From a6116a1b150ea3e39b98b37ffc04067d7d452a36 Mon Sep 17 00:00:00 2001
From: Alex Janes <ajanes@adagiohealth.org>
Date: Thu, 16 Dec 2021 14:33:25 -0500
Subject: [PATCH] If SAML required, don't accept login form post.

---
 app/Http/Controllers/Auth/LoginController.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index b5f6c63c1c..0802defcc6 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -75,6 +75,7 @@ class LoginController extends Controller
         }
 
         //If the environment is set to ALWAYS require SAML, go straight to the SAML route.
+        //We don't need to check other settings, as this should override those.
         if((env("REQUIRE_SAML", false)))
         {
             return redirect()->route('saml.login');
@@ -207,6 +208,12 @@ class LoginController extends Controller
      */
     public function login(Request $request)
     {
+        //If the environment is set to ALWAYS require SAML, return access denied
+        if((env("REQUIRE_SAML", false)))
+        {
+            return view('errors.403');
+        }
+
         if (Setting::getSettings()->login_common_disabled == '1') {
             return view('errors.403');
         }