bookstack/app/Access/Controllers/SocialController.php

<?php

namespace BookStack\Access\Controllers;

use BookStack\Access\LoginService;
use BookStack\Access\RegistrationService;
use BookStack\Access\SocialAuthService;
use BookStack\Exceptions\SocialDriverNotConfigured;
use BookStack\Exceptions\SocialSignInAccountNotUsed;
use BookStack\Exceptions\SocialSignInException;
use BookStack\Exceptions\UserRegistrationException;
use BookStack\Http\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
use Laravel\Socialite\Contracts\User as SocialUser;

class SocialController extends Controller
{
    public function __construct(
        protected SocialAuthService $socialAuthService,
        protected RegistrationService $registrationService,
        protected LoginService $loginService,
    ) {
        $this->middleware('guest')->only(['register']);
    }

    /**
     * Redirect to the relevant social site.
     *
     * @throws SocialDriverNotConfigured
     */
    public function login(string $socialDriver)
    {
        session()->put('social-callback', 'login');

        return $this->socialAuthService->startLogIn($socialDriver);
    }

    /**
     * Redirect to the social site for authentication intended to register.
     *
     * @throws SocialDriverNotConfigured
     * @throws UserRegistrationException
     */
    public function register(string $socialDriver)
    {
        $this->registrationService->ensureRegistrationAllowed();
        session()->put('social-callback', 'register');

        return $this->socialAuthService->startRegister($socialDriver);
    }

    /**
     * The callback for social login services.
     *
     * @throws SocialSignInException
     * @throws SocialDriverNotConfigured
     * @throws UserRegistrationException
     */
    public function callback(Request $request, string $socialDriver)
    {
        if (!session()->has('social-callback')) {
            throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login');
        }

        // Check request for error information
        if ($request->has('error') && $request->has('error_description')) {
            throw new SocialSignInException(trans('errors.social_login_bad_response', [
                'socialAccount' => $socialDriver,
                'error'         => $request->get('error_description'),
            ]), '/login');
        }

        $action = session()->pull('social-callback');

        // Attempt login or fall-back to register if allowed.
        $socialUser = $this->socialAuthService->getSocialUser($socialDriver);
        if ($action === 'login') {
            try {
                return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser);
            } catch (SocialSignInAccountNotUsed $exception) {
                if ($this->socialAuthService->drivers()->isAutoRegisterEnabled($socialDriver)) {
                    return $this->socialRegisterCallback($socialDriver, $socialUser);
                }

                throw $exception;
            }
        }

        if ($action === 'register') {
            return $this->socialRegisterCallback($socialDriver, $socialUser);
        }

        return redirect('/');
    }

    /**
     * Detach a social account from a user.
     */
    public function detach(string $socialDriver)
    {
        $this->socialAuthService->detachSocialAccount($socialDriver);
        session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)]));

        return redirect('/my-account/auth#social-accounts');
    }

    /**
     * Register a new user after a registration callback.
     *
     * @throws UserRegistrationException
     */
    protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser)
    {
        $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser);
        $socialAccount = $this->socialAuthService->newSocialAccount($socialDriver, $socialUser);
        $emailVerified = $this->socialAuthService->drivers()->isAutoConfirmEmailEnabled($socialDriver);

        // Create an array of the user data to create a new user instance
        $userData = [
            'name'     => $socialUser->getName(),
            'email'    => $socialUser->getEmail(),
            'password' => Str::random(32),
        ];

        // Take name from email address if empty
        if (!$userData['name']) {
            $userData['name'] = explode('@', $userData['email'])[0];
        }

        $user = $this->registrationService->registerUser($userData, $socialAccount, $emailVerified);
        $this->showSuccessNotification(trans('auth.register_success'));
        $this->loginService->login($user, $socialDriver);

        return redirect('/');
    }
}
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`<?php`

Played around with a new app structure 2023-05-18 00:56:55 +08:00			`namespace BookStack\Access\Controllers;`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00
Played around with a new app structure 2023-05-18 00:56:55 +08:00			`use BookStack\Access\LoginService;`
			`use BookStack\Access\RegistrationService;`
			`use BookStack\Access\SocialAuthService;`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`use BookStack\Exceptions\SocialDriverNotConfigured;`
			`use BookStack\Exceptions\SocialSignInAccountNotUsed;`
			`use BookStack\Exceptions\SocialSignInException;`
			`use BookStack\Exceptions\UserRegistrationException;`
Cleaned up namespacing in routes Also moved home controller and moved controllers up a level in http. 2023-05-19 03:53:39 +08:00			`use BookStack\Http\Controller;`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Str;`
			`use Laravel\Socialite\Contracts\User as SocialUser;`

			`class SocialController extends Controller`
			`{`
Updated all login events to route through single service 2021-07-18 00:45:00 +08:00			`public function __construct(`
My Account: Updated and started adding to tests - Updated existing tests now affected by my-account changes. - Updated some existing tests to more accuractly check the scenario. - Updated some code styling in SocialController. - Fixed redirects for social account flows to fit my-account. - Added test for social account attaching. - Added test for api token redirect handling. 2023-10-19 21:18:42 +08:00			`protected SocialAuthService $socialAuthService,`
			`protected RegistrationService $registrationService,`
			`protected LoginService $loginService,`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`) {`
Removed usage of laravel/ui dependency Brings app auth controller handling aligned within the app, rather than having many overrides of the framwork packages causing confusion and messiness over time. 2022-09-22 23:54:27 +08:00			`$this->middleware('guest')->only(['register']);`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`}`

