feat: Migrate from login to sso

This required adding jumbojett/openid-connect-php as a dependency, as
well as fixing the nginx configuration in the Docker Compose dev
environment.

Author: laxsjo

app/Http/Controllers/AuthController.php

@@ -7,18 +7,31 @@
 use GuzzleHttp\Client;
 
 use App\User;
-use Auth;
-use Session;
+use Exception;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Session;
+use Jumbojett\OpenIDConnectClient;
 
 /**
-* Authentication controller. Handles login via login2.datasektionen.se.
+* Authentication controller. Handles login via sso.datasektionen.se.
 *
-* @author Jonas Dahl <[email protected]>
-* @version 2016-11-23
+* @author Jonas Dahl <[email protected]>, Rasmus Söderhielm <[email protected]>
+* @version 2025-11-10
 */
 class AuthController {
 	use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
 
+    private OpenIDConnectClient $oidc;
+
+	function __construct() {
+        $this->oidc = new OpenIDConnectClient(
+            env('OIDC_PROVIDER'),
+            env('OIDC_ID'),
+            env('OIDC_SECRET')
+        );
+        $this->oidc->setRedirectURL(env('REDIRECT_URL'));
+    }
+
 	/**
 	* The logout url. Redirects to main page with success message.
 	* 
@@ -32,41 +45,30 @@ public function getLogout() {
 	}
 
 	/**
-	* The login page. Just redirects to login2.
+	* The login page. Just redirects to sso.
 	* 
-	* @return redirect to login2.datasektionen.se
+	* @return redirect to sso.datasektionen.se
 	*/
 	public function getLogin(Request $request) {
-		return redirect(env('LOGIN_FRONTEND_URL') . '/login?callback=' . url('/login-complete') . '/');
+		return $this->oidc->authenticate();
 	}
 
 	/**
-	* When login is complete, login2 will redirect us here. Now verify the login.
+	* When login is complete, sso will redirect us here. Now verify the login.
 	* 
-	* @param  string $token the token from login2
 	* @return redirect to main page or intended page
 	*/
-	public function getLoginComplete($token) {
-		// Send get request to login server
-		$client = new Client();
-		$res = $client->request('GET', env('LOGIN_API_URL') . '/verify/' . $token . '.json', [
-			'form_params' => [
-				'format' => 'json',
-				'api_key' => env('LOGIN_API_KEY')
-			]
-		]);
-
-		// We now have a response. If it is good, parse the json and login user
-		if ($res->getStatusCode() == 200) {
-			$body = json_decode($res->getBody());
-			$user = User::createIfNotExistsOrFail($body->user, $body);
-
-			Auth::login($user);
-		} else {
-			Auth::logout();
+	public function getLoginComplete() {
+		if ($this->oidc->authenticate() === FALSE) {
 			return redirect('/')->with('error', 'Du loggades inte in.');
 		}
 
+        $kthId = $this->oidc->getVerifiedClaims('sub');
+
+		$user = User::createIfNotExistsOrFail($kthId);
+
+		Auth::login($user);
+
 		return redirect()->intended('/')->with('success', 'Du loggades in.');
 	}
 }

compose.yaml

@@ -8,17 +8,22 @@ services:
       - APP_KEY=12345678901234567890abcdefabcdea
       - APP_DEBUG=true
       - APP_LOG_LEVEL=debug
-      - APP_URL=http://localhost:8000/
+      - APP_URL=http://localhost:8080/
       - DB_CONNECTION=pgsql
       - DB_DRIVER=pgsql
       - DB_HOST=db
       - DB_DATABASE=postgres
       - DB_USERNAME=postgres
       - DB_PASSWORD=postgres
-      - LOGIN_API_URL=http://nyckeln:7002
-      - LOGIN_FRONTEND_URL=http://localhost:7002
       - SSO_API_URL=http://nyckeln:7003
+      - OIDC_PROVIDER=http://nyckeln:7003
+      - OIDC_ID=client-id
+      - OIDC_SECRET=client-secret
+      - REDIRECT_URL=http://localhost:8080/login-complete
       - PORT=8080
+    configs:
+      - source: http_proxy.nginx.conf
+        target: /etc/nginx/http.d/http_proxy.conf
     depends_on:
       db:
         condition: service_healthy
@@ -55,22 +60,23 @@ services:
       - 7004:7004
 
 configs:
-  nginx.conf:
+  http_proxy.nginx.conf:
     content: |
-      events {}
-
-      http {
-        server {
-          listen 7003;
+      server {
+        listen 7003;
 
-          location / {
-            proxy_pass http://nyckeln:7003;
-          }
+        location / {
+          proxy_pass http://nyckeln:7003;
         }
       }
 
   nyckeln.yaml:
     content: |
+      clients:
+        - id: client-id
+          secret: client-secret
+          redirect_uris:
+            - http://localhost:8080/login-complete
       users:
         - ug_kth_id: some-id
           kth_id: turetek

composer.json

@@ -6,11 +6,12 @@
     "type": "project",
     "require": {
         "php": ">=5.6.4",
+        "ext-mbstring": "*",
         "guzzlehttp/guzzle": "^6.3",
+        "jumbojett/openid-connect-php": "^1.0",
         "laravel/framework": "5.4.*",
         "laravel/tinker": "~1.0",
-        "netcarver/textile": "3.6.*",
-	    "ext-mbstring": "*"
+        "netcarver/textile": "3.6.*"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",
@@ -55,7 +56,10 @@
     "config": {
         "preferred-install": "dist",
         "sort-packages": true,
-        "optimize-autoloader": true
+        "optimize-autoloader": true,
+        "allow-plugins": {
+            "kylekatarnls/update-helper": true
+        }
     },
     "extra": {
         "heroku": {