenant)) {
|
|
Flash::error(t('Microsoft login failed'), 'login', 'microsoft_login_failed');
|
|
Router::redirect('login');
|
|
return;
|
|
}
|
|
|
|
$linkResult = SsoUserLinkService::linkOrProvisionMicrosoftUser(
|
|
$tenant,
|
|
is_array($callbackResult['claims'] ?? null) ? $callbackResult['claims'] : []
|
|
);
|
|
if (!($linkResult['ok'] ?? false)) {
|
|
$tenantSlug = TenantSsoService::tenantLoginSlug($tenant);
|
|
$loginTarget = $tenantSlug !== '' ? ('login?tenant=' . rawurlencode($tenantSlug)) : 'login';
|
|
Flash::error(t('Microsoft login is not allowed for this account'), $loginTarget, 'microsoft_login_not_allowed');
|
|
Router::redirect($loginTarget);
|
|
return;
|
|
}
|
|
|
|
$userId = (int) ($linkResult['user_id'] ?? 0);
|
|
$tenantId = (int) ($tenant['id'] ?? 0);
|
|
$loginResult = AuthService::loginUserById($userId, $tenantId, 'microsoft');
|
|
if (!($loginResult['ok'] ?? false)) {
|
|
$tenantSlug = TenantSsoService::tenantLoginSlug($tenant);
|
|
$loginTarget = $tenantSlug !== '' ? ('login?tenant=' . rawurlencode($tenantSlug)) : 'login';
|
|
Flash::error(t('Microsoft login failed'), $loginTarget, 'microsoft_login_failed');
|
|
Router::redirect($loginTarget);
|
|
return;
|
|
}
|
|
|
|
Router::redirect('admin');
|