Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-08-25 03:35:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from BookStackApp/master

Browse Source 
同步作者更新内容
This commit is contained in:
jzoy 2020-02-18 22:30:53 +08:00 committed by GitHub
commit 27191d1a2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
292 changed files with 10449 additions and 4836 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.env.example.complete
View File

@ -37,6 +37,11 @@ APP_AUTO_LANG_PUBLIC=true
# Valid timezone values can be found here: https://www.php.net/manual/en/timezones.php
APP_TIMEZONE=UTC
# Application theme
# Used to specific a themes/<APP_THEME> folder where BookStack UI
# overrides can be made. Defaults to disabled.
APP_THEME=false
# Database details
# Host can contain a port (localhost:3306) or a separate DB_PORT option can be used.
DB_HOST=localhost
@ -121,7 +126,7 @@ STORAGE_S3_ENDPOINT=https://my-custom-s3-compatible.service.com:8001
STORAGE_URL=false
# Authentication method to use
# Can be 'standard' or 'ldap'
# Can be 'standard', 'ldap' or 'saml2'
AUTH_METHOD=standard
# Social authentication configuration
@ -191,9 +196,11 @@ LDAP_PASS=false
LDAP_USER_FILTER=false
LDAP_VERSION=false
LDAP_TLS_INSECURE=false
LDAP_ID_ATTRIBUTE=uid
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_FOLLOW_REFERRALS=true
LDAP_DUMP_USER_DETAILS=false
# LDAP group sync configuration
# Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
@ -204,8 +211,6 @@ LDAP_REMOVE_FROM_GROUPS=false
# SAML authentication configuration
# Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
SAML2_NAME=SSO
SAML2_ENABLED=false
SAML2_AUTO_REGISTER=true
SAML2_EMAIL_ATTRIBUTE=email
SAML2_DISPLAY_NAME_ATTRIBUTES=username
SAML2_EXTERNAL_ID_ATTRIBUTE=null
@ -257,3 +262,9 @@ ALLOW_CONTENT_SCRIPTS=false
# Contents of the robots.txt file can be overridden, making this option obsolete.
ALLOW_ROBOTS=null
# The default and maximum item-counts for listing API requests.
API_DEFAULT_ITEM_COUNT=100
API_MAX_ITEM_COUNT=500
# The number of API requests that can be made per minute by a single user.
API_REQUESTS_PER_MIN=180

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -1,5 +1,5 @@
---
name: Bug report
name: Bug Report
about: Create a report to help us improve
---

2
.github/ISSUE_TEMPLATE/feature_request.md vendored
View File

@ -1,5 +1,5 @@
---
name: Feature request
name: Feature Request
about: Suggest an idea for this project
---

13
.github/ISSUE_TEMPLATE/language_request.md vendored Normal file
View File

@ -0,0 +1,13 @@
---
name: Language Request
about: Request a new language to be added to Crowdin for you to translate
---
### Language To Add
_Specify here the language you want to add._
----
_This issue template is to request a new language be added to our [Crowdin translation management project](https://crowdin.com/project/bookstack). Please don't use this template to request a new language that you are not prepared to provide translations for._

73
.github/translators.txt vendored Normal file
View File

@ -0,0 +1,73 @@
Name :: Languages
@robertlandes :: German
@SergioMendolia :: French
@NakaharaL :: Portuguese, Brazilian
@ReeseSebastian :: German
@arietimmerman :: Dutch
@diegoseso :: Spanish
@S64 :: Japanese
@JachuPL :: Polish
@Joorem :: French
@timoschwarzer :: German
@sanderdw :: Dutch
@lbguilherme :: Portuguese, Brazilian
@marcusforsberg :: Swedish
@artur-trzesiok :: Polish
@Alwaysin :: French
@msaus :: Japanese
@moucho :: Spanish
@vriic :: German
@DeehSlash :: Portuguese, Brazilian
@alex2702 :: German
@nicobubulle :: French
@kmoj86 :: Arabic
@houbaron :: Chinese Traditional; Chinese Simplified
@mullinsmikey :: Russian
@limkukhyun :: Korean
@CliffyPrime :: German
@kejjang :: Chinese Traditional
@TheLastOperator :: French
@qianmengnet :: Simplified Chinese
@ezzra :: German; German Informal
@vasiliev123 :: Polish
@Mant1kor :: Ukrainian
@Xiphoseer :: German; German Informal
@maantje :: Dutch
@cima :: Czech
@agvol :: Russian
@Hambern :: Swedish
@NootoNooto :: Dutch
@kostefun :: Russian
@lucaguindani :: French
@miles75 :: Hungarian
@danielroehrig-mm :: German
@oykenfurkan :: Turkish
@qligier :: French
@johnroyer :: Traditional Chinese
@artskoczylas :: Polish
@dellamina :: Italian
@jzoy :: Simplified Chinese
@ististudio :: Korean
@leomartinez :: Spanish Argentina
cipi1965 :: Italian
Mykola Ronik (Mantikor) :: Ukrainian
furkanoyk :: Turkish
m0uch0 :: Spanish
Maxim Zalata (zlatin) :: Russian; Ukrainian
nutsflag :: French
Leonardo Mario Martinez (leonardo.m.martinez) :: Spanish, Argentina
Rodrigo Saczuk Niz (rodrigoniz) :: Portuguese, Brazilian
叫钦叔就好 (254351722) :: Chinese Traditional; Chinese Simplified
aekramer :: Dutch
JachuPL :: Polish
milesteg :: Hungarian
Beenbag :: German
Lett3rs :: Danish
Julian (julian.henneberg) :: German; German Informal
3GNWn :: Danish
dbguichu :: Chinese Simplified
Randy Kim (hyunjun) :: Korean
Francesco M. Taurino (ftaurino) :: Italian
DanielFrederiksen :: Danish
Finn Wessel (19finnwessel6) :: German
Gustav Kånåhols (Kurbitz) :: Swedish

26
.github/workflows/phpunit.yml vendored
View File

@ -1,6 +1,15 @@
name: phpunit
on: [push, pull_request]
on:
push:
branches:
- master
- release
pull_request:
branches:
- '*'
- '*/*'
- '!l10n_master'
jobs:
build:
@ -10,17 +19,32 @@ jobs:
php: [7.2, 7.3]
steps:
- uses: actions/checkout@v1
- name: Get Composer Cache Directory
id: composer-cache
run: |
echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Cache composer packages
uses: actions/cache@v1
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ matrix.php }}
- name: Setup Database
run: |
mysql -uroot -proot -e 'CREATE DATABASE IF NOT EXISTS `bookstack-test`;'
mysql -uroot -proot -e "CREATE USER 'bookstack-test'@'localhost' IDENTIFIED BY 'bookstack-test';"
mysql -uroot -proot -e "GRANT ALL ON \`bookstack-test\`.* TO 'bookstack-test'@'localhost';"
mysql -uroot -proot -e 'FLUSH PRIVILEGES;'
- name: Install composer dependencies & Test
run: composer install --prefer-dist --no-interaction --ansi
- name: Migrate and seed the database
run: |
php${{ matrix.php }} artisan migrate --force -n --database=mysql_testing
php${{ matrix.php }} artisan db:seed --force -n --class=DummyContentSeeder --database=mysql_testing
- name: phpunit
run: php${{ matrix.php }} ./vendor/bin/phpunit

