Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 05:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

First basic OpenID Connect implementation

Browse Source
This commit is contained in:
Jasper Weyne 2020-07-01 23:27:50 +02:00
parent 8dc9689c6d
commit 07a6d7655f
21 changed files with 626 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.env.example.complete
View File

@ -228,6 +228,14 @@ SAML2_USER_TO_GROUPS=false
SAML2_GROUP_ATTRIBUTE=group
SAML2_REMOVE_FROM_GROUPS=false
# OpenID Connect authentication configuration
OPENID_CLIENT_ID=null
OPENID_CLIENT_SECRET=null
OPENID_ISSUER=https://example.com
OPENID_PUBLIC_KEY=file:///my/public.key
OPENID_URL_AUTHORIZE=https://example.com/authorize
OPENID_URL_TOKEN=https://example.com/token
# Disable default third-party services such as Gravatar and Draw.IO
# Service-specific options will override this option
DISABLE_EXTERNAL_SERVICES=false

39
app/Auth/Access/Guards/OpenIdSessionGuard.php Normal file
View File

@ -0,0 +1,39 @@
<?php
namespace BookStack\Auth\Access\Guards;
/**
* OpenId Session Guard
*
* The OpenId login process is async in nature meaning it does not fit very well
* into the default laravel 'Guard' auth flow. Instead most of the logic is done
* via the OpenId controller & OpenIdService. This class provides a safer, thin
* version of SessionGuard.
*
* @package BookStack\Auth\Access\Guards
*/
class OpenIdSessionGuard extends ExternalBaseSessionGuard
{
/**
* Validate a user's credentials.
*
* @param array $credentials
* @return bool
*/
public function validate(array $credentials = [])
{
return false;
}
/**
* Attempt to authenticate a user using the given credentials.
*
* @param array $credentials
* @param bool $remember
* @return bool
*/
public function attempt(array $credentials = [], $remember = false)
{
return false;
}
}

