Updated laravel to 5.2 and started ldap implementation

This commit is contained in:
Dan Brown 2016-01-09 19:23:35 +00:00
parent e27a630a09
commit 14ca31768c
20 changed files with 950 additions and 517 deletions

View File

@ -3,8 +3,11 @@
namespace BookStack\Exceptions;
use Exception;
use Illuminate\Contracts\Validation\ValidationException;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Auth\Access\AuthorizationException;
class Handler extends ExceptionHandler
{
@ -14,7 +17,10 @@ class Handler extends ExceptionHandler
* @var array
*/
protected $dontReport = [
AuthorizationException::class,
HttpException::class,
ModelNotFoundException::class,
ValidationException::class,
];
/**

View File

@ -0,0 +1,9 @@
<?php namespace BookStack\Exceptions;
use Exception;
class LdapException extends Exception
{
}

View File

@ -29,7 +29,6 @@ class AuthController extends Controller
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $loginPath = '/login';
protected $redirectPath = '/';
protected $redirectAfterLogout = '/login';
@ -232,13 +231,9 @@ class AuthController extends Controller
*/
public function getLogin()
{
if (view()->exists('auth.authenticate')) {
return view('auth.authenticate');
}
$socialDrivers = $this->socialAuthService->getActiveDrivers();
return view('auth.login', ['socialDrivers' => $socialDrivers]);
$authMethod = 'standard'; // TODO - rewrite to use config.
return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
}
/**
@ -253,7 +248,7 @@ class AuthController extends Controller
}
/**
* Redirect to the social site for authentication initended to register.
* Redirect to the social site for authentication intended to register.
* @param $socialDriver
* @return mixed
*/

View File

@ -48,7 +48,7 @@ abstract class Controller extends BaseController
*/
protected function preventAccessForDemoUsers()
{
if (env('APP_ENV', 'production') === 'demo') $this->showPermissionError();
if (config('app.env') === 'demo') $this->showPermissionError();
}
/**

View File

@ -72,7 +72,7 @@ class UserController extends Controller
$user->attachRoleId($request->get('role'));
// Get avatar from gravatar and save
if (!env('DISABLE_EXTERNAL_SERVICES', false)) {
if (!config('services.disable_services')) {
$avatar = \Images::saveUserGravatar($user);
$user->avatar()->associate($avatar);
$user->save();

View File

@ -1,5 +1,11 @@
<?php
Route::get('/test', function() {
// TODO - remove this
$service = new \BookStack\Services\LdapService();
$service->getUserDetails('ssmith');
});
// Authenticated routes...
Route::group(['middleware' => 'auth'], function () {

View File

@ -0,0 +1,31 @@
<?php
namespace BookStack\Providers;
use Auth;
use Illuminate\Support\ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* Bootstrap the application services.
*
* @return void
*/
public function boot()
{
//
}
/**
* Register the application services.
*
* @return void
*/
public function register()
{
Auth::provider('ldap', function($app, array $config) {
return new LdapUserProvider($config['model']);
});
}
}

View File

@ -0,0 +1,117 @@
<?php
namespace BookStack\Providers;
use BookStack\User;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\UserProvider;
class LdapUserProvider implements UserProvider
{
/**
* The user model.
*
* @var string
*/
protected $model;
/**
* LdapUserProvider constructor.
* @param $model
*/
public function __construct($model)
{
$this->model = $model;
}
/**
* Create a new instance of the model.
*
* @return \Illuminate\Database\Eloquent\Model
*/
public function createModel()
{
$class = '\\'.ltrim($this->model, '\\');
return new $class;
}
/**
* Retrieve a user by their unique identifier.
*
* @param mixed $identifier
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveById($identifier)
{
return $this->createModel()->newQuery()->find($identifier);
}
/**
* Retrieve a user by their unique identifier and "remember me" token.
*
* @param mixed $identifier
* @param string $token
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByToken($identifier, $token)
{
$model = $this->createModel();
return $model->newQuery()
->where($model->getAuthIdentifierName(), $identifier)
->where($model->getRememberTokenName(), $token)
->first();
}
/**
* Update the "remember me" token for the given user in storage.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param string $token
* @return void
*/
public function updateRememberToken(Authenticatable $user, $token)
{
$user->setRememberToken($token);
$user->save();
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByCredentials(array $credentials)
{
// TODO: Implement retrieveByCredentials() method.
// Get user via LDAP
// Search current user base by looking up a uid
// If not exists create a new user instance with attached role
// but do not store it in the database yet
//
}
/**
* Validate a user against the given credentials.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
// TODO: Implement validateCredentials() method.
}
}

