From 92fe1287eac5424b89fea07c2b99aee20fb9aba3 Mon Sep 17 00:00:00 2001
From: Johnson Yi <jyi.dev@outlook.com>
Date: Fri, 29 Apr 2022 15:35:08 +0000
Subject: [PATCH 1/2] Do not saml login automatically after normal logout

---
 app/Http/Controllers/Auth/LoginController.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index d36a391036..2754d96d2d 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -68,15 +68,17 @@ class LoginController extends Controller
             return redirect()->intended('/');
         }
 
-        // If the environment is set to ALWAYS require SAML, go straight to the SAML route.
-        // We don't need to check other settings, as this should override those.
-        if (config('app.require_saml')) {
-            return redirect()->route('saml.login');
-        }
+        if (!$request->session()->has('loggedout')) {
+            // If the environment is set to ALWAYS require SAML, go straight to the SAML route.
+            // We don't need to check other settings, as this should override those.
+            if (config('app.require_saml')) {
+                return redirect()->route('saml.login');
+            }
 
 
-        if ($this->saml->isEnabled() && Setting::getSettings()->saml_forcelogin == '1' && ! ($request->has('nosaml') || $request->session()->has('error'))) {
-            return redirect()->route('saml.login');
+            if ($this->saml->isEnabled() && Setting::getSettings()->saml_forcelogin == '1' && ! ($request->has('nosaml') || $request->session()->has('error'))) {
+                return redirect()->route('saml.login');
+            }
         }
 
         if (Setting::getSettings()->login_common_disabled == '1') {

From 281c6df7b34845bdb6331796efdb17bac206baf1 Mon Sep 17 00:00:00 2001
From: Johnson Yi <jyi.dev@outlook.com>
Date: Fri, 29 Apr 2022 15:35:40 +0000
Subject: [PATCH 2/2] Customize login page when REQUIRE_SAML is enabled

---
 resources/views/auth/login.blade.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php
index 409b6ed59e..b0db617300 100755
--- a/resources/views/auth/login.blade.php
+++ b/resources/views/auth/login.blade.php
@@ -36,6 +36,7 @@
                                 <!-- Notifications -->
                                 @include('notifications')
 
+                                @if (!config('app.require_saml'))
                                 <div class="col-md-12">
                                     <!-- CSRF Token -->
 
@@ -59,10 +60,10 @@
                                         </div>
                                     </fieldset>
                                 </div> <!-- end col-md-12 -->
-
+                                @endif
                             </div> <!-- end row -->
 
-                            @if ($snipeSettings->saml_enabled)
+                            @if (!config('app.require_saml') && $snipeSettings->saml_enabled)
                             <div class="row ">
                                 <div class="text-right col-md-12">
                                     <a href="{{ route('saml.login')  }}">{{ trans('auth/general.saml_login')  }}</a>
@@ -71,12 +72,16 @@
                             @endif
                         </div>
                         <div class="box-footer">
+                            @if (config('app.require_saml'))
+                            <a class="btn btn-lg btn-primary btn-block" href="{{ route('saml.login')  }}">{{ trans('auth/general.saml_login')  }}</a>
+                            @else
                             <button class="btn btn-lg btn-primary btn-block">{{ trans('auth/general.login')  }}</button>
+                            @endif
                         </div>
                         <div class="text-right col-md-12 col-sm-12 col-xs-12" style="padding-top: 10px;">
                             @if ($snipeSettings->custom_forgot_pass_url)
                                 <a href="{{ $snipeSettings->custom_forgot_pass_url  }}" rel="noopener">{{ trans('auth/general.forgot_password')  }}</a>
-                            @else
+                            @elseif (!config('app.require_saml'))
                                 <a href="{{ route('password.request')  }}">{{ trans('auth/general.forgot_password')  }}</a>
                             @endif