235
app/Auth/Access/OpenIdService.php Normal file
View File

@ -0,0 +1,235 @@
<?php namespace BookStack\Auth\Access;
use BookStack\Auth\User;
use BookStack\Exceptions\JsonDebugException;
use BookStack\Exceptions\OpenIdException;
use BookStack\Exceptions\UserRegistrationException;
use Exception;
use Illuminate\Support\Str;
use Lcobucci\JWT\Token;
use OpenIDConnectClient\AccessToken;
use OpenIDConnectClient\OpenIDConnectProvider;
/**
* Class OpenIdService
* Handles any app-specific OpenId tasks.
*/
class OpenIdService extends ExternalAuthService
{
protected $config;
protected $registrationService;
protected $user;
/**
* OpenIdService constructor.
*/
public function __construct(RegistrationService $registrationService, User $user)
{
$this->config = config('openid');
$this->registrationService = $registrationService;
$this->user = $user;
}
/**
* Initiate a authorization flow.
* @throws Error
*/
public function login(): array
{
$provider = $this->getProvider();
return [
'url' => $provider->getAuthorizationUrl(),
'state' => $provider->getState(),
];
}
/**
* Initiate a logout flow.
* @throws Error
*/
public function logout(): array
{
$this->actionLogout();
$url = '/';
$id = null;
return ['url' => $url, 'id' => $id];
}
/**
* Process the Authorization response from the authorization server and
* return the matching, or new if registration active, user matched to
* the authorization server.
* Returns null if not authenticated.
* @throws Error
* @throws OpenIdException
* @throws ValidationError
* @throws JsonDebugException
* @throws UserRegistrationException
*/
public function processAuthorizeResponse(?string $authorizationCode): ?User
{
$provider = $this->getProvider();
// Try to exchange authorization code for access token
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $authorizationCode,
]);
return $this->processAccessTokenCallback($accessToken);
}
/**
* Do the required actions to log a user out.
*/
protected function actionLogout()
{
auth()->logout();
session()->invalidate();
}
/**
* Load the underlying Onelogin SAML2 toolkit.
* @throws Error
* @throws Exception
*/
protected function getProvider(): OpenIDConnectProvider
{
$settings = $this->config['openid'];
$overrides = $this->config['openid_overrides'] ?? [];
if ($overrides && is_string($overrides)) {
$overrides = json_decode($overrides, true);
}
$openIdSettings = $this->loadOpenIdDetails();
$settings = array_replace_recursive($settings, $openIdSettings, $overrides);
$signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
return new OpenIDConnectProvider($settings, ['signer' => $signer]);
}
/**
* Load dynamic service provider options required by the onelogin toolkit.
*/
protected function loadOpenIdDetails(): array
{
return [
'redirectUri' => url('/openid/redirect'),
];
}
/**
* Calculate the display name
*/
protected function getUserDisplayName(Token $token, string $defaultValue): string
{
$displayNameAttr = $this->config['display_name_attributes'];
$displayName = [];
foreach ($displayNameAttr as $dnAttr) {
$dnComponent = $token->getClaim($dnAttr, '');
if ($dnComponent !== '') {
$displayName[] = $dnComponent;
}
}
if (count($displayName) == 0) {
$displayName = $defaultValue;
} else {
$displayName = implode(' ', $displayName);
}
return $displayName;
}
/**
* Get the value to use as the external id saved in BookStack
* used to link the user to an existing BookStack DB user.
*/
protected function getExternalId(Token $token, string $defaultValue)
{
$userNameAttr = $this->config['external_id_attribute'];
if ($userNameAttr === null) {
return $defaultValue;
}
return $token->getClaim($userNameAttr, $defaultValue);
}
/**
* Extract the details of a user from a SAML response.
*/
protected function getUserDetails(Token $token): array
{
$email = null;
$emailAttr = $this->config['email_attribute'];
if ($token->hasClaim($emailAttr)) {
$email = $token->getClaim($emailAttr);
}
return [
'external_id' => $token->getClaim('sub'),
'email' => $email,
'name' => $this->getUserDisplayName($token, $email),
];
}
/**
* Get the user from the database for the specified details.
* @throws OpenIdException
* @throws UserRegistrationException
*/
protected function getOrRegisterUser(array $userDetails): ?User
{
$user = $this->user->newQuery()
->where('external_auth_id', '=', $userDetails['external_id'])
->first();
if (is_null($user)) {
$userData = [
'name' => $userDetails['name'],
'email' => $userDetails['email'],
'password' => Str::random(32),
'external_auth_id' => $userDetails['external_id'],
];
$user = $this->registrationService->registerUser($userData, null, false);
}
return $user;
}
/**
* Processes a received access token for a user. Login the user when
* they exist, optionally registering them automatically.
* @throws OpenIdException
* @throws JsonDebugException
* @throws UserRegistrationException
*/
public function processAccessTokenCallback(AccessToken $accessToken): User
{
$userDetails = $this->getUserDetails($accessToken->getIdToken());
$isLoggedIn = auth()->check();
if ($this->config['dump_user_details']) {
throw new JsonDebugException($accessToken->jsonSerialize());
}
if ($userDetails['email'] === null) {
throw new OpenIdException(trans('errors.openid_no_email_address'));
}
if ($isLoggedIn) {
throw new OpenIdException(trans('errors.openid_already_logged_in'), '/login');
}
$user = $this->getOrRegisterUser($userDetails);
if ($user === null) {
throw new OpenIdException(trans('errors.openid_user_not_registered', ['name' => $userDetails['external_id']]), '/login');
}
auth()->login($user);
return $user;
}
}

4
app/Config/auth.php
View File

@ -40,6 +40,10 @@ return [
'driver' => 'saml2-session',
'provider' => 'external',
],
'openid' => [
'driver' => 'openid-session',
'provider' => 'external',
],
'api' => [
'driver' => 'api-token',
],

