diff options
| author | Dave Arter <davea@mysociety.org> | 2019-08-06 21:49:34 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-08-16 16:16:53 +0100 |
| commit | 66a5779a9856bd0cd25a77666f99bc86dd4a8041 (patch) | |
| tree | 2b99bf81af9735967013219a523b2fd44c20c1f3 /perllib/FixMyStreet/App/Controller/Auth/Social.pm | |
| parent | bc05c15122a8032866fdb53d285d99b3e48b3e28 (diff) | |
Allow OIDC auth to provide its own ‘change password’ URI
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Auth/Social.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Social.pm | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm index aa3177163..06e67573f 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm @@ -207,6 +207,19 @@ sub oidc_sign_in : Private { $oauth{logout_redirect_uri} = $redirect_uri; } + # The OIDC endpoint may provide a specific URI for changing the user's password. + if ( my $password_change_uri = $c->cobrand->feature('oidc_login')->{password_change_uri} ) { + $oauth{change_password_uri} = $oidc->uri_to_redirect( + uri => $password_change_uri, + redirect_uri => $c->uri_for('/auth/OIDC'), + scope => 'openid', + state => 'password_change', + extra => { + response_mode => 'form_post', + }, + ); + } + $c->session->{oauth} = \%oauth; $c->res->redirect($url); } @@ -231,6 +244,10 @@ sub oidc_callback: Path('/auth/OIDC') : Args(0) { ); $c->res->redirect($url); $c->detach; + } elsif ($c->user_exists && $c->get_param('state') && $c->get_param('state') eq 'password_change') { + $c->flash->{flash_message} = _('Password change cancelled.'); + $c->res->redirect('/my'); + $c->detach; } else { $c->detach('oauth_failure'); } @@ -250,6 +267,11 @@ sub oidc_callback: Path('/auth/OIDC') : Args(0) { $c->detach('oidc_sign_in', []); } + # User may be coming back here after changing their password on the OIDC endpoint + if ($c->user_exists && $c->get_param('state') && $c->get_param('state') eq 'password_change') { + $c->detach('/auth/profile/change_password_success', []); + } + # The only other valid state param is 'login' at this point. $c->detach('/page_error_400_bad_request', []) unless $c->get_param('state') eq 'login'; |