diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fafef2..3afe6ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## 1.1.1 - 2020-06-05 +### Added +- Added referer matching to the silent login. This covers the situation where the client is logged in to Auth0 from another application than ours - you can pass the domain of that application in as the referrer and it will then auto-redirect to the Auth0 login URL, which in turn will redirect back to our site and log them in: `{% do craft.auth0.silentLogin(someapp.com) %}` + + ## 1.1.0 - 2020-06-05 ### Added - Added a variable and service method that attempts to silently log in to Craft if there is already an active Auth0 session: `{% do craft.auth0.silentLogin() %}` diff --git a/src/services/Auth.php b/src/services/Auth.php index bf70dec..89a8438 100644 --- a/src/services/Auth.php +++ b/src/services/Auth.php @@ -22,6 +22,8 @@ use craft\elements\User; use craft\errors\ElementNotFoundException; use craft\errors\MissingComponentException; +use craft\helpers\Stringy; +use craft\helpers\UrlHelper; use craft\helpers\User as UserHelper; use yii\base\Exception; @@ -215,7 +217,12 @@ public function getUser() /** * Attempts to silently login to Craft if there is already an active Auth0 - * session. + * session and if not checks the referrer to see if we should automatically + * redirect to the Auth0 login. If the latter happens and there is already + * an active session there then Auth0 will simply redirect back to our + * callback and then that will redirect back to the current return URL. + * + * @param null|string $referer The referer to match against. * * @throws ApiException * @throws CoreException @@ -224,9 +231,9 @@ public function getUser() * @throws MissingComponentException * @throws \Throwable */ - public function silentLogin() + public function silentLogin($referer = null) { - // Check if we already have a session, and if the0 callback validates + // Check if we already have a session, and if the callback validates if ($this->getUser() && $this->handleCallback()) { // If we got this far we can redirect properly $userSession = Craft::$app->getUser(); @@ -242,6 +249,12 @@ public function silentLogin() $session->setNotice(Craft::t('app', 'Logged in.')); Craft::$app->getResponse()->redirect($returnUrl); } + + // If we have a referer, then check the actual referer passes the whitelist + // of passed in values and if so, force Auth0 login + if ($referer !== null && Stringy::create(Craft::$app->getRequest()->referrer)->contains($referer, false)) { + $this->_auth0->login(); + } } } diff --git a/src/variables/Auth0Variable.php b/src/variables/Auth0Variable.php index 8cb4c5d..ddefb93 100644 --- a/src/variables/Auth0Variable.php +++ b/src/variables/Auth0Variable.php @@ -31,17 +31,22 @@ class Auth0Variable /** * Attempts to silently login to Craft if there is already an active Auth0 - * session. + * session and if not checks the referrer to see if we should automatically + * redirect to the Auth0 login. If the latter happens and there is already + * an active session there then Auth0 will simply redirect back to our + * callback and then that will redirect back to the current return URL. + * + * @param null|string $referer The referer to match against. * * @throws ApiException * @throws CoreException - * @throws \Throwable * @throws ElementNotFoundException - * @throws MissingComponentException * @throws Exception + * @throws MissingComponentException + * @throws \Throwable */ - public function silentLogin() + public function silentLogin($referer = null) { - return Auth0::$plugin->auth->silentLogin(); + return Auth0::$plugin->auth->silentLogin($referer); } } \ No newline at end of file