43
app/Config/openid.php Normal file
View File

@ -0,0 +1,43 @@
<?php
return [
// Display name, shown to users, for OpenId option
'name' => env('OPENID_NAME', 'SSO'),
// Dump user details after a login request for debugging purposes
'dump_user_details' => env('OPENID_DUMP_USER_DETAILS', false),
// Attribute, within a OpenId token, to find the user's email address
'email_attribute' => env('OPENID_EMAIL_ATTRIBUTE', 'email'),
// Attribute, within a OpenId token, to find the user's display name
'display_name_attributes' => explode('|', env('OPENID_DISPLAY_NAME_ATTRIBUTES', 'username')),
// Attribute, within a OpenId token, to use to connect a BookStack user to the OpenId user.
'external_id_attribute' => env('OPENID_EXTERNAL_ID_ATTRIBUTE', null),
// Overrides, in JSON format, to the configuration passed to underlying OpenIDConnectProvider library.
'openid_overrides' => env('OPENID_OVERRIDES', null),
'openid' => [
// OAuth2/OpenId client id, as configured in your Authorization server.
'clientId' => env('OPENID_CLIENT_ID', ''),
// OAuth2/OpenId client secret, as configured in your Authorization server.
'clientSecret' => env('OPENID_CLIENT_SECRET', ''),
// OAuth2 scopes that are request, by default the OpenId-native profile and email scopes.
'scopes' => 'profile email',
// The issuer of the identity token (id_token) this will be compared with what is returned in the token.
'idTokenIssuer' => env('OPENID_ISSUER', ''),
// Public key that's used to verify the JWT token with.
'publicKey' => env('OPENID_PUBLIC_KEY', ''),
// OAuth2 endpoints.
'urlAuthorize' => env('OPENID_URL_AUTHORIZE', ''),
'urlAccessToken' => env('OPENID_URL_TOKEN', ''),
'urlResourceOwnerDetails' => env('OPENID_URL_RESOURCE', ''),
],
];

6
app/Exceptions/OpenIdException.php Normal file
View File

@ -0,0 +1,6 @@
<?php namespace BookStack\Exceptions;
class OpenIdException extends NotifyException
{
}

3
app/Http/Controllers/Auth/LoginController.php
View File

@ -136,7 +136,7 @@ class LoginController extends Controller
{
// Authenticate on all session guards if a likely admin
if ($user->can('users-manage') && $user->can('user-roles-manage')) {
$guards = ['standard', 'ldap', 'saml2'];
$guards = ['standard', 'ldap', 'saml2', 'openid'];
foreach ($guards as $guard) {
auth($guard)->login($user);
}
@ -186,5 +186,4 @@ class LoginController extends Controller
return redirect('/login');
}
}

70
app/Http/Controllers/Auth/OpenIdController.php Normal file
View File

@ -0,0 +1,70 @@
<?php
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\OpenIdService;
use BookStack\Http\Controllers\Controller;
class OpenIdController extends Controller
{
protected $openidService;
/**
* OpenIdController constructor.
*/
public function __construct(OpenIdService $openidService)
{
parent::__construct();
$this->openidService = $openidService;
$this->middleware('guard:openid');
}
/**
* Start the authorization login flow via OpenId Connect.
*/
public function login()
{
$loginDetails = $this->openidService->login();
session()->flash('openid_state', $loginDetails['state']);
return redirect($loginDetails['url']);
}
/**
* Start the logout flow via OpenId Connect.
*/
public function logout()
{
$logoutDetails = $this->openidService->logout();
if ($logoutDetails['id']) {
session()->flash('saml2_logout_request_id', $logoutDetails['id']);
}
return redirect($logoutDetails['url']);
}
/**
* Authorization flow Redirect.
* Processes authorization response from the OpenId Connect Authorization Server.
*/
public function redirect()
{
$storedState = session()->pull('openid_state');
$responseState = request()->query('state');
if ($storedState !== $responseState) {
$this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
return redirect('/login');
}
$user = $this->openidService->processAuthorizeResponse(request()->query('code'));
if ($user === null) {
$this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')]));
return redirect('/login');
}
return redirect()->intended();
}
}

