colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set more appropriate login validation and broken up LDAP guide a bit

This commit is contained in:
Dan Brown 2020-02-01 14:30:23 +00:00
parent 575b85021d
commit 7728931f15
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
2 changed files with 79 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
app/Auth/Access/Guards/LdapSessionGuard.php
View File

@ -75,19 +75,28 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
$user = $this->freshUserInstanceFromLdapUserDetails($userDetails); $user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
} }
$providedEmail = ($credentials['email'] ?? false); $this->checkForUserEmail($user, $credentials['email'] ?? '');
$this->saveIfNew($user);
// Request email if missing from LDAP and model and missing from request // Sync LDAP groups if required
if (is_null($user->email) && !$providedEmail) { if ($this->ldapService->shouldSyncGroups()) {
throw new LoginAttemptEmailNeededException(); $this->ldapService->syncGroups($user, $username);
} }
// Add email to model if non-existing and email provided in request $this->login($user, $remember);
if (!$user->exists && $user->email === null && $providedEmail) { return true;
$user->email = $providedEmail; }
/**
* Save the give user if they don't yet existing in the system.
* @throws LoginAttemptException
*/
protected function saveIfNew(User $user)
{
if ($user->exists) {
return;
} }
if (!$user->exists) {
// Check for existing users with same email // Check for existing users with same email
$alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0; $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
if ($alreadyUser) { if ($alreadyUser) {
@ -99,13 +108,23 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
$this->userRepo->downloadAndAssignUserAvatar($user); $this->userRepo->downloadAndAssignUserAvatar($user);
} }
// Sync LDAP groups if required /**
if ($this->ldapService->shouldSyncGroups()) { * Ensure the given user has an email.
$this->ldapService->syncGroups($user, $username); * Takes the provided email in the request if a value is provided
* and the user does not have an existing email.
* @throws LoginAttemptEmailNeededException
*/
protected function checkForUserEmail(User $user, string $providedEmail)
{
// Request email if missing from user and missing from request
if (is_null($user->email) && !$providedEmail) {
throw new LoginAttemptEmailNeededException();
} }
$this->login($user, $remember); // Add email to model if non-existing and email provided in request
return true; if (!$user->exists && is_null($user->email) && $providedEmail) {
$user->email = $providedEmail;
}
} }
/** /**

37
app/Http/Controllers/Auth/LoginController.php
View File

@ -119,6 +119,43 @@ class LoginController extends Controller
return $this->sendFailedLoginResponse($request); return $this->sendFailedLoginResponse($request);
} }
/**
* Validate the user login request.
*
* @param \Illuminate\Http\Request $request
* @return void
*
* @throws \Illuminate\Validation\ValidationException
*/
protected function validateLogin(Request $request)
{
$rules = [];
$authMethod = config('auth.method');
if ($authMethod === 'standard') {
$rules = [
'email' => 'required|string|email',
'password' => 'required|string'
];
}
if ($authMethod === 'ldap') {
$rules = [
'username' => 'required|string',
'password' => 'required|string',
'email' => 'email',
];
}
if ($authMethod === 'saml2') {
$rules = [
'email' => 'email',
];
}
$request->validate($rules);
}
/** /**
* Send a response when a login attempt exception occurs. * Send a response when a login attempt exception occurs.
*/ */