3
.gitignore vendored
View File

@ -22,4 +22,5 @@ nbproject
.project
.settings/
webpack-stats.json
.phpunit.result.cache
.phpunit.result.cache
.DS_Store

2
LICENSE
View File

@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2018 Dan Brown and the BookStack Project contributors
Copyright (c) 2020 Dan Brown and the BookStack Project contributors
https://github.com/BookStackApp/BookStack/graphs/contributors
Permission is hereby granted, free of charge, to any person obtaining a copy

125
app/Api/ApiDocsGenerator.php Normal file
View File

@ -0,0 +1,125 @@
<?php namespace BookStack\Api;
use BookStack\Http\Controllers\Api\ApiController;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Route;
use ReflectionClass;
use ReflectionException;
use ReflectionMethod;
class ApiDocsGenerator
{
protected $reflectionClasses = [];
protected $controllerClasses = [];
/**
* Generate API documentation.
*/
public function generate(): Collection
{
$apiRoutes = $this->getFlatApiRoutes();
$apiRoutes = $this->loadDetailsFromControllers($apiRoutes);
$apiRoutes = $this->loadDetailsFromFiles($apiRoutes);
$apiRoutes = $apiRoutes->groupBy('base_model');
return $apiRoutes;
}
/**
* Load any API details stored in static files.
*/
protected function loadDetailsFromFiles(Collection $routes): Collection
{
return $routes->map(function (array $route) {
$exampleTypes = ['request', 'response'];
foreach ($exampleTypes as $exampleType) {
$exampleFile = base_path("dev/api/{$exampleType}s/{$route['name']}.json");
$exampleContent = file_exists($exampleFile) ? file_get_contents($exampleFile) : null;
$route["example_{$exampleType}"] = $exampleContent;
}
return $route;
});
}
/**
* Load any details we can fetch from the controller and its methods.
*/
protected function loadDetailsFromControllers(Collection $routes): Collection
{
return $routes->map(function (array $route) {
$method = $this->getReflectionMethod($route['controller'], $route['controller_method']);
$comment = $method->getDocComment();
$route['description'] = $comment ? $this->parseDescriptionFromMethodComment($comment) : null;
$route['body_params'] = $this->getBodyParamsFromClass($route['controller'], $route['controller_method']);
return $route;
});
}
/**
* Load body params and their rules by inspecting the given class and method name.
* @throws \Illuminate\Contracts\Container\BindingResolutionException
*/
protected function getBodyParamsFromClass(string $className, string $methodName): ?array
{
/** @var ApiController $class */
$class = $this->controllerClasses[$className] ?? null;
if ($class === null) {
$class = app()->make($className);
$this->controllerClasses[$className] = $class;
}
$rules = $class->getValdationRules()[$methodName] ?? [];
foreach ($rules as $param => $ruleString) {
$rules[$param] = explode('|', $ruleString);
}
return count($rules) > 0 ? $rules : null;
}
/**
* Parse out the description text from a class method comment.
*/
protected function parseDescriptionFromMethodComment(string $comment)
{
$matches = [];
preg_match_all('/^\s*?\*\s((?![@\s]).*?)$/m', $comment, $matches);
return implode(' ', $matches[1] ?? []);
}
/**
* Get a reflection method from the given class name and method name.
* @throws ReflectionException
*/
protected function getReflectionMethod(string $className, string $methodName): ReflectionMethod
{
$class = $this->reflectionClasses[$className] ?? null;
if ($class === null) {
$class = new ReflectionClass($className);
$this->reflectionClasses[$className] = $class;
}
return $class->getMethod($methodName);
}
/**
* Get the system API routes, formatted into a flat collection.
*/
protected function getFlatApiRoutes(): Collection
{
return collect(Route::getRoutes()->getRoutes())->filter(function ($route) {
return strpos($route->uri, 'api/') === 0;
})->map(function ($route) {
[$controller, $controllerMethod] = explode('@', $route->action['uses']);
$baseModelName = explode('.', explode('/', $route->uri)[1])[0];
$shortName = $baseModelName . '-' . $controllerMethod;
return [
'name' => $shortName,
'uri' => $route->uri,
'method' => $route->methods[0],
'controller' => $controller,
'controller_method' => $controllerMethod,
'base_model' => $baseModelName,
];
});
}
}

31
app/Api/ApiToken.php Normal file
View File

@ -0,0 +1,31 @@
<?php namespace BookStack\Api;
use BookStack\Auth\User;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Support\Carbon;
class ApiToken extends Model
{
protected $fillable = ['name', 'expires_at'];
protected $casts = [
'expires_at' => 'date:Y-m-d'
];
/**
* Get the user that this token belongs to.
*/
public function user(): BelongsTo
{
return $this->belongsTo(User::class);
}
/**
* Get the default expiry value for an API token.
* Set to 100 years from now.
*/
public static function defaultExpiry(): string
{
return Carbon::now()->addYears(100)->format('Y-m-d');
}
}

166
app/Api/ApiTokenGuard.php Normal file
View File

@ -0,0 +1,166 @@
<?php
namespace BookStack\Api;
use BookStack\Exceptions\ApiAuthException;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Hash;
use Symfony\Component\HttpFoundation\Request;
class ApiTokenGuard implements Guard
{
use GuardHelpers;
/**
* The request instance.
*/
protected $request;
/**
* The last auth exception thrown in this request.
* @var ApiAuthException
*/
protected $lastAuthException;
/**
* ApiTokenGuard constructor.
*/
public function __construct(Request $request)
{
$this->request = $request;
}
/**
* @inheritDoc
*/
public function user()
{
// Return the user if we've already retrieved them.
// Effectively a request-instance cache for this method.
if (!is_null($this->user)) {
return $this->user;
}
$user = null;
try {
$user = $this->getAuthorisedUserFromRequest();
} catch (ApiAuthException $exception) {
$this->lastAuthException = $exception;
}
$this->user = $user;
return $user;
}
/**
* Determine if current user is authenticated. If not, throw an exception.
*
* @return \Illuminate\Contracts\Auth\Authenticatable
*
* @throws ApiAuthException
*/
public function authenticate()
{
if (! is_null($user = $this->user())) {
return $user;
}
if ($this->lastAuthException) {
throw $this->lastAuthException;
}
throw new ApiAuthException('Unauthorized');
}
/**
* Check the API token in the request and fetch a valid authorised user.
* @throws ApiAuthException
*/
protected function getAuthorisedUserFromRequest(): Authenticatable
{
$authToken = trim($this->request->headers->get('Authorization', ''));
$this->validateTokenHeaderValue($authToken);
[$id, $secret] = explode(':', str_replace('Token ', '', $authToken));
$token = ApiToken::query()
->where('token_id', '=', $id)
->with(['user'])->first();
$this->validateToken($token, $secret);
return $token->user;
}
/**
* Validate the format of the token header value string.
* @throws ApiAuthException
*/
protected function validateTokenHeaderValue(string $authToken): void
{
if (empty($authToken)) {
throw new ApiAuthException(trans('errors.api_no_authorization_found'));
}
if (strpos($authToken, ':') === false || strpos($authToken, 'Token ') !== 0) {
throw new ApiAuthException(trans('errors.api_bad_authorization_format'));
}
}
/**
* Validate the given secret against the given token and ensure the token
* currently has access to the instance API.
* @throws ApiAuthException
*/
protected function validateToken(?ApiToken $token, string $secret): void
{
if ($token === null) {
throw new ApiAuthException(trans('errors.api_user_token_not_found'));
}
if (!Hash::check($secret, $token->secret)) {
throw new ApiAuthException(trans('errors.api_incorrect_token_secret'));
}
$now = Carbon::now();
if ($token->expires_at <= $now) {
throw new ApiAuthException(trans('errors.api_user_token_expired'), 403);
}
if (!$token->user->can('access-api')) {
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
}
}
/**
* @inheritDoc
*/
public function validate(array $credentials = [])
{
if (empty($credentials['id']) || empty($credentials['secret'])) {
return false;
}
$token = ApiToken::query()
->where('token_id', '=', $credentials['id'])
->with(['user'])->first();
if ($token === null) {
return false;
}
return Hash::check($credentials['secret'], $token->secret);
}
/**
* "Log out" the currently authenticated user.
*/
public function logout()
{
$this->user = null;
}
}