4
app/Http/Controllers/UserController.php
View File

@ -76,7 +76,7 @@ class UserController extends Controller
if ($authMethod === 'standard' && !$sendInvite) {
$validationRules['password'] = 'required|min:6';
$validationRules['password-confirm'] = 'required|same:password';
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
$validationRules['external_auth_id'] = 'required';
}
$this->validate($request, $validationRules);
@ -85,7 +85,7 @@ class UserController extends Controller
if ($authMethod === 'standard') {
$user->password = bcrypt($request->get('password', Str::random(32)));
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
$user->external_auth_id = $request->get('external_auth_id');
}

3
app/Http/Middleware/VerifyCsrfToken.php
View File

@ -19,6 +19,7 @@ class VerifyCsrfToken extends Middleware
* @var array
*/
protected $except = [
'saml2/*'
'saml2/*',
'openid/*'
];
}

11
app/Providers/AuthServiceProvider.php
View File

@ -7,6 +7,7 @@ use BookStack\Api\ApiTokenGuard;
use BookStack\Auth\Access\ExternalBaseUserProvider;
use BookStack\Auth\Access\Guards\LdapSessionGuard;
use BookStack\Auth\Access\Guards\Saml2SessionGuard;
use BookStack\Auth\Access\Guards\OpenIdSessionGuard;
use BookStack\Auth\Access\LdapService;
use BookStack\Auth\Access\RegistrationService;
use BookStack\Auth\UserRepo;
@ -45,6 +46,16 @@ class AuthServiceProvider extends ServiceProvider
$app[RegistrationService::class]
);
});
Auth::extend('openid-session', function ($app, $name, array $config) {
$provider = Auth::createUserProvider($config['provider']);
return new OpenIdSessionGuard(
$name,
$provider,
$this->app['session.store'],
$app[RegistrationService::class]
);
});
}
/**

3
composer.json
View File

@ -32,7 +32,8 @@
"socialiteproviders/microsoft-azure": "^3.0",
"socialiteproviders/okta": "^1.0",
"socialiteproviders/slack": "^3.0",
"socialiteproviders/twitch": "^5.0"
"socialiteproviders/twitch": "^5.0",
"steverhoades/oauth2-openid-connect-client": "^0.3.0"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.2.8",

