- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks - Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists - Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services - Add Microsoft OIDC SSO, API token management, and user lifecycle features - Add swagger-ui vendor integration and OpenAPI spec - Add production Docker setup and bin/ scripts - Update composer dependencies, config, templates, and frontend assets throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.5 KiB
PHP
46 lines
1.5 KiB
PHP
<?php
|
|
|
|
use MintyPHP\Router;
|
|
use MintyPHP\Support\Flash;
|
|
use MintyPHP\Service\Auth\MicrosoftOidcService;
|
|
use MintyPHP\Service\Auth\TenantSsoService;
|
|
|
|
$tenantSlug = trim((string) ($_GET['tenant'] ?? ''));
|
|
if ($tenantSlug === '') {
|
|
Flash::error(t('Tenant login link is invalid'), 'login', 'tenant_login_invalid');
|
|
Router::redirect('login');
|
|
return;
|
|
}
|
|
|
|
$tenant = TenantSsoService::findTenantByLoginSlug($tenantSlug);
|
|
if (!$tenant) {
|
|
Flash::error(t('Tenant login link is invalid'), 'login', 'tenant_login_invalid');
|
|
Router::redirect('login');
|
|
return;
|
|
}
|
|
$tenantSlug = TenantSsoService::tenantLoginSlug($tenant);
|
|
$loginTarget = $tenantSlug !== '' ? ('login?tenant=' . rawurlencode($tenantSlug)) : 'login';
|
|
|
|
$configResult = TenantSsoService::getEffectiveMicrosoftProviderConfig($tenant);
|
|
if (!($configResult['ok'] ?? false)) {
|
|
Flash::error(t('Microsoft login is not available for this tenant'), $loginTarget, 'microsoft_login_not_available');
|
|
Router::redirect($loginTarget);
|
|
return;
|
|
}
|
|
|
|
$authResult = MicrosoftOidcService::startAuthorization($tenant, $configResult['config'] ?? []);
|
|
if (!($authResult['ok'] ?? false)) {
|
|
Flash::error(t('Microsoft login could not be started'), $loginTarget, 'microsoft_login_start_failed');
|
|
Router::redirect($loginTarget);
|
|
return;
|
|
}
|
|
|
|
$url = trim((string) ($authResult['url'] ?? ''));
|
|
if ($url === '') {
|
|
Flash::error(t('Microsoft login could not be started'), $loginTarget, 'microsoft_login_start_failed');
|
|
Router::redirect($loginTarget);
|
|
return;
|
|
}
|
|
|
|
Router::redirect($url);
|