135
app/Api/ListingResponseBuilder.php Normal file
View File

@ -0,0 +1,135 @@
<?php namespace BookStack\Api;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Http\Request;
class ListingResponseBuilder
{
protected $query;
protected $request;
protected $fields;
protected $filterOperators = [
'eq' => '=',
'ne' => '!=',
'gt' => '>',
'lt' => '<',
'gte' => '>=',
'lte' => '<=',
'like' => 'like'
];
/**
* ListingResponseBuilder constructor.
*/
public function __construct(Builder $query, Request $request, array $fields)
{
$this->query = $query;
$this->request = $request;
$this->fields = $fields;
}
/**
* Get the response from this builder.
*/
public function toResponse()
{
$data = $this->fetchData();
$total = $this->query->count();
return response()->json([
'data' => $data,
'total' => $total,
]);
}
/**
* Fetch the data to return in the response.
*/
protected function fetchData(): Collection
{
$this->applyCountAndOffset($this->query);
$this->applySorting($this->query);
$this->applyFiltering($this->query);
return $this->query->get($this->fields);
}
/**
* Apply any filtering operations found in the request.
*/
protected function applyFiltering(Builder $query)
{
$requestFilters = $this->request->get('filter', []);
if (!is_array($requestFilters)) {
return;
}
$queryFilters = collect($requestFilters)->map(function ($value, $key) {
return $this->requestFilterToQueryFilter($key, $value);
})->filter(function ($value) {
return !is_null($value);
})->values()->toArray();
$query->where($queryFilters);
}
/**
* Convert a request filter query key/value pair into a [field, op, value] where condition.
*/
protected function requestFilterToQueryFilter($fieldKey, $value): ?array
{
$splitKey = explode(':', $fieldKey);
$field = $splitKey[0];
$filterOperator = $splitKey[1] ?? 'eq';
if (!in_array($field, $this->fields)) {
return null;
}
if (!in_array($filterOperator, array_keys($this->filterOperators))) {
$filterOperator = 'eq';
}
$queryOperator = $this->filterOperators[$filterOperator];
return [$field, $queryOperator, $value];
}
/**
* Apply sorting operations to the query from given parameters
* otherwise falling back to the first given field, ascending.
*/
protected function applySorting(Builder $query)
{
$defaultSortName = $this->fields[0];
$direction = 'asc';
$sort = $this->request->get('sort', '');
if (strpos($sort, '-') === 0) {
$direction = 'desc';
}
$sortName = ltrim($sort, '+- ');
if (!in_array($sortName, $this->fields)) {
$sortName = $defaultSortName;
}
$query->orderBy($sortName, $direction);
}
/**
* Apply count and offset for paging, based on params from the request while falling
* back to system defined default, taking the max limit into account.
*/
protected function applyCountAndOffset(Builder $query)
{
$offset = max(0, $this->request->get('offset', 0));
$maxCount = config('api.max_item_count');
$count = $this->request->get('count', config('api.default_item_count'));
$count = max(min($maxCount, $count), 1);
$query->skip($offset)->take($count);
}
}

6
app/Auth/Access/ExternalAuthService.php
View File

@ -64,10 +64,8 @@ class ExternalAuthService
/**
* Sync the groups to the user roles for the current user
* @param \BookStack\Auth\User $user
* @param array $userGroups
*/
public function syncWithGroups(User $user, array $userGroups)
public function syncWithGroups(User $user, array $userGroups): void
{
// Get the ids for the roles from the names
$groupsAsRoles = $this->matchGroupsToSystemsRoles($userGroups);
@ -75,7 +73,7 @@ class ExternalAuthService
// Sync groups
if ($this->config['remove_from_groups']) {
$user->roles()->sync($groupsAsRoles);
$this->userRepo->attachDefaultRole($user);
$user->attachDefaultRole();
} else {
$user->roles()->syncWithoutDetaching($groupsAsRoles);
}

51
app/Providers/LdapUserProvider.php → app/Auth/Access/ExternalBaseUserProvider.php
View File

@ -1,12 +1,11 @@
<?php
namespace BookStack\Providers;
namespace BookStack\Auth\Access;
use BookStack\Auth\Access\LdapService;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\UserProvider;
class LdapUserProvider implements UserProvider
class ExternalBaseUserProvider implements UserProvider
{
/**
@ -16,21 +15,13 @@ class LdapUserProvider implements UserProvider
*/
protected $model;
/**
* @var \BookStack\Auth\LdapService
*/
protected $ldapService;
/**
* LdapUserProvider constructor.
* @param $model
* @param \BookStack\Auth\LdapService $ldapService
*/
public function __construct($model, LdapService $ldapService)
public function __construct(string $model)
{
$this->model = $model;
$this->ldapService = $ldapService;
}
/**
@ -44,7 +35,6 @@ class LdapUserProvider implements UserProvider
return new $class;
}
/**
* Retrieve a user by their unique identifier.
*
@ -65,12 +55,7 @@ class LdapUserProvider implements UserProvider
*/
public function retrieveByToken($identifier, $token)
{
$model = $this->createModel();
return $model->newQuery()
->where($model->getAuthIdentifierName(), $identifier)
->where($model->getRememberTokenName(), $token)
->first();
return null;
}
@ -83,10 +68,7 @@ class LdapUserProvider implements UserProvider
*/
public function updateRememberToken(Authenticatable $user, $token)
{
if ($user->exists) {
$user->setRememberToken($token);
$user->save();
}
//
}
/**
@ -97,27 +79,11 @@ class LdapUserProvider implements UserProvider
*/
public function retrieveByCredentials(array $credentials)
{
// Get user via LDAP
$userDetails = $this->ldapService->getUserDetails($credentials['username']);
if ($userDetails === null) {
return null;
}
// Search current user base by looking up a uid
$model = $this->createModel();
$currentUser = $model->newQuery()
->where('external_auth_id', $userDetails['uid'])
return $model->newQuery()
->where('external_auth_id', $credentials['external_auth_id'])
->first();
if ($currentUser !== null) {
return $currentUser;
}
$model->name = $userDetails['name'];
$model->external_auth_id = $userDetails['uid'];
$model->email = $userDetails['email'];
$model->email_confirmed = false;
return $model;
}
/**
@ -129,6 +95,7 @@ class LdapUserProvider implements UserProvider
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
return $this->ldapService->validateUserCredentials($user, $credentials['username'], $credentials['password']);
// Should be done in the guard.
return false;
}
}

