Increased LDAP testing and fixed any Auth-based bugs found

2025-08-07 23:03:00 +03:00 · 2016-01-17 15:20:07 +00:00
parent bb87401d10
commit 7bcd967fd9
8 changed files with 172 additions and 22 deletions
--- a/app/Http/Controllers/Auth/AuthController.php
+++ b/app/Http/Controllers/Auth/AuthController.php
@@ -191,6 +191,7 @@ class AuthController extends Controller
        }

        $newUser->email_confirmed = true;
+
        auth()->login($newUser);
        session()->flash('success', 'Thanks for signing up! You are now registered and signed in.');
        return redirect($this->redirectPath());
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -58,18 +58,31 @@ class UserController extends Controller
    public function store(Request $request)
    {
        $this->checkPermission('user-create');
-        $this->validate($request, [
+        $validationRules = [
            'name'             => 'required',
            'email'            => 'required|email|unique:users,email',
-            'password'         => 'required|min:5',
-            'password-confirm' => 'required|same:password',
            'role'             => 'required|exists:roles,id'
-        ]);
+        ];
+
+        $authMethod = config('auth.method');
+        if ($authMethod === 'standard') {
+            $validationRules['password'] = 'required|min:5';
+            $validationRules['password-confirm'] = 'required|same:password';
+        } elseif ($authMethod === 'ldap') {
+            $validationRules['external_auth_id'] = 'required';
+        }
+        $this->validate($request, $validationRules);
+

        $user = $this->user->fill($request->all());
-        $user->password = bcrypt($request->get('password'));
-        $user->save();

+        if ($authMethod === 'standard') {
+            $user->password = bcrypt($request->get('password'));
+        } elseif ($authMethod === 'ldap') {
+            $user->external_auth_id = $request->get('external_auth_id');
+        }
+
+        $user->save();
        $user->attachRoleId($request->get('role'));

        // Get avatar from gravatar and save
--- a/app/Repos/UserRepo.php
+++ b/app/Repos/UserRepo.php
@@ -48,6 +48,14 @@ class UserRepo
    {
        $user = $this->create($data);
        $this->attachDefaultRole($user);
+
+        // Get avatar from gravatar and save
+        if (!config('services.disable_services')) {
+            $avatar = \Images::saveUserGravatar($user);
+            $user->avatar()->associate($avatar);
+            $user->save();
+        }
+
        return $user;
    }

--- a/app/Services/ImageService.php
+++ b/app/Services/ImageService.php
@@ -1,5 +1,6 @@
 <?php namespace BookStack\Services;

+use BookStack\Exceptions\ImageUploadException;
 use BookStack\Image;
 use BookStack\User;
 use Intervention\Image\ImageManager;
@@ -71,6 +72,7 @@ class ImageService
     * @param string $imageData
     * @param string $type
     * @return Image
+     * @throws ImageUploadException
     */
    private function saveNew($imageName, $imageData, $type)
    {
@@ -86,17 +88,24 @@ class ImageService
        }
        $fullPath = $imagePath . $imageName;

+        if(!is_writable(dirname(public_path($fullPath)))) throw new ImageUploadException('Image Directory ' . public_path($fullPath) . ' is not writable by the server.');
+
        $storage->put($fullPath, $imageData);

-        $userId = auth()->user()->id;
-        $image = Image::forceCreate([
+        $imageDetails = [
            'name'       => $imageName,
            'path'       => $fullPath,
            'url'        => $this->getPublicUrl($fullPath),
-            'type'       => $type,
-            'created_by' => $userId,
-            'updated_by' => $userId
-        ]);
+            'type'       => $type
+        ];
+
+        if (auth()->user() && auth()->user()->id !== 0) {
+            $userId = auth()->user()->id;
+            $imageDetails['created_by'] = $userId;
+            $imageDetails['updated_by'] = $userId;
+        }
+
+        $image = Image::forceCreate($imageDetails);

        return $image;
    }
@@ -188,6 +197,7 @@ class ImageService
        $imageName = str_replace(' ', '-', $user->name . '-gravatar.png');
        $image = $this->saveNewFromUrl($url, 'user', $imageName);
        $image->created_by = $user->id;
+        $image->updated_by = $user->id;
        $image->save();
        return $image;
    }
--- a/app/Services/LdapService.php
+++ b/app/Services/LdapService.php
@@ -36,6 +36,7 @@ class LdapService
    public function getUserDetails($userName)
    {
        $ldapConnection = $this->getConnection();
+        $this->bindSystemUser($ldapConnection);

        // Find user
        $userFilter = $this->buildFilter($this->config['user_filter'], ['user' => $userName]);
@@ -93,7 +94,7 @@ class LdapService
            $ldapBind = $this->ldap->bind($connection, $ldapDn, $ldapPass);
        }

-        if (!$ldapBind) throw new LdapException('LDAP access failed using ' . $isAnonymous ? ' anonymous bind.' : ' given dn & pass details');
+        if (!$ldapBind) throw new LdapException('LDAP access failed using ' . ($isAnonymous ? ' anonymous bind.' : ' given dn & pass details'));
    }

    /**