177
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "34390536dd685e0bc49b179babaa06ec",
"content-hash": "f9d604c2456771f9b939f04492dde182",
"packages": [
{
"name": "aws/aws-sdk-php",
@ -1814,6 +1814,71 @@
],
"time": "2020-02-04T15:30:01+00:00"
},
{
"name": "lcobucci/jwt",
"version": "3.3.2",
"source": {
"type": "git",
"url": "https://github.com/lcobucci/jwt.git",
"reference": "56f10808089e38623345e28af2f2d5e4eb579455"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/lcobucci/jwt/zipball/56f10808089e38623345e28af2f2d5e4eb579455",
"reference": "56f10808089e38623345e28af2f2d5e4eb579455",
"shasum": ""
},
"require": {
"ext-mbstring": "*",
"ext-openssl": "*",
"php": "^5.6 || ^7.0"
},
"require-dev": {
"mikey179/vfsstream": "~1.5",
"phpmd/phpmd": "~2.2",
"phpunit/php-invoker": "~1.1",
"phpunit/phpunit": "^5.7 || ^7.3",
"squizlabs/php_codesniffer": "~2.3"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.1-dev"
}
},
"autoload": {
"psr-4": {
"Lcobucci\\JWT\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Luís Otávio Cobucci Oblonczyk",
"email": "lcobucci@gmail.com",
"role": "Developer"
}
],
"description": "A simple library to work with JSON Web Token and JSON Web Signature",
"keywords": [
"JWS",
"jwt"
],
"funding": [
{
"url": "https://github.com/lcobucci",
"type": "github"
},
{
"url": "https://www.patreon.com/lcobucci",
"type": "patreon"
}
],
"time": "2020-05-22T08:21:12+00:00"
},
{
"name": "league/commonmark",
"version": "1.4.3",
@ -2114,6 +2179,73 @@
],
"time": "2016-08-17T00:36:58+00:00"
},
{
"name": "league/oauth2-client",
"version": "2.4.1",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/oauth2-client.git",
"reference": "cc114abc622a53af969e8664722e84ca36257530"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/cc114abc622a53af969e8664722e84ca36257530",
"reference": "cc114abc622a53af969e8664722e84ca36257530",
"shasum": ""
},
"require": {
"guzzlehttp/guzzle": "^6.0",
"paragonie/random_compat": "^1|^2|^9.99",
"php": "^5.6|^7.0"
},
"require-dev": {
"eloquent/liberator": "^2.0",
"eloquent/phony-phpunit": "^1.0|^3.0",
"jakub-onderka/php-parallel-lint": "^0.9.2",
"phpunit/phpunit": "^5.7|^6.0",
"squizlabs/php_codesniffer": "^2.3|^3.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-2.x": "2.0.x-dev"
}
},
"autoload": {
"psr-4": {
"League\\OAuth2\\Client\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Alex Bilbie",
"email": "hello@alexbilbie.com",
"homepage": "http://www.alexbilbie.com",
"role": "Developer"
},
{
"name": "Woody Gilk",
"homepage": "https://github.com/shadowhand",
"role": "Contributor"
}
],
"description": "OAuth 2.0 Client Library",
"keywords": [
"Authentication",
"SSO",
"authorization",
"identity",
"idp",
"oauth",
"oauth2",
"single sign on"
],
"time": "2018-11-22T18:33:57+00:00"
},
{
"name": "monolog/monolog",
"version": "2.1.0",
@ -3502,6 +3634,49 @@
"description": "Twitch OAuth2 Provider for Laravel Socialite",
"time": "2020-05-06T22:51:30+00:00"
},
{
"name": "steverhoades/oauth2-openid-connect-client",
"version": "v0.3.0",
"source": {
"type": "git",
"url": "https://github.com/steverhoades/oauth2-openid-connect-client.git",
"reference": "0159471487540a4620b8d0b693f5f215503a8d75"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/steverhoades/oauth2-openid-connect-client/zipball/0159471487540a4620b8d0b693f5f215503a8d75",
"reference": "0159471487540a4620b8d0b693f5f215503a8d75",
"shasum": ""
},
"require": {
"lcobucci/jwt": "^3.2",
"league/oauth2-client": "^2.0"
},
"require-dev": {
"phpmd/phpmd": "~2.2",
"phpunit/php-invoker": "~1.1",
"phpunit/phpunit": "~4.5",
"squizlabs/php_codesniffer": "~2.3"
},
"type": "library",
"autoload": {
"psr-4": {
"OpenIDConnectClient\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Steve Rhoades",
"email": "sedonami@gmail.com"
}
],
"description": "OAuth2 OpenID Connect Client that utilizes the PHP Leagues OAuth2 Client",
"time": "2020-05-19T23:06:36+00:00"
},
{
"name": "swiftmailer/swiftmailer",
"version": "v6.2.3",

4
resources/lang/en/errors.php
View File

@ -23,6 +23,10 @@ return [
'saml_no_email_address' => 'Could not find an email address, for this user, in the data provided by the external authentication system',
'saml_invalid_response_id' => 'The request from the external authentication system is not recognised by a process started by this application. Navigating back after a login could cause this issue.',
'saml_fail_authed' => 'Login using :system failed, system did not provide successful authorization',
'openid_already_logged_in' => 'Already logged in',
'openid_user_not_registered' => 'The user :name is not registered and automatic registration is disabled',
'openid_no_email_address' => 'Could not find an email address, for this user, in the data provided by the external authentication system',
'openid_fail_authed' => 'Login using :system failed, system did not provide successful authorization',
'social_no_action_defined' => 'No action defined',
'social_login_bad_response' => "Error received during :socialAccount login: \n:error",
'social_account_in_use' => 'This :socialAccount account is already in use, Try logging in via the :socialAccount option.',