305
app/Auth/Access/Guards/ExternalBaseSessionGuard.php Normal file
View File

@ -0,0 +1,305 @@
<?php
namespace BookStack\Auth\Access\Guards;
use BookStack\Auth\Access\RegistrationService;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Session\Session;
/**
* Class BaseSessionGuard
* A base implementation of a session guard. Is a copy of the default Laravel
* guard with 'remember' functionality removed. Basic auth and event emission
* has also been removed to keep this simple. Designed to be extended by external
* Auth Guards.
*
* @package Illuminate\Auth
*/
class ExternalBaseSessionGuard implements StatefulGuard
{
use GuardHelpers;
/**
* The name of the Guard. Typically "session".
*
* Corresponds to guard name in authentication configuration.
*
* @var string
*/
protected $name;
/**
* The user we last attempted to retrieve.
*
* @var \Illuminate\Contracts\Auth\Authenticatable
*/
protected $lastAttempted;
/**
* The session used by the guard.
*
* @var \Illuminate\Contracts\Session\Session
*/
protected $session;
/**
* Indicates if the logout method has been called.
*
* @var bool
*/
protected $loggedOut = false;
/**
* Service to handle common registration actions.
*
* @var RegistrationService
*/
protected $registrationService;
/**
* Create a new authentication guard.
*
* @return void
*/
public function __construct(string $name, UserProvider $provider, Session $session, RegistrationService $registrationService)
{
$this->name = $name;
$this->session = $session;
$this->provider = $provider;
$this->registrationService = $registrationService;
}
/**
* Get the currently authenticated user.
*
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function user()
{
if ($this->loggedOut) {
return;
}
// If we've already retrieved the user for the current request we can just
// return it back immediately. We do not want to fetch the user data on
// every call to this method because that would be tremendously slow.
if (! is_null($this->user)) {
return $this->user;
}
$id = $this->session->get($this->getName());
// First we will try to load the user using the
// identifier in the session if one exists.
if (! is_null($id)) {
$this->user = $this->provider->retrieveById($id);
}
return $this->user;
}
/**
* Get the ID for the currently authenticated user.
*
* @return int|null
*/
public function id()
{
if ($this->loggedOut) {
return;
}
return $this->user()
? $this->user()->getAuthIdentifier()
: $this->session->get($this->getName());
}
/**
* Log a user into the application without sessions or cookies.
*
* @param array $credentials
* @return bool
*/
public function once(array $credentials = [])
{
if ($this->validate($credentials)) {
$this->setUser($this->lastAttempted);
return true;
}
return false;
}
/**
* Log the given user ID into the application without sessions or cookies.
*
* @param mixed $id
* @return \Illuminate\Contracts\Auth\Authenticatable|false
*/
public function onceUsingId($id)
{
if (! is_null($user = $this->provider->retrieveById($id))) {
$this->setUser($user);
return $user;
}
return false;
}
/**
* Validate a user's credentials.
*
* @param array $credentials
* @return bool
*/
public function validate(array $credentials = [])
{
return false;
}
/**
* Attempt to authenticate a user using the given credentials.
*
* @param array $credentials
* @param bool $remember
* @return bool
*/
public function attempt(array $credentials = [], $remember = false)
{
return false;
}
/**
* Log the given user ID into the application.
*
* @param mixed $id
* @param bool $remember
* @return \Illuminate\Contracts\Auth\Authenticatable|false
*/
public function loginUsingId($id, $remember = false)
{
if (! is_null($user = $this->provider->retrieveById($id))) {
$this->login($user, $remember);
return $user;
}
return false;
}
/**
* Log a user into the application.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param bool $remember
* @return void
*/
public function login(AuthenticatableContract $user, $remember = false)
{
$this->updateSession($user->getAuthIdentifier());
$this->setUser($user);
}
/**
* Update the session with the given ID.
*
* @param string $id
* @return void
*/
protected function updateSession($id)
{
$this->session->put($this->getName(), $id);
$this->session->migrate(true);
}
/**
* Log the user out of the application.
*
* @return void
*/
public function logout()
{
$this->clearUserDataFromStorage();
// Now we will clear the users out of memory so they are no longer available
// as the user is no longer considered as being signed into this
// application and should not be available here.
$this->user = null;
$this->loggedOut = true;
}
/**
* Remove the user data from the session and cookies.
*
* @return void
*/
protected function clearUserDataFromStorage()
{
$this->session->remove($this->getName());
}
/**
* Get the last user we attempted to authenticate.
*
* @return \Illuminate\Contracts\Auth\Authenticatable
*/
public function getLastAttempted()
{
return $this->lastAttempted;
}
/**
* Get a unique identifier for the auth session value.
*
* @return string
*/
public function getName()
{
return 'login_'.$this->name.'_'.sha1(static::class);
}
/**
* Determine if the user was authenticated via "remember me" cookie.
*
* @return bool
*/
public function viaRemember()
{
return false;
}
/**
* Return the currently cached user.
*
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function getUser()
{
return $this->user;
}
/**
* Set the current user.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @return $this
*/
public function setUser(AuthenticatableContract $user)
{
$this->user = $user;
$this->loggedOut = false;
return $this;
}
}

121
app/Auth/Access/Guards/LdapSessionGuard.php Normal file
View File

@ -0,0 +1,121 @@
<?php
namespace BookStack\Auth\Access\Guards;
use BookStack\Auth\Access\LdapService;
use BookStack\Auth\Access\RegistrationService;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\LdapException;
use BookStack\Exceptions\LoginAttemptException;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\UserRegistrationException;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Session\Session;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
class LdapSessionGuard extends ExternalBaseSessionGuard
{
protected $ldapService;
/**
* LdapSessionGuard constructor.
*/
public function __construct($name,
UserProvider $provider,
Session $session,
LdapService $ldapService,
RegistrationService $registrationService
)
{
$this->ldapService = $ldapService;
parent::__construct($name, $provider, $session, $registrationService);
}
/**
* Validate a user's credentials.
*
* @param array $credentials
* @return bool
* @throws LdapException
*/
public function validate(array $credentials = [])
{
$userDetails = $this->ldapService->getUserDetails($credentials['username']);
if (isset($userDetails['uid'])) {
$this->lastAttempted = $this->provider->retrieveByCredentials([
'external_auth_id' => $userDetails['uid']
]);
}
return $this->ldapService->validateUserCredentials($userDetails, $credentials['password']);
}
/**
* Attempt to authenticate a user using the given credentials.
*
* @param array $credentials
* @param bool $remember
* @return bool
* @throws LoginAttemptEmailNeededException
* @throws LoginAttemptException
* @throws LdapException
* @throws UserRegistrationException
*/
public function attempt(array $credentials = [], $remember = false)
{
$username = $credentials['username'];
$userDetails = $this->ldapService->getUserDetails($username);
$user = null;
if (isset($userDetails['uid'])) {
$this->lastAttempted = $user = $this->provider->retrieveByCredentials([
'external_auth_id' => $userDetails['uid']
]);
}
if (!$this->ldapService->validateUserCredentials($userDetails, $credentials['password'])) {
return false;
}
if (is_null($user)) {
$user = $this->createNewFromLdapAndCreds($userDetails, $credentials);
}
// Sync LDAP groups if required
if ($this->ldapService->shouldSyncGroups()) {
$this->ldapService->syncGroups($user, $username);
}
$this->login($user, $remember);
return true;
}
/**
* Create a new user from the given ldap credentials and login credentials
* @throws LoginAttemptEmailNeededException
* @throws LoginAttemptException
* @throws UserRegistrationException
*/
protected function createNewFromLdapAndCreds(array $ldapUserDetails, array $credentials): User
{
$email = trim($ldapUserDetails['email'] ?: ($credentials['email'] ?? ''));
if (empty($email)) {
throw new LoginAttemptEmailNeededException();
}
$details = [
'name' => $ldapUserDetails['name'],
'email' => $ldapUserDetails['email'] ?: $credentials['email'],
'external_auth_id' => $ldapUserDetails['uid'],
'password' => Str::random(32),
];
return $this->registrationService->registerUser($details, null, false);
}
}