			`/**`
			`* Redirect to the relevant social site.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
Updated register paths to include user slugs 2021-03-11 06:37:53 +08:00			`* @throws SocialDriverNotConfigured`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`*/`
Updated register paths to include user slugs 2021-03-11 06:37:53 +08:00			`public function login(string $socialDriver)`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`{`
			`session()->put('social-callback', 'login');`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`return $this->socialAuthService->startLogIn($socialDriver);`
			`}`

			`/**`
			`* Redirect to the social site for authentication intended to register.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`* @throws SocialDriverNotConfigured`
			`* @throws UserRegistrationException`
			`*/`
Updated register paths to include user slugs 2021-03-11 06:37:53 +08:00			`public function register(string $socialDriver)`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`{`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-03 01:31:00 +08:00			`$this->registrationService->ensureRegistrationAllowed();`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`session()->put('social-callback', 'register');`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`return $this->socialAuthService->startRegister($socialDriver);`
			`}`

			`/**`
			`* The callback for social login services.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`* @throws SocialSignInException`
			`* @throws SocialDriverNotConfigured`
			`* @throws UserRegistrationException`
			`*/`
Updated register paths to include user slugs 2021-03-11 06:37:53 +08:00			`public function callback(Request $request, string $socialDriver)`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`{`
			`if (!session()->has('social-callback')) {`
			`throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login');`
			`}`

			`// Check request for error information`
			`if ($request->has('error') && $request->has('error_description')) {`
			`throw new SocialSignInException(trans('errors.social_login_bad_response', [`
			`'socialAccount' => $socialDriver,`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`'error' => $request->get('error_description'),`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`]), '/login');`
			`}`

			`$action = session()->pull('social-callback');`

			`// Attempt login or fall-back to register if allowed.`
			`$socialUser = $this->socialAuthService->getSocialUser($socialDriver);`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-03 01:31:00 +08:00			`if ($action === 'login') {`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`try {`
			`return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser);`
			`} catch (SocialSignInAccountNotUsed $exception) {`
Auth: Refactored OIDC RP-logout PR code, Extracted logout Extracted logout to the login service so the logic can be shared instead of re-implemented at each stage. For this, the SocialAuthService was split so the driver management is in its own class, so it can be used elsewhere without use (or circular dependencies) of the SocialAuthService. During review of #4467 2023-12-06 21:49:53 +08:00			`if ($this->socialAuthService->drivers()->isAutoRegisterEnabled($socialDriver)) {`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`return $this->socialRegisterCallback($socialDriver, $socialUser);`
			`}`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`throw $exception;`
			`}`
			`}`

Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-03 01:31:00 +08:00			`if ($action === 'register') {`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`return $this->socialRegisterCallback($socialDriver, $socialUser);`
			`}`

URL Handling: Removed referrer-based redirect handling Swapped back handling to instead be pre-determined instead of being based upon session/referrer which would cause inconsistent results when referrer data was not available (redirect to app-loaded images/files). To support, this adds a mechansism to provide a URL through request data. Also cleaned up some imports in code while making changes. Closes #4656. 2023-12-10 20:37:21 +08:00			`return redirect('/');`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`}`

			`/**`
			`* Detach a social account from a user.`
			`*/`
Updated register paths to include user slugs 2021-03-11 06:37:53 +08:00			`public function detach(string $socialDriver)`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`{`
			`$this->socialAuthService->detachSocialAccount($socialDriver);`
			`session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)]));`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
My Account: Updated and started adding to tests - Updated existing tests now affected by my-account changes. - Updated some existing tests to more accuractly check the scenario. - Updated some code styling in SocialController. - Fixed redirects for social account flows to fit my-account. - Added test for social account attaching. - Added test for api token redirect handling. 2023-10-19 21:18:42 +08:00			`return redirect('/my-account/auth#social-accounts');`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`}`

			`/**`
			`* Register a new user after a registration callback.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`* @throws UserRegistrationException`
			`*/`
			`protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser)`
			`{`
			`$socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser);`
Added the possibility of social provider extension via theme Also started docs page 2021-03-20 00:16:26 +08:00			`$socialAccount = $this->socialAuthService->newSocialAccount($socialDriver, $socialUser);`
Auth: Refactored OIDC RP-logout PR code, Extracted logout Extracted logout to the login service so the logic can be shared instead of re-implemented at each stage. For this, the SocialAuthService was split so the driver management is in its own class, so it can be used elsewhere without use (or circular dependencies) of the SocialAuthService. During review of #4467 2023-12-06 21:49:53 +08:00			`$emailVerified = $this->socialAuthService->drivers()->isAutoConfirmEmailEnabled($socialDriver);`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00
			`// Create an array of the user data to create a new user instance`
			`$userData = [`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`'name' => $socialUser->getName(),`
			`'email' => $socialUser->getEmail(),`
			`'password' => Str::random(32),`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00			`];`

Updated social auth to take name from email if empty - Added tests to cover. Fixes #1853 2020-03-11 03:09:22 +08:00			`// Take name from email address if empty`
			`if (!$userData['name']) {`
			`$userData['name'] = explode('@', $userData['email'])[0];`
			`}`

Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-03 01:31:00 +08:00			`$user = $this->registrationService->registerUser($userData, $socialAccount, $emailVerified);`
Added login redirect system to confirm/mfa Also continued a bit on the MFA verification system. Moved some MFA routes to public space using updated login service to get the current user that is either logged in or last attempted login (With correct creds). 2021-07-18 23:52:31 +08:00			`$this->showSuccessNotification(trans('auth.register_success'));`
Updated all login events to route through single service 2021-07-18 00:45:00 +08:00			`$this->loginService->login($user, $socialDriver);`
Moved socal auth routes to their own controller Also cleaned some phpdocs and extracted register actions to their own service. 2020-01-26 22:42:50 +08:00
			`return redirect('/');`
			`}`
			`}`