From 14feef3679b6ecdce656d56dd754357997084632 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Wed, 13 Jan 2016 22:22:30 +0000 Subject: [PATCH] Updated user interfaces for LDAP and added email from LDAP --- app/Http/Controllers/Auth/AuthController.php | 15 ++++++++-- app/Http/Controllers/UserController.php | 16 ++++++++-- app/Providers/LdapUserProvider.php | 2 +- app/Repos/UserRepo.php | 2 +- app/Services/LdapService.php | 5 ++-- app/Services/SettingService.php | 28 +++++++++++++++-- app/User.php | 4 +-- config/auth.php | 2 +- phpunit.xml | 1 + .../views/auth/forms/login/ldap.blade.php | 10 +++++++ resources/views/users/create.blade.php | 2 +- resources/views/users/edit.blade.php | 2 +- resources/views/users/forms/ldap.blade.php | 30 +++++++++++++++++++ .../standard.blade.php} | 8 ++--- 14 files changed, 106 insertions(+), 21 deletions(-) create mode 100644 resources/views/users/forms/ldap.blade.php rename resources/views/users/{form.blade.php => forms/standard.blade.php} (81%) diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php index 98ef67987..21abfb24c 100644 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -118,11 +118,22 @@ class AuthController extends Controller */ protected function authenticated(Request $request, Authenticatable $user) { + if(!$user->exists && $user->email === null && !$request->has('email')) { + $request->flash(); + session()->flash('request-email', true); + return redirect('/login'); + } + + if(!$user->exists && $user->email === null && $request->has('email')) { + $user->email = $request->get('email'); + } + if(!$user->exists) { $user->save(); $this->userRepo->attachDefaultRole($user); auth()->login($user); } + return redirect()->intended($this->redirectPath()); } @@ -183,7 +194,7 @@ class AuthController extends Controller } /** - * Show the page to tell the user to check thier email + * Show the page to tell the user to check their email * and confirm their address. */ public function getRegisterConfirmation() @@ -243,7 +254,7 @@ class AuthController extends Controller ]); $user = $this->userRepo->getByEmail($request->get('email')); $this->emailConfirmationService->sendConfirmation($user); - \Session::flash('success', 'Confirmation email resent, Please check your inbox.'); + session()->flash('success', 'Confirmation email resent, Please check your inbox.'); return redirect('/register/confirm'); } diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 9184b245e..f504f4477 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -46,7 +46,8 @@ class UserController extends Controller public function create() { $this->checkPermission('user-create'); - return view('users/create'); + $authMethod = config('auth.method'); + return view('users/create', ['authMethod' => $authMethod]); } /** @@ -94,10 +95,12 @@ class UserController extends Controller return $this->currentUser->id == $id; }); + $authMethod = config('auth.method'); + $user = $this->user->findOrFail($id); $activeSocialDrivers = $socialAuthService->getActiveDrivers(); $this->setPageTitle('User Profile'); - return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers]); + return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]); } /** @@ -124,17 +127,24 @@ class UserController extends Controller ]); $user = $this->user->findOrFail($id); - $user->fill($request->except('password')); + $user->fill($request->all()); + // Role updates if ($this->currentUser->can('user-update') && $request->has('role')) { $user->attachRoleId($request->get('role')); } + // Password updates if ($request->has('password') && $request->get('password') != '') { $password = $request->get('password'); $user->password = bcrypt($password); } + // External auth id updates + if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) { + $user->external_auth_id = $request->get('external_auth_id'); + } + $user->save(); return redirect('/users'); } diff --git a/app/Providers/LdapUserProvider.php b/app/Providers/LdapUserProvider.php index 407791a7d..98cfc8340 100644 --- a/app/Providers/LdapUserProvider.php +++ b/app/Providers/LdapUserProvider.php @@ -87,7 +87,6 @@ class LdapUserProvider implements UserProvider public function updateRememberToken(Authenticatable $user, $token) { $user->setRememberToken($token); - $user->save(); } @@ -113,6 +112,7 @@ class LdapUserProvider implements UserProvider $model->name = $userDetails['name']; $model->external_auth_id = $userDetails['uid']; + $model->email = $userDetails['email']; return $model; } diff --git a/app/Repos/UserRepo.php b/app/Repos/UserRepo.php index 88918910a..77ad22f39 100644 --- a/app/Repos/UserRepo.php +++ b/app/Repos/UserRepo.php @@ -88,7 +88,7 @@ class UserRepo */ public function create(array $data) { - return $this->user->create([ + return $this->user->forceCreate([ 'name' => $data['name'], 'email' => $data['email'], 'password' => bcrypt($data['password']) diff --git a/app/Services/LdapService.php b/app/Services/LdapService.php index bceed682a..cd80290e4 100644 --- a/app/Services/LdapService.php +++ b/app/Services/LdapService.php @@ -23,7 +23,7 @@ class LdapService // Find user $userFilter = $this->buildFilter(config('services.ldap.user_filter'), ['user' => $userName]); $baseDn = config('services.ldap.base_dn'); - $ldapSearch = ldap_search($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn']); + $ldapSearch = ldap_search($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', 'mail']); $users = ldap_get_entries($ldapConnection, $ldapSearch); if ($users['count'] === 0) return null; @@ -31,7 +31,8 @@ class LdapService return [ 'uid' => $user['uid'][0], 'name' => $user['cn'][0], - 'dn' => $user['dn'] + 'dn' => $user['dn'], + 'email' => (isset($user['mail'])) ? $user['mail'][0] : null ]; } diff --git a/app/Services/SettingService.php b/app/Services/SettingService.php index 7f2549c7d..bcc7eae31 100644 --- a/app/Services/SettingService.php +++ b/app/Services/SettingService.php @@ -38,7 +38,7 @@ class SettingService */ public function get($key, $default = false) { - $value = $this->getValueFromStore($key, $default); + $value = $this->getValueFromStore($key, $default); return $this->formatValue($value, $default); } @@ -50,13 +50,17 @@ class SettingService */ protected function getValueFromStore($key, $default) { + $overrideValue = $this->getOverrideValue($key); + if ($overrideValue !