40
app/Auth/Access/Guards/Saml2SessionGuard.php Normal file
View File

@ -0,0 +1,40 @@
<?php
namespace BookStack\Auth\Access\Guards;
/**
* Saml2 Session Guard
*
* The saml2 login process is async in nature meaning it does not fit very well
* into the default laravel 'Guard' auth flow. Instead most of the logic is done
* via the Saml2 controller & Saml2Service. This class provides a safer, thin
* version of SessionGuard.
*
* @package BookStack\Auth\Access\Guards
*/
class Saml2SessionGuard extends ExternalBaseSessionGuard
{
/**
* Validate a user's credentials.
*
* @param array $credentials
* @return bool
*/
public function validate(array $credentials = [])
{
return false;
}
/**
* Attempt to authenticate a user using the given credentials.
*
* @param array $credentials
* @param bool $remember
* @return bool
*/
public function attempt(array $credentials = [], $remember = false)
{
return false;
}
}

151
app/Auth/Access/LdapService.php
View File

@ -1,35 +1,29 @@
<?php namespace BookStack\Auth\Access;
use BookStack\Auth\Access;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\JsonDebugException;
use BookStack\Exceptions\LdapException;
use Illuminate\Contracts\Auth\Authenticatable;
use ErrorException;
/**
* Class LdapService
* Handles any app-specific LDAP tasks.
* @package BookStack\Services
*/
class LdapService extends Access\ExternalAuthService
class LdapService extends ExternalAuthService
{
protected $ldap;
protected $ldapConnection;
protected $config;
protected $userRepo;
protected $enabled;
/**
* LdapService constructor.
* @param Ldap $ldap
* @param \BookStack\Auth\UserRepo $userRepo
*/
public function __construct(Access\Ldap $ldap, UserRepo $userRepo)
public function __construct(Ldap $ldap)
{
$this->ldap = $ldap;
$this->config = config('services.ldap');
$this->userRepo = $userRepo;
$this->enabled = config('auth.method') === 'ldap';
}
@ -43,17 +37,21 @@ class LdapService extends Access\ExternalAuthService
}
/**
* Search for attributes for a specific user on the ldap
* @param string $userName
* @param array $attributes
* @return null|array
* Search for attributes for a specific user on the ldap.
* @throws LdapException
*/
private function getUserWithAttributes($userName, $attributes)
private function getUserWithAttributes(string $userName, array $attributes): ?array
{
$ldapConnection = $this->getConnection();
$this->bindSystemUser($ldapConnection);
// Clean attributes
foreach ($attributes as $index => $attribute) {
if (strpos($attribute, 'BIN;') === 0) {
$attributes[$index] = substr($attribute, strlen('BIN;'));
}
}
// Find user
$userFilter = $this->buildFilter($this->config['user_filter'], ['user' => $userName]);
$baseDn = $this->config['base_dn'];
@ -71,69 +69,78 @@ class LdapService extends Access\ExternalAuthService
/**
* Get the details of a user from LDAP using the given username.
* User found via configurable user filter.
* @param $userName
* @return array|null
* @throws LdapException
*/
public function getUserDetails($userName)
public function getUserDetails(string $userName): ?array
{
$idAttr = $this->config['id_attribute'];
$emailAttr = $this->config['email_attribute'];
$displayNameAttr = $this->config['display_name_attribute'];
$user = $this->getUserWithAttributes($userName, ['cn', 'uid', 'dn', $emailAttr, $displayNameAttr]);
$user = $this->getUserWithAttributes($userName, ['cn', 'dn', $idAttr, $emailAttr, $displayNameAttr]);
if ($user === null) {
return null;
}
$userCn = $this->getUserResponseProperty($user, 'cn', null);
return [
'uid' => $this->getUserResponseProperty($user, 'uid', $user['dn']),
$formatted = [
'uid' => $this->getUserResponseProperty($user, $idAttr, $user['dn']),
'name' => $this->getUserResponseProperty($user, $displayNameAttr, $userCn),
'dn' => $user['dn'],
'email' => $this->getUserResponseProperty($user, $emailAttr, null),
];
if ($this->config['dump_user_details']) {
throw new JsonDebugException([
'details_from_ldap' => $user,
'details_bookstack_parsed' => $formatted,
]);
}
return $formatted;
}
/**
* Get a property from an LDAP user response fetch.
* Handles properties potentially being part of an array.
* @param array $userDetails
* @param string $propertyKey
* @param $defaultValue
* @return mixed
* If the given key is prefixed with 'BIN;', that indicator will be stripped
* from the key and any fetched values will be converted from binary to hex.
*/
protected function getUserResponseProperty(array $userDetails, string $propertyKey, $defaultValue)
{
if (isset($userDetails[$propertyKey])) {
return (is_array($userDetails[$propertyKey]) ? $userDetails[$propertyKey][0] : $userDetails[$propertyKey]);
$isBinary = strpos($propertyKey, 'BIN;') === 0;
$propertyKey = strtolower($propertyKey);
$value = $defaultValue;
if ($isBinary) {
$propertyKey = substr($propertyKey, strlen('BIN;'));
}
return $defaultValue;
if (isset($userDetails[$propertyKey])) {
$value = (is_array($userDetails[$propertyKey]) ? $userDetails[$propertyKey][0] : $userDetails[$propertyKey]);
if ($isBinary) {
$value = bin2hex($value);
}
}
return $value;
}
/**
* @param Authenticatable $user
* @param string $username
* @param string $password
* @return bool
* Check if the given credentials are valid for the given user.
* @throws LdapException
*/
public function validateUserCredentials(Authenticatable $user, $username, $password)
public function validateUserCredentials(?array $ldapUserDetails, string $password): bool
{
$ldapUser = $this->getUserDetails($username);
if ($ldapUser === null) {
return false;
}
if ($ldapUser['uid'] !== $user->external_auth_id) {
if (is_null($ldapUserDetails)) {
return false;
}
$ldapConnection = $this->getConnection();
try {
$ldapBind = $this->ldap->bind($ldapConnection, $ldapUser['dn'], $password);
} catch (\ErrorException $e) {
$ldapBind = $this->ldap->bind($ldapConnection, $ldapUserDetails['dn'], $password);
} catch (ErrorException $e) {
$ldapBind = false;
}
@ -203,12 +210,10 @@ class LdapService extends Access\ExternalAuthService
}
/**
* Parse a LDAP server string and return the host and port for
* a connection. Is flexible to formats such as 'ldap.example.com:8069' or 'ldaps://ldap.example.com'
* @param $serverString
* @return array
* Parse a LDAP server string and return the host and port for a connection.
* Is flexible to formats such as 'ldap.example.com:8069' or 'ldaps://ldap.example.com'.
*/
protected function parseServerString($serverString)
protected function parseServerString(string $serverString): array
{
$serverNameParts = explode(':', $serverString);
@ -225,11 +230,8 @@ class LdapService extends Access\ExternalAuthService
/**
* Build a filter string by injecting common variables.
* @param string $filterString
* @param array $attrs
* @return string
*/
protected function buildFilter($filterString, array $attrs)
protected function buildFilter(string $filterString, array $attrs): string
{
$newAttrs = [];
foreach ($attrs as $key => $attrText) {
@ -240,12 +242,10 @@ class LdapService extends Access\ExternalAuthService
}
/**
* Get the groups a user is a part of on ldap
* @param string $userName
* @return array
* Get the groups a user is a part of on ldap.
* @throws LdapException
*/
public function getUserGroups($userName)
public function getUserGroups(string $userName): array
{
$groupsAttr = $this->config['group_attribute'];
$user = $this->getUserWithAttributes($userName, [$groupsAttr]);
@ -260,40 +260,36 @@ class LdapService extends Access\ExternalAuthService
}
/**
* Get the parent groups of an array of groups
* @param array $groupsArray
* @param array $checked
* @return array
* Get the parent groups of an array of groups.
* @throws LdapException
*/
private function getGroupsRecursive($groupsArray, $checked)
private function getGroupsRecursive(array $groupsArray, array $checked): array
{
$groups_to_add = [];
$groupsToAdd = [];
foreach ($groupsArray as $groupName) {
if (in_array($groupName, $checked)) {
continue;
}
$groupsToAdd = $this->getGroupGroups($groupName);
$groups_to_add = array_merge($groups_to_add, $groupsToAdd);
$parentGroups = $this->getGroupGroups($groupName);
$groupsToAdd = array_merge($groupsToAdd, $parentGroups);
$checked[] = $groupName;
}
$groupsArray = array_unique(array_merge($groupsArray, $groups_to_add), SORT_REGULAR);
if (!empty($groups_to_add)) {
return $this->getGroupsRecursive($groupsArray, $checked);
} else {
$groupsArray = array_unique(array_merge($groupsArray, $groupsToAdd), SORT_REGULAR);
if (empty($groupsToAdd)) {
return $groupsArray;
}
return $this->getGroupsRecursive($groupsArray, $checked);
}
/**
* Get the parent groups of a single group
* @param string $groupName
* @return array
* Get the parent groups of a single group.
* @throws LdapException
*/
private function getGroupGroups($groupName)
private function getGroupGroups(string $groupName): array
{
$ldapConnection = $this->getConnection();
$this->bindSystemUser($ldapConnection);
@ -310,17 +306,14 @@ class LdapService extends Access\ExternalAuthService
return [];
}
$groupGroups = $this->groupFilter($groups[0]);
return $groupGroups;
return $this->groupFilter($groups[0]);
}
/**
* Filter out LDAP CN and DN language in a ldap search return
* Gets the base CN (common name) of the string
* @param array $userGroupSearchResponse
* @return array
* Filter out LDAP CN and DN language in a ldap search return.
* Gets the base CN (common name) of the string.
*/
protected function groupFilter(array $userGroupSearchResponse)
protected function groupFilter(array $userGroupSearchResponse): array
{
$groupsAttr = strtolower($this->config['group_attribute']);
$ldapGroups = [];
@ -341,9 +334,7 @@ class LdapService extends Access\ExternalAuthService
}
/**
* Sync the LDAP groups to the user roles for the current user
* @param \BookStack\Auth\User $user
* @param string $username
* Sync the LDAP groups to the user roles for the current user.
* @throws LdapException
*/
public function syncGroups(User $user, string $username)

