118 lines
2.8 KiB
PHP
118 lines
2.8 KiB
PHP
<?php
|
|
/**
|
|
* Authentication API Endpoint
|
|
* Handles login, logout, and status requests
|
|
*/
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
require_once __DIR__ . '/AuthMiddleware.php';
|
|
|
|
$auth = new AuthMiddleware();
|
|
|
|
// Get POST data
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$input || !isset($input['action'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Invalid request - action required']);
|
|
exit;
|
|
}
|
|
|
|
$action = $input['action'];
|
|
|
|
// Handle different actions
|
|
switch ($action) {
|
|
case 'login':
|
|
handleLogin($auth, $input);
|
|
break;
|
|
|
|
case 'logout':
|
|
handleLogout($auth);
|
|
break;
|
|
|
|
case 'status':
|
|
handleStatus($auth);
|
|
break;
|
|
|
|
default:
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Unknown action: ' . $action]);
|
|
break;
|
|
}
|
|
|
|
/**
|
|
* Handle login action
|
|
*/
|
|
function handleLogin($auth, $input) {
|
|
if (!$auth->isSSOEnabled()) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'SSO is disabled']);
|
|
return;
|
|
}
|
|
|
|
// Prefer ID token for validation, fallback to access token
|
|
$token = $input['idToken'] ?? $input['accessToken'] ?? null;
|
|
|
|
if (!$token) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Authentication token is required']);
|
|
return;
|
|
}
|
|
|
|
// Validate and set token
|
|
$result = $auth->setAuthToken($token);
|
|
|
|
if ($result['success']) {
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => 'Authentication successful',
|
|
'user' => [
|
|
'name' => $result['user']['name'] ?? 'Unknown',
|
|
'email' => $result['user']['preferred_username'] ?? $result['user']['upn'] ?? 'Unknown'
|
|
]
|
|
]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'error' => $result['error']
|
|
]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Handle logout action
|
|
*/
|
|
function handleLogout($auth) {
|
|
$auth->clearAuthToken();
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => 'Logged out successfully'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Handle status check action
|
|
*/
|
|
function handleStatus($auth) {
|
|
$authStatus = $auth->isAuthenticated();
|
|
|
|
if ($authStatus['authenticated']) {
|
|
echo json_encode([
|
|
'authenticated' => true,
|
|
'sso_enabled' => $auth->isSSOEnabled(),
|
|
'user' => [
|
|
'name' => $authStatus['user']['name'] ?? 'Unknown',
|
|
'email' => $authStatus['user']['preferred_username'] ?? $authStatus['user']['upn'] ?? 'Unknown'
|
|
]
|
|
]);
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode([
|
|
'authenticated' => false,
|
|
'sso_enabled' => $auth->isSSOEnabled(),
|
|
'error' => $authStatus['error'] ?? 'Not authenticated'
|
|
]);
|
|
}
|
|
}
|