webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-31 15:24:31 +03:00
Code Activity

Added files missed in previous commit

Browse Source
This commit is contained in:
Dan Brown
2020-02-02 10:59:03 +00:00
parent 3470a6a140
commit e743cd3f60
21 changed files with 139 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/Auth/Access/Guards/ExternalBaseSessionGuard.php
View File

@ -2,6 +2,10 @@
namespace BookStack\Auth\Access\Guards;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\LoginAttemptException;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\StatefulGuard;
@ -51,21 +55,24 @@ class ExternalBaseSessionGuard implements StatefulGuard
*/
protected $loggedOut = false;
/**
* Repository to perform user-specific actions.
*
* @var UserRepo
*/
protected $userRepo;
/**
* Create a new authentication guard.
*
* @param string $name
* @param \Illuminate\Contracts\Auth\UserProvider $provider
* @param \Illuminate\Contracts\Session\Session $session
* @return void
*/
public function __construct($name,
UserProvider $provider,
Session $session)
public function __construct(string $name, UserProvider $provider, Session $session, UserRepo $userRepo)
{
$this->name = $name;
$this->session = $session;
$this->provider = $provider;
$this->userRepo = $userRepo;
}
/**

4
app/Auth/Access/Guards/LdapSessionGuard.php
View File

@ -15,7 +15,6 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
{
protected $ldapService;
protected $userRepo;
/**
* LdapSessionGuard constructor.
@ -28,8 +27,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
)
{
$this->ldapService = $ldapService;
$this->userRepo = $userRepo;
parent::__construct($name, $provider, $session);
parent::__construct($name, $provider, $session, $userRepo);
}
/**

89
app/Auth/Access/Guards/Saml2SessionGuard.php
View File

@ -2,49 +2,27 @@
namespace BookStack\Auth\Access\Guards;
use BookStack\Auth\Access\LdapService;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\LdapException;
use BookStack\Exceptions\LoginAttemptException;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Session\Session;
class LdapSessionGuard extends ExternalBaseSessionGuard
/**
* Saml2 Session Guard
*
* The saml2 login process is async in nature meaning it does not fit very well
* into the default laravel 'Guard' auth flow. Instead most of the logic is done
* via the Saml2 controller & Saml2Service. This class provides a safer, thin
* version of SessionGuard.
*
* @package BookStack\Auth\Access\Guards
*/
class Saml2SessionGuard extends ExternalBaseSessionGuard
{
protected $ldapService;
/**
* LdapSessionGuard constructor.
*/
public function __construct($name,
UserProvider $provider,
Session $session,
LdapService $ldapService,
UserRepo $userRepo
)
{
$this->ldapService = $ldapService;
parent::__construct($name, $provider, $session, $userRepo);
}
/**
* Validate a user's credentials.
*
* @param array $credentials
* @return bool
* @throws LdapException
*/
public function validate(array $credentials = [])
{
$userDetails = $this->ldapService->getUserDetails($credentials['username']);
$this->lastAttempted = $this->provider->retrieveByCredentials([
'external_auth_id' => $userDetails['uid']
]);
return $this->ldapService->validateUserCredentials($userDetails, $credentials['username'], $credentials['password']);
return false;
}
/**
@ -53,51 +31,10 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
* @param array $credentials
* @param bool $remember
* @return bool
* @throws LoginAttemptEmailNeededException
* @throws LoginAttemptException
* @throws LdapException
*/
public function attempt(array $credentials = [], $remember = false)
{
$username = $credentials['username'];
$userDetails = $this->ldapService->getUserDetails($username);
$this->lastAttempted = $user = $this->provider->retrieveByCredentials([
'external_auth_id' => $userDetails['uid']
]);
if (!$this->ldapService->validateUserCredentials($userDetails, $username, $credentials['password'])) {
return false;
}
if (is_null($user)) {
$user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
}
$this->checkForUserEmail($user, $credentials['email'] ?? '');
$this->saveIfNew($user);
// Sync LDAP groups if required
if ($this->ldapService->shouldSyncGroups()) {
$this->ldapService->syncGroups($user, $username);
}
$this->login($user, $remember);
return true;
}
/**
* Create a fresh user instance from details provided by a LDAP lookup.
*/
protected function freshUserInstanceFromLdapUserDetails(array $ldapUserDetails): User
{
$user = new User();
$user->name = $ldapUserDetails['name'];
$user->external_auth_id = $ldapUserDetails['uid'];
$user->email = $ldapUserDetails['email'];
$user->email_confirmed = false;
return $user;
return false;
}
}

5
app/Auth/Access/RegistrationService.php
View File

@ -20,14 +20,15 @@ class RegistrationService
$this->emailConfirmationService = $emailConfirmationService;
}
/**
* Check whether or not registrations are allowed in the app settings.
* @throws UserRegistrationException
*/
public function checkRegistrationAllowed()
{
if (!setting('registration-enabled') || config('auth.method') === 'ldap') {
$authMethod = config('auth.method');
$authMethodsWithRegistration = ['standard'];
if (!setting('registration-enabled') || !in_array($authMethod, $authMethodsWithRegistration)) {
throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login');
}
}

16
app/Auth/Access/Saml2Service.php
View File

@ -20,7 +20,6 @@ class Saml2Service extends ExternalAuthService
protected $config;
protected $userRepo;
protected $user;
protected $enabled;
/**
* Saml2Service constructor.
@ -30,7 +29,6 @@ class Saml2Service extends ExternalAuthService
$this->config = config('saml2');
$this->userRepo = $userRepo;
$this->user = $user;
$this->enabled = config('saml2.enabled') === true;
}
/**
@ -204,7 +202,7 @@ class Saml2Service extends ExternalAuthService
*/
protected function shouldSyncGroups(): bool
{
return $this->enabled && $this->config['user_to_groups'] !== false;
return $this->config['user_to_groups'] !== false;
}
/**
@ -248,7 +246,7 @@ class Saml2Service extends ExternalAuthService
/**
* Extract the details of a user from a SAML response.
*/
public function getUserDetails(string $samlID, $samlAttributes): array
protected function getUserDetails(string $samlID, $samlAttributes): array
{
$emailAttr = $this->config['email_attribute'];
$externalId = $this->getExternalId($samlAttributes, $samlID);
@ -329,7 +327,7 @@ class Saml2Service extends ExternalAuthService
throw new SamlException(trans('errors.saml_email_exists', ['email' => $userDetails['email']]));
}
$user = $this->user->forceCreate($userData);
$user = $this->user->newQuery()->forceCreate($userData);
$this->userRepo->attachDefaultRole($user);
$this->userRepo->downloadAndAssignUserAvatar($user);
return $user;
@ -337,15 +335,15 @@ class Saml2Service extends ExternalAuthService
/**
* Get the user from the database for the specified details.
* @throws SamlException
*/
protected function getOrRegisterUser(array $userDetails): ?User
{
$isRegisterEnabled = $this->config['auto_register'] === true;
$user = $this->user
->where('external_auth_id', $userDetails['external_id'])
$user = $this->user->newQuery()
->where('external_auth_id', '=', $userDetails['external_id'])
->first();
if ($user === null && $isRegisterEnabled) {
if (is_null($user)) {
$user = $this->registerUser($userDetails);
}