118
app/Auth/Access/RegistrationService.php Normal file
View File

@ -0,0 +1,118 @@
<?php namespace BookStack\Auth\Access;
use BookStack\Auth\SocialAccount;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\UserRegistrationException;
use Exception;
class RegistrationService
{
protected $userRepo;
protected $emailConfirmationService;
/**
* RegistrationService constructor.
*/
public function __construct(UserRepo $userRepo, EmailConfirmationService $emailConfirmationService)
{
$this->userRepo = $userRepo;
$this->emailConfirmationService = $emailConfirmationService;
}
/**
* Check whether or not registrations are allowed in the app settings.
* @throws UserRegistrationException
*/
public function ensureRegistrationAllowed()
{
if (!$this->registrationAllowed()) {
throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login');
}
}
/**
* Check if standard BookStack User registrations are currently allowed.
* Does not prevent external-auth based registration.
*/
protected function registrationAllowed(): bool
{
$authMethod = config('auth.method');
$authMethodsWithRegistration = ['standard'];
return in_array($authMethod, $authMethodsWithRegistration) && setting('registration-enabled');
}
/**
* The registrations flow for all users.
* @throws UserRegistrationException
*/
public function registerUser(array $userData, ?SocialAccount $socialAccount = null, bool $emailConfirmed = false): User
{
$userEmail = $userData['email'];
// Email restriction
$this->ensureEmailDomainAllowed($userEmail);
// Ensure user does not already exist
$alreadyUser = !is_null($this->userRepo->getByEmail($userEmail));
if ($alreadyUser) {
throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]));
}
// Create the user
$newUser = $this->userRepo->registerNew($userData, $emailConfirmed);
// Assign social account if given
if ($socialAccount) {
$newUser->socialAccounts()->save($socialAccount);
}
// Start email confirmation flow if required
if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) {
$newUser->save();
$message = '';
try {
$this->emailConfirmationService->sendConfirmation($newUser);
} catch (Exception $e) {
$message = trans('auth.email_confirm_send_error');
}
throw new UserRegistrationException($message, '/register/confirm');
}
return $newUser;
}
/**
* Ensure that the given email meets any active email domain registration restrictions.
* Throws if restrictions are active and the email does not match an allowed domain.
* @throws UserRegistrationException
*/
protected function ensureEmailDomainAllowed(string $userEmail): void
{
$registrationRestrict = setting('registration-restrict');
if (!$registrationRestrict) {
return;
}
$restrictedEmailDomains = explode(',', str_replace(' ', '', $registrationRestrict));
$userEmailDomain = $domain = mb_substr(mb_strrchr($userEmail, "@"), 1);
if (!in_array($userEmailDomain, $restrictedEmailDomains)) {
$redirect = $this->registrationAllowed() ? '/register' : '/login';
throw new UserRegistrationException(trans('auth.registration_email_domain_invalid'), $redirect);
}
}
/**
* Alias to the UserRepo method of the same name.
* Attaches the default system role, if configured, to the given user.
*/
public function attachDefaultRole(User $user): void
{
$this->userRepo->attachDefaultRole($user);
}
}