View File

@ -200,7 +200,7 @@ class ImageService
{
if ($this->storageInstance !== null) return $this->storageInstance;
$storageType = env('STORAGE_TYPE');
$storageType = config('filesystems.default');
$this->storageInstance = $this->fileSystem->disk($storageType);
return $this->storageInstance;
@ -226,10 +226,10 @@ class ImageService
private function getPublicUrl($filePath)
{
if ($this->storageUrl === null) {
$storageUrl = env('STORAGE_URL');
$storageUrl = config('filesystems.url');
// Get the standard public s3 url if s3 is set as storage type
if ($storageUrl == false && env('STORAGE_TYPE') === 's3') {
if ($storageUrl == false && config('filesystems.default') === 's3') {
$storageDetails = config('filesystems.disks.s3');
$storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];
}

View File

@ -0,0 +1,60 @@
<?php namespace BookStack\Services;
use BookStack\Exceptions\LdapException;
class LdapService
{
public function getUserDetails($userName)
{
if(!function_exists('ldap_connect')) {
throw new LdapException('LDAP PHP extension not installed');
}
$ldapServer = explode(':', config('services.ldap.server'));
$ldapConnection = ldap_connect($ldapServer[0], count($ldapServer) > 1 ? $ldapServer[1] : 389);
if ($ldapConnection === false) {
throw new LdapException('Cannot connect to ldap server, Initial connection failed');
}
// Options
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); // TODO - make configurable
$ldapDn = config('services.ldap.dn');
$ldapPass = config('services.ldap.pass');
$isAnonymous = ($ldapDn === false || $ldapPass === false);
if ($isAnonymous) {
$ldapBind = ldap_bind($ldapConnection);
} else {
$ldapBind = ldap_bind($ldapConnection, $ldapDn, $ldapPass);
}
if (!$ldapBind) throw new LdapException('LDAP access failed using ' . $isAnonymous ? ' anonymous bind.' : ' given dn & pass details');
// Find user
$userFilter = $this->buildFilter(config('services.ldap.user_filter'), ['user' => $userName]);
//dd($userFilter);
$baseDn = config('services.ldap.base_dn');
$ldapSearch = ldap_search($ldapConnection, $baseDn, $userFilter);
$users = ldap_get_entries($ldapConnection, $ldapSearch);
dd($users);
}
private function buildFilter($filterString, $attrs)
{
$newAttrs = [];
foreach ($attrs as $key => $attrText) {
$newKey = '${'.$key.'}';
$newAttrs[$newKey] = $attrText;
}
return strtr($filterString, $newAttrs);
}
}

View File

@ -172,9 +172,10 @@ class SocialAuthService
*/
private function checkDriverConfigured($driver)
{
$upperName = strtoupper($driver);
$config = [env($upperName . '_APP_ID', false), env($upperName . '_APP_SECRET', false), env('APP_URL', false)];
return (!in_array(false, $config) && !in_array(null, $config));
$lowerName = strtolower($driver);
$configPrefix = 'services.' . $lowerName . '.';
$config = [config($configPrefix . 'client_id'), config($configPrefix . 'client_secret'), config('services.callback_url')];
return !in_array(false, $config) && !in_array(null, $config);
}
/**

View File

@ -6,7 +6,7 @@
"type": "project",
"require": {
"php": ">=5.5.9",
"laravel/framework": "5.1.*",
"laravel/framework": "5.2.*",
"intervention/image": "^2.3",
"laravel/socialite": "^2.0",
"barryvdh/laravel-ide-helper": "^2.1",
@ -17,7 +17,9 @@
"fzaninotto/faker": "~1.4",
"mockery/mockery": "0.9.*",
"phpunit/phpunit": "~4.0",
"phpspec/phpspec": "~2.1"
"phpspec/phpspec": "~2.1",
"symfony/dom-crawler": "~3.0",
"symfony/css-selector": "~3.0"
},
"autoload": {
"classmap": [