11
resources/views/auth/forms/login/openid.blade.php Normal file
View File

@ -0,0 +1,11 @@
<form action="{{ url('/openid/login') }}" method="POST" id="login-form" class="mt-l">
{!! csrf_field() !!}
<div>
<button id="saml-login" class="button outline block svg">
@icon('saml2')
<span>{{ trans('auth.log_in_with', ['socialDriver' => config('openid.name')]) }}</span>
</button>
</div>
</form>

2
resources/views/common/header.blade.php
View File

@ -66,6 +66,8 @@
<li>
@if(config('auth.method') === 'saml2')
<a href="{{ url('/saml2/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
@elseif(config('auth.method') === 'openid')
<a href="{{ url('/openid/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
@else
<a href="{{ url('/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
@endif

2
resources/views/settings/index.blade.php
View File

@ -224,7 +224,7 @@
'label' => trans('settings.reg_enable_toggle')
])
@if(in_array(config('auth.method'), ['ldap', 'saml2']))
@if(in_array(config('auth.method'), ['ldap', 'saml2', 'openid']))
<div class="text-warn text-small mb-l">{{ trans('settings.reg_enable_external_warning') }}</div>
@endif

2
resources/views/settings/roles/form.blade.php
View File

@ -19,7 +19,7 @@
@include('form.text', ['name' => 'description'])
</div>
@if(config('auth.method') === 'ldap' || config('auth.method') === 'saml2')
@if(config('auth.method') === 'ldap' || config('auth.method') === 'saml2' || config('auth.method') === 'openid')
<div class="form-group">
<label for="name">{{ trans('settings.role_external_auth_id') }}</label>
@include('form.text', ['name' => 'external_auth_id'])

2
resources/views/users/form.blade.php
View File

@ -25,7 +25,7 @@
</div>
</div>
@if(($authMethod === 'ldap' || $authMethod === 'saml2') && userCan('users-manage'))
@if(($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') && userCan('users-manage'))
<div class="grid half gap-xl v-center">
<div>
<label class="setting-list-label">{{ trans('settings.users_external_auth_id') }}</label>

5
routes/web.php
View File

@ -234,6 +234,11 @@ Route::get('/saml2/metadata', 'Auth\Saml2Controller@metadata');
Route::get('/saml2/sls', 'Auth\Saml2Controller@sls');
Route::post('/saml2/acs', 'Auth\Saml2Controller@acs');
// OpenId routes
Route::post('/openid/login', 'Auth\OpenIdController@login');
Route::get('/openid/logout', 'Auth\OpenIdController@logout');
Route::get('/openid/redirect', 'Auth\OpenIdController@redirect');
// User invitation routes
Route::get('/register/invite/{token}', 'Auth\UserInviteController@showSetPassword');
Route::post('/register/invite/{token}', 'Auth\UserInviteController@setPassword');

2
tests/Auth/AuthTest.php
View File

@ -387,6 +387,7 @@ class AuthTest extends BrowserKitTest
$this->assertTrue(auth()->check());
$this->assertTrue(auth('ldap')->check());
$this->assertTrue(auth('saml2')->check());
$this->assertTrue(auth('openid')->check());
}
public function test_login_authenticates_nonadmins_on_default_guard_only()
@ -399,6 +400,7 @@ class AuthTest extends BrowserKitTest
$this->assertTrue(auth()->check());
$this->assertFalse(auth('ldap')->check());
$this->assertFalse(auth('saml2')->check());
$this->assertFalse(auth('openid')->check());
}
/**