59
app/Auth/Access/Saml2Service.php
View File

@ -1,9 +1,9 @@
<?php namespace BookStack\Auth\Access;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\JsonDebugException;
use BookStack\Exceptions\SamlException;
use BookStack\Exceptions\UserRegistrationException;
use Exception;
use Illuminate\Support\Str;
use OneLogin\Saml2\Auth;
@ -18,19 +18,17 @@ use OneLogin\Saml2\ValidationError;
class Saml2Service extends ExternalAuthService
{
protected $config;
protected $userRepo;
protected $registrationService;
protected $user;
protected $enabled;
/**
* Saml2Service constructor.
*/
public function __construct(UserRepo $userRepo, User $user)
public function __construct(RegistrationService $registrationService, User $user)
{
$this->config = config('saml2');
$this->userRepo = $userRepo;
$this->registrationService = $registrationService;
$this->user = $user;
$this->enabled = config('saml2.enabled') === true;
}
/**
@ -80,6 +78,7 @@ class Saml2Service extends ExternalAuthService
* @throws SamlException
* @throws ValidationError
* @throws JsonDebugException
* @throws UserRegistrationException
*/
public function processAcsResponse(?string $requestId): ?User
{
@ -204,7 +203,7 @@ class Saml2Service extends ExternalAuthService
*/
protected function shouldSyncGroups(): bool
{
return $this->enabled && $this->config['user_to_groups'] !== false;
return $this->config['user_to_groups'] !== false;
}
/**
@ -248,7 +247,7 @@ class Saml2Service extends ExternalAuthService
/**
* Extract the details of a user from a SAML response.
*/
public function getUserDetails(string $samlID, $samlAttributes): array
protected function getUserDetails(string $samlID, $samlAttributes): array
{
$emailAttr = $this->config['email_attribute'];
$externalId = $this->getExternalId($samlAttributes, $samlID);
@ -310,43 +309,26 @@ class Saml2Service extends ExternalAuthService
return $defaultValue;
}
/**
* Register a user that is authenticated but not already registered.
*/
protected function registerUser(array $userDetails): User
{
// Create an array of the user data to create a new user instance
$userData = [
'name' => $userDetails['name'],
'email' => $userDetails['email'],
'password' => Str::random(32),
'external_auth_id' => $userDetails['external_id'],
'email_confirmed' => true,
];
$existingUser = $this->user->newQuery()->where('email', '=', $userDetails['email'])->first();
if ($existingUser) {
throw new SamlException(trans('errors.saml_email_exists', ['email' => $userDetails['email']]));
}
$user = $this->user->forceCreate($userData);
$this->userRepo->attachDefaultRole($user);
$this->userRepo->downloadAndAssignUserAvatar($user);
return $user;
}
/**
* Get the user from the database for the specified details.
* @throws SamlException
* @throws UserRegistrationException
*/
protected function getOrRegisterUser(array $userDetails): ?User
{
$isRegisterEnabled = $this->config['auto_register'] === true;
$user = $this->user
->where('external_auth_id', $userDetails['external_id'])
$user = $this->user->newQuery()
->where('external_auth_id', '=', $userDetails['external_id'])
->first();
if ($user === null && $isRegisterEnabled) {
$user = $this->registerUser($userDetails);
if (is_null($user)) {
$userData = [
'name' => $userDetails['name'],
'email' => $userDetails['email'],
'password' => Str::random(32),
'external_auth_id' => $userDetails['external_id'],
];
$user = $this->registrationService->registerUser($userData, null, false);
}
return $user;
@ -357,6 +339,7 @@ class Saml2Service extends ExternalAuthService
* they exist, optionally registering them automatically.
* @throws SamlException
* @throws JsonDebugException
* @throws UserRegistrationException
*/
public function processLoginCallback(string $samlID, array $samlAttributes): User
{

73
app/Auth/Access/SocialAuthService.php
View File

@ -7,7 +7,9 @@ use BookStack\Exceptions\SocialSignInAccountNotUsed;
use BookStack\Exceptions\UserRegistrationException;
use Illuminate\Support\Str;
use Laravel\Socialite\Contracts\Factory as Socialite;
use Laravel\Socialite\Contracts\Provider;
use Laravel\Socialite\Contracts\User as SocialUser;
use Symfony\Component\HttpFoundation\RedirectResponse;
class SocialAuthService
{
@ -20,9 +22,6 @@ class SocialAuthService
/**
* SocialAuthService constructor.
* @param \BookStack\Auth\UserRepo $userRepo
* @param Socialite $socialite
* @param SocialAccount $socialAccount
*/
public function __construct(UserRepo $userRepo, Socialite $socialite, SocialAccount $socialAccount)
{
@ -34,11 +33,9 @@ class SocialAuthService
/**
* Start the social login path.
* @param string $socialDriver
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* @throws SocialDriverNotConfigured
*/
public function startLogIn($socialDriver)
public function startLogIn(string $socialDriver): RedirectResponse
{
$driver = $this->validateDriver($socialDriver);
return $this->getSocialDriver($driver)->redirect();
@ -46,11 +43,9 @@ class SocialAuthService
/**
* Start the social registration process
* @param string $socialDriver
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* @throws SocialDriverNotConfigured
*/
public function startRegister($socialDriver)
public function startRegister(string $socialDriver): RedirectResponse
{
$driver = $this->validateDriver($socialDriver);
return $this->getSocialDriver($driver)->redirect();
@ -58,12 +53,9 @@ class SocialAuthService
/**
* Handle the social registration process on callback.
* @param string $socialDriver
* @param SocialUser $socialUser
* @return SocialUser
* @throws UserRegistrationException
*/
public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser)
public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser): SocialUser
{
// Check social account has not already been used
if ($this->socialAccount->where('driver_id', '=', $socialUser->getId())->exists()) {
@ -72,7 +64,7 @@ class SocialAuthService
if ($this->userRepo->getByEmail($socialUser->getEmail())) {
$email = $socialUser->getEmail();
throw new UserRegistrationException(trans('errors.social_account_in_use', ['socialAccount'=>$socialDriver, 'email' => $email]), '/login');
throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $email]), '/login');
}
return $socialUser;
@ -80,11 +72,9 @@ class SocialAuthService
/**
* Get the social user details via the social driver.
* @param string $socialDriver
* @return SocialUser
* @throws SocialDriverNotConfigured
*/
public function getSocialUser(string $socialDriver)
public function getSocialUser(string $socialDriver): SocialUser
{
$driver = $this->validateDriver($socialDriver);
return $this->socialite->driver($driver)->user();
@ -92,12 +82,9 @@ class SocialAuthService
/**
* Handle the login process on a oAuth callback.
* @param $socialDriver
* @param SocialUser $socialUser
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
* @throws SocialSignInAccountNotUsed
*/
public function handleLoginCallback($socialDriver, SocialUser $socialUser)
public function handleLoginCallback(string $socialDriver, SocialUser $socialUser)
{
$socialId = $socialUser->getId();
@ -137,7 +124,7 @@ class SocialAuthService
// Otherwise let the user know this social account is not used by anyone.
$message = trans('errors.social_account_not_used', ['socialAccount' => $titleCaseDriver]);
if (setting('registration-enabled')) {
if (setting('registration-enabled') && config('auth.method') !== 'ldap' && config('auth.method') !== 'saml2') {
$message .= trans('errors.social_account_register_instructions', ['socialAccount' => $titleCaseDriver]);
}
@ -146,18 +133,16 @@ class SocialAuthService
/**
* Ensure the social driver is correct and supported.
*
* @param $socialDriver
* @return string
* @throws SocialDriverNotConfigured
*/
private function validateDriver($socialDriver)
protected function validateDriver(string $socialDriver): string
{
$driver = trim(strtolower($socialDriver));
if (!in_array($driver, $this->validSocialDrivers)) {
abort(404, trans('errors.social_driver_not_found'));
}
if (!$this->checkDriverConfigured($driver)) {
throw new SocialDriverNotConfigured(trans('errors.social_driver_not_configured', ['socialAccount' => Str::title($socialDriver)]));
}
@ -167,10 +152,8 @@ class SocialAuthService
/**
* Check a social driver has been configured correctly.
* @param $driver
* @return bool
*/
private function checkDriverConfigured($driver)
protected function checkDriverConfigured(string $driver): bool
{
$lowerName = strtolower($driver);
$configPrefix = 'services.' . $lowerName . '.';
@ -180,55 +163,48 @@ class SocialAuthService
/**
* Gets the names of the active social drivers.
* @return array
*/
public function getActiveDrivers()
public function getActiveDrivers(): array
{
$activeDrivers = [];
foreach ($this->validSocialDrivers as $driverKey) {
if ($this->checkDriverConfigured($driverKey)) {
$activeDrivers[$driverKey] = $this->getDriverName($driverKey);
}
}
return $activeDrivers;
}
/**
* Get the presentational name for a driver.
* @param $driver
* @return mixed
*/
public function getDriverName($driver)
public function getDriverName(string $driver): string
{
return config('services.' . strtolower($driver) . '.name');
}
/**
* Check if the current config for the given driver allows auto-registration.
* @param string $driver
* @return bool
*/
public function driverAutoRegisterEnabled(string $driver)
public function driverAutoRegisterEnabled(string $driver): bool
{
return config('services.' . strtolower($driver) . '.auto_register') === true;
}
/**
* Check if the current config for the given driver allow email address auto-confirmation.
* @param string $driver
* @return bool
*/
public function driverAutoConfirmEmailEnabled(string $driver)
public function driverAutoConfirmEmailEnabled(string $driver): bool
{
return config('services.' . strtolower($driver) . '.auto_confirm') === true;
}
/**
* @param string $socialDriver
* @param SocialUser $socialUser
* @return SocialAccount
* Fill and return a SocialAccount from the given driver name and SocialUser.
*/
public function fillSocialAccount($socialDriver, $socialUser)
public function fillSocialAccount(string $socialDriver, SocialUser $socialUser): SocialAccount
{
$this->socialAccount->fill([
'driver' => $socialDriver,
@ -240,22 +216,17 @@ class SocialAuthService
/**
* Detach a social account from a user.
* @param $socialDriver
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function detachSocialAccount($socialDriver)
public function detachSocialAccount(string $socialDriver)
{
user()->socialAccounts()->where('driver', '=', $socialDriver)->delete();
session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)]));
return redirect(user()->getEditUrl());
}
/**
* Provide redirect options per service for the Laravel Socialite driver
* @param $driverName
* @return \Laravel\Socialite\Contracts\Provider
*/
public function getSocialDriver(string $driverName)
public function getSocialDriver(string $driverName): Provider
{
$driver = $this->socialite->driver($driverName);