1019
composer.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -2,6 +2,9 @@
return [
'env' => env('APP_ENV', 'production'),
/*
|--------------------------------------------------------------------------
| Application Debug Mode
@ -113,13 +116,11 @@ return [
/*
* Laravel Framework Service Providers...
*/
Illuminate\Foundation\Providers\ArtisanServiceProvider::class,
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Routing\ControllerServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
@ -149,6 +150,7 @@ return [
/*
* Application Service Providers...
*/
BookStack\Providers\AuthServiceProvider::class,
BookStack\Providers\AppServiceProvider::class,
BookStack\Providers\EventServiceProvider::class,
BookStack\Providers\RouteServiceProvider::class,

View File

@ -2,66 +2,109 @@
return [
'method' => env('AUTH_METHOD', 'standard'),
/*
|--------------------------------------------------------------------------
| Default Authentication Driver
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the authentication driver that will be utilized.
| This driver manages the retrieval and authentication of the users
| attempting to get access to protected areas of your application.
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'driver' => 'eloquent',
'providers' => [
'users' => [
'driver' => env('AUTH_METHOD', 'eloquent'),
'model' => Bookstack\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Authentication Model
|--------------------------------------------------------------------------
|
| When using the "Eloquent" authentication driver, we need to know which
| Eloquent model should be used to retrieve your users. Of course, it
| is often just the "User" model but you may use whatever you like.
|
*/
'model' => BookStack\User::class,
/*
|--------------------------------------------------------------------------
| Authentication Table
|--------------------------------------------------------------------------
|
| When using the "Database" authentication driver, we need to know which
| table should be used to retrieve your users. We have chosen a basic
| default value but you may easily change it to any table you like.
|
*/
'table' => 'users',
/*
|--------------------------------------------------------------------------
| Password Reset Settings
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You can also set the name of the
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'password' => [
'passwords' => [
'users' => [
'provider' => 'users',
'email' => 'emails.password',
'table' => 'password_resets',
'expire' => 60,
],
],
];

View File

@ -15,7 +15,18 @@ return [
|
*/
'default' => 'local',
'default' => env('STORAGE_TYPE', 'local'),
/*
|--------------------------------------------------------------------------
| Storage URL
|--------------------------------------------------------------------------
|
| This is the url to where the storage is located for when using an external
| file storage service, such as s3, to store publicly accessible assets.
|
*/
'url' => env('STORAGE_URL', false),
/*
|--------------------------------------------------------------------------

View File

@ -13,6 +13,8 @@ return [
| to have a conventional place to find your various credentials.
|
*/
'disable_services' => env('DISABLE_EXTERNAL_SERVICES', false),
'callback_url' => env('APP_URL', false),
'mailgun' => [
'domain' => '',
@ -47,4 +49,12 @@ return [
'redirect' => env('APP_URL') . '/login/service/google/callback',
],
'ldap' => [
'server' => env('LDAP_SERVER', false),
'dn' => env('LDAP_DN', false),
'pass' => env('LDAP_PASS', false),
'base_dn' => env('LDAP_BASE_DN', false),
'user_filter' => env('LDAP_USER_FILTER', '(&(uid=${user}))')
]
];

View File

@ -0,0 +1,9 @@
<div class="form-group">
<label for="email">Username</label>
@include('form/text', ['name' => 'email', 'tabindex' => 1])
</div>
<div class="form-group">
<label for="password">Password</label>
@include('form/password', ['name' => 'password', 'tabindex' => 2])
</div>

View File

@ -0,0 +1,10 @@
<div class="form-group">
<label for="email">Email</label>
@include('form/text', ['name' => 'email', 'tabindex' => 1])
</div>
<div class="form-group">
<label for="password">Password</label>
@include('form/password', ['name' => 'password', 'tabindex' => 2])
<span class="block small"><a href="/password/email">Forgot Password?</a></span>
</div>

View File

@ -15,16 +15,8 @@
<form action="/login" method="POST" id="login-form">
{!! csrf_field() !!}
<div class="form-group">
<label for="email">Email</label>
@include('form/text', ['name' => 'email', 'tabindex' => 1])
</div>
<div class="form-group">
<label for="password">Password</label>
@include('form/password', ['name' => 'password', 'tabindex' => 2])
<span class="block small"><a href="/password/email">Forgot Password?</a></span>
</div>
@include('auth/forms/login/' . $authMethod)
<div class="form-group">
<label for="remember" class="inline">Remember Me</label>
@ -34,7 +26,7 @@
<div class="from-group">
<button class="button block pos" tabindex="3">Sign In</button>
<button class="button block pos" tabindex="3"><i class="zmdi zmdi-sign-in"></i> Sign In</button>
</div>
</form>