== null) return $overrideValue; + $cacheKey = $this->cachePrefix . $key; if ($this->cache->has($cacheKey)) { return $this->cache->get($cacheKey); } $settingObject = $this->getSettingObjectByKey($key); - if($settingObject !== null) { + + if ($settingObject !== null) { $value = $settingObject->value; $this->cache->forever($cacheKey, $value); return $value; @@ -65,6 +69,10 @@ class SettingService return $default; } + /** + * Clear an item from the cache completely. + * @param $key + */ protected function clearFromCache($key) { $cacheKey = $this->cachePrefix . $key; @@ -136,9 +144,23 @@ class SettingService * @param $key * @return mixed */ - private function getSettingObjectByKey($key) + protected function getSettingObjectByKey($key) { return $this->setting->where('setting_key', '=', $key)->first(); } + + /** + * Returns an override value for a setting based on certain app conditions. + * Used where certain configuration options overrule others. + * Returns null if no override value is available. + * @param $key + * @return bool|null + */ + protected function getOverrideValue($key) + { + if ($key === 'registration-enabled' && config('auth.method') === 'ldap') return false; + return null; + } + } \ No newline at end of file diff --git a/app/User.php b/app/User.php index 1be98c3c4..4a5914afd 100644 --- a/app/User.php +++ b/app/User.php @@ -24,7 +24,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon * * @var array */ - protected $fillable = ['name', 'email', 'password', 'image_id']; + protected $fillable = ['name', 'email', 'image_id']; /** * The attributes excluded from the model's JSON form. @@ -68,7 +68,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon } /** - * Loads the user's permissions from thier role. + * Loads the user's permissions from their role. */ private function loadPermissions() { diff --git a/config/auth.php b/config/auth.php index 0f2d5a69c..ceeab5c71 100644 --- a/config/auth.php +++ b/config/auth.php @@ -69,7 +69,7 @@ return [ 'providers' => [ 'users' => [ - 'driver' => env('AUTH_METHOD', 'eloquent'), + 'driver' => env('AUTH_METHOD', 'standard') === 'standard' ? 'eloquent' : env('AUTH_METHOD'), 'model' => BookStack\User::class, ], diff --git a/phpunit.xml b/phpunit.xml index 1704159e2..48c0dde22 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -26,6 +26,7 @@ + diff --git a/resources/views/auth/forms/login/ldap.blade.php b/resources/views/auth/forms/login/ldap.blade.php index eb0a3182f..5230d43ca 100644 --- a/resources/views/auth/forms/login/ldap.blade.php +++ b/resources/views/auth/forms/login/ldap.blade.php @@ -3,6 +3,16 @@ @include('form/text', ['name' => 'username', 'tabindex' => 1]) +@if(session('request-email', false) === true) +
+ + @include('form/text', ['name' => 'email', 'tabindex' => 1]) + + Please enter an email to use for this account. + +
+@endif +
@include('form/password', ['name' => 'password', 'tabindex' => 2]) diff --git a/resources/views/users/create.blade.php b/resources/views/users/create.blade.php index f20ae6fc4..e6398b867 100644 --- a/resources/views/users/create.blade.php +++ b/resources/views/users/create.blade.php @@ -8,7 +8,7 @@
{!! csrf_field() !!} - @include('users/form') + @include('users.forms.' . $authMethod)
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index e7100bdb1..59457eb15 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -25,7 +25,7 @@

Edit {{ $user->id === $currentUser->id ? 'Profile' : 'User' }}

{!! csrf_field() !!} - @include('users/form', ['model' => $user]) + @include('users.forms.' . $authMethod, ['model' => $user])
diff --git a/resources/views/users/forms/ldap.blade.php b/resources/views/users/forms/ldap.blade.php new file mode 100644 index 000000000..3897dfd9a --- /dev/null +++ b/resources/views/users/forms/ldap.blade.php @@ -0,0 +1,30 @@ +
+ + @include('form.text', ['name' => 'name']) +
+ +@if($currentUser->can('user-update')) +
+ + @include('form.text', ['name' => 'email']) +
+@endif + +@if($currentUser->can('user-update')) +
+ + @include('form.role-select', ['name' => 'role', 'options' => \BookStack\Role::all(), 'displayKey' => 'display_name']) +
+@endif + +@if($currentUser->can('user-update')) +
+ + @include('form.text', ['name' => 'external_auth_id']) +
+@endif + +
+ Cancel + +
\ No newline at end of file diff --git a/resources/views/users/form.blade.php b/resources/views/users/forms/standard.blade.php similarity index 81% rename from resources/views/users/form.blade.php rename to resources/views/users/forms/standard.blade.php index 16176bb8d..7960a7ed5 100644 --- a/resources/views/users/form.blade.php +++ b/resources/views/users/forms/standard.blade.php @@ -1,11 +1,11 @@
- @include('form/text', ['name' => 'name']) + @include('form.text', ['name' => 'name'])
- @include('form/text', ['name' => 'email']) + @include('form.text', ['name' => 'email'])
@if($currentUser->can('user-update')) @@ -25,12 +25,12 @@
- @include('form/password', ['name' => 'password']) + @include('form.password', ['name' => 'password'])
- @include('form/password', ['name' => 'password-confirm']) + @include('form.password', ['name' => 'password-confirm'])