BookStack/app/Providers/AuthServiceProvider.php

<?php

namespace BookStack\Providers;

use BookStack\Api\ApiTokenGuard;
use BookStack\Auth\Access\ExternalBaseUserProvider;
use BookStack\Auth\Access\Guards\AsyncExternalBaseSessionGuard;
use BookStack\Auth\Access\Guards\LdapSessionGuard;
use BookStack\Auth\Access\LdapService;
use BookStack\Auth\Access\LoginService;
use BookStack\Auth\Access\RegistrationService;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\ServiceProvider;
use Illuminate\Validation\Rules\Password;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap the application services.
     *
     * @return void
     */
    public function boot()
    {
        // Password Configuration
        // Changes here must be reflected in ApiDocsGenerate@getValidationAsString.
        Password::defaults(fn () => Password::min(8));

        // Custom guards
        Auth::extend('api-token', function ($app, $name, array $config) {
            return new ApiTokenGuard($app['request'], $app->make(LoginService::class));
        });

        Auth::extend('ldap-session', function ($app, $name, array $config) {
            $provider = Auth::createUserProvider($config['provider']);

            return new LdapSessionGuard(
                $name,
                $provider,
                $app['session.store'],
                $app[LdapService::class],
                $app[RegistrationService::class]
            );
        });

        Auth::extend('async-external-session', function ($app, $name, array $config) {
            $provider = Auth::createUserProvider($config['provider']);

            return new AsyncExternalBaseSessionGuard(
                $name,
                $provider,
                $app['session.store'],
                $app[RegistrationService::class]
            );
        });
    }

    /**
     * Register the application services.
     *
     * @return void
     */
    public function register()
    {
        Auth::provider('external-users', function ($app, array $config) {
            return new ExternalBaseUserProvider($config['model']);
        });
    }
}
Updated laravel to 5.2 and started ldap implementation 2016-01-09 19:23:35 +00:00			`<?php`

			`namespace BookStack\Providers;`

Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 14:51:28 +00:00			`use BookStack\Api\ApiTokenGuard;`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 11:42:22 +00:00			`use BookStack\Auth\Access\ExternalBaseUserProvider;`
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 22:05:26 +00:00			`use BookStack\Auth\Access\Guards\AsyncExternalBaseSessionGuard;`
Applied latest styles changes from style CI 2021-10-16 15:01:59 +00:00			`use BookStack\Auth\Access\Guards\LdapSessionGuard;`
Re-structured the app code to be feature based rather than code type based 2018-09-25 11:30:50 +00:00			`use BookStack\Auth\Access\LdapService;`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-05 21:07:08 +00:00			`use BookStack\Auth\Access\LoginService;`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-02 17:31:00 +00:00			`use BookStack\Auth\Access\RegistrationService;`
Applied styleci changes 2021-09-26 14:48:22 +00:00			`use Illuminate\Support\Facades\Auth;`
Updated laravel to 5.2 and started ldap implementation 2016-01-09 19:23:35 +00:00			`use Illuminate\Support\ServiceProvider;`
Aligned password length requirements Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237 2021-12-18 16:31:48 +00:00			`use Illuminate\Validation\Rules\Password;`
Updated laravel to 5.2 and started ldap implementation 2016-01-09 19:23:35 +00:00
			`class AuthServiceProvider extends ServiceProvider`
			`{`
			`/**`
			`* Bootstrap the application services.`
			`*`
			`* @return void`
			`*/`
			`public function boot()`
			`{`
Aligned password length requirements Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237 2021-12-18 16:31:48 +00:00			`// Password Configuration`
Added user-update API endpoint - Required changing the docs generator to handle more complex object-style rules. Bit of a hack for some types (password). - Extracted core update logic to repo for sharing with API. - Moved user update language string to align with activity/logging system. - Added tests to cover. 2022-02-03 16:52:28 +00:00			`// Changes here must be reflected in ApiDocsGenerate@getValidationAsString.`
Refactored app service providers Removed old pagination provider as url handling now achieved in a better way. Removed unused broadcast service provider. Moved view-based tweaks into specific provider. Reorganised provider config list. 2022-09-27 01:48:05 +00:00			`Password::defaults(fn () => Password::min(8));`
Aligned password length requirements Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237 2021-12-18 16:31:48 +00:00
			`// Custom guards`
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 14:51:28 +00:00			`Auth::extend('api-token', function ($app, $name, array $config) {`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-05 21:07:08 +00:00			`return new ApiTokenGuard($app['request'], $app->make(LoginService::class));`
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 14:51:28 +00:00			`});`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 11:42:22 +00:00
			`Auth::extend('ldap-session', function ($app, $name, array $config) {`
			`$provider = Auth::createUserProvider($config['provider']);`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 11:42:22 +00:00			`return new LdapSessionGuard(`
			`$name,`
			`$provider,`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-05 21:07:08 +00:00			`$app['session.store'],`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 11:42:22 +00:00			`$app[LdapService::class],`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-02 17:31:00 +00:00			`$app[RegistrationService::class]`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 11:42:22 +00:00			`);`
			`});`
Added files missed in previous commit 2020-02-02 10:59:03 +00:00
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 22:05:26 +00:00			`Auth::extend('async-external-session', function ($app, $name, array $config) {`
Added files missed in previous commit 2020-02-02 10:59:03 +00:00			`$provider = Auth::createUserProvider($config['provider']);`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-06 22:05:26 +00:00			`return new AsyncExternalBaseSessionGuard(`
Added files missed in previous commit 2020-02-02 10:59:03 +00:00			`$name,`
			`$provider,`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-05 21:07:08 +00:00			`$app['session.store'],`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-02 17:31:00 +00:00			`$app[RegistrationService::class]`
Added files missed in previous commit 2020-02-02 10:59:03 +00:00			`);`
			`});`
Updated laravel to 5.2 and started ldap implementation 2016-01-09 19:23:35 +00:00			`}`

			`/**`
			`* Register the application services.`
			`*`
			`* @return void`
			`*/`
			`public function register()`
			`{`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 11:42:22 +00:00			`Auth::provider('external-users', function ($app, array $config) {`
			`return new ExternalBaseUserProvider($config['model']);`
Updated laravel to 5.2 and started ldap implementation 2016-01-09 19:23:35 +00:00			`});`
			`}`
			`}`