2
app/Auth/Role.php
View File

@ -72,7 +72,7 @@ class Role extends Model
*/
public function detachPermission(RolePermission $permission)
{
$this->permissions()->detach($permission->id);
$this->permissions()->detach([$permission->id]);
}
/**

45
app/Auth/User.php
View File

@ -1,5 +1,6 @@
<?php namespace BookStack\Auth;
use BookStack\Api\ApiToken;
use BookStack\Model;
use BookStack\Notifications\ResetPassword;
use BookStack\Uploads\Image;
@ -9,6 +10,7 @@ use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Notifications\Notifiable;
/**
@ -45,7 +47,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
* The attributes excluded from the model's JSON form.
* @var array
*/
protected $hidden = ['password', 'remember_token'];
protected $hidden = ['password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email'];
/**
* This holds the user's permissions when loaded.
@ -114,6 +116,17 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
return $this->roles->pluck('system_name')->contains($role);
}
/**
* Attach the default system role to this user.
*/
public function attachDefaultRole(): void
{
$roleId = setting('registration-role');
if ($roleId && $this->roles()->where('id', '=', $roleId)->count() === 0) {
$this->roles()->attach($roleId);
}
}
/**
* Get all permissions belonging to a the current user.
* @param bool $cache
@ -151,16 +164,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
*/
public function attachRole(Role $role)
{
$this->attachRoleId($role->id);
}
/**
* Attach a role id to this user.
* @param $id
*/
public function attachRoleId($id)
{
$this->roles()->attach($id);
$this->roles()->attach($role->id);
}
/**
@ -218,19 +222,26 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
}
/**
* Get the url for editing this user.
* @return string
* Get the API tokens assigned to this user.
*/
public function getEditUrl()
public function apiTokens(): HasMany
{
return url('/settings/users/' . $this->id);
return $this->hasMany(ApiToken::class);
}
/**
* Get the url for editing this user.
*/
public function getEditUrl(string $path = ''): string
{
$uri = '/settings/users/' . $this->id . '/' . trim($path, '/');
return url(rtrim($uri, '/'));
}
/**
* Get the url that links to this user's profile.
* @return mixed
*/
public function getProfileUrl()
public function getProfileUrl(): string
{
return url('/user/' . $this->id);
}

35
app/Auth/UserRepo.php
View File

@ -29,10 +29,9 @@ class UserRepo
}
/**
* @param string $email
* @return User|null
* Get a user by their email address.
*/
public function getByEmail($email)
public function getByEmail(string $email): ?User
{
return $this->user->where('email', '=', $email)->first();
}
@ -78,31 +77,16 @@ class UserRepo
/**
* Creates a new user and attaches a role to them.
* @param array $data
* @param boolean $verifyEmail
* @return User
*/
public function registerNew(array $data, $verifyEmail = false)
public function registerNew(array $data, bool $emailConfirmed = false): User
{
$user = $this->create($data, $verifyEmail);
$this->attachDefaultRole($user);
$user = $this->create($data, $emailConfirmed);
$user->attachDefaultRole();
$this->downloadAndAssignUserAvatar($user);
return $user;
}
/**
* Give a user the default role. Used when creating a new user.
* @param User $user
*/
public function attachDefaultRole(User $user)
{
$roleId = setting('registration-role');
if ($roleId !== false && $user->roles()->where('id', '=', $roleId)->count() === 0) {
$user->attachRoleId($roleId);
}
}
/**
* Assign a user to a system-level role.
* @param User $user
@ -172,17 +156,15 @@ class UserRepo
/**
* Create a new basic instance of user.
* @param array $data
* @param boolean $verifyEmail
* @return User
*/
public function create(array $data, $verifyEmail = false)
public function create(array $data, bool $emailConfirmed = false): User
{
return $this->user->forceCreate([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'email_confirmed' => $verifyEmail
'email_confirmed' => $emailConfirmed,
'external_auth_id' => $data['external_auth_id'] ?? '',
]);
}
@ -194,6 +176,7 @@ class UserRepo
public function destroy(User $user)
{
$user->socialAccounts()->delete();
$user->apiTokens()->delete();
$user->delete();
// Delete user profile images

23
app/Config/api.php Normal file
View File

@ -0,0 +1,23 @@
<?php
/**
* API configuration options.
*
* Changes to these config files are not supported by BookStack and may break upon updates.
* Configuration should be altered via the `.env` file or environment variables.
* Do not edit this file unless you're happy to maintain any changes yourself.
*/
return [
// The default number of items that are returned in listing API requests.
// This count can often be overridden, up the the max option, per-request via request options.
'default_item_count' => env('API_DEFAULT_ITEM_COUNT', 100),
// The maximum number of items that can be returned in a listing API request.
'max_item_count' => env('API_MAX_ITEM_COUNT', 500),
// The number of API requests that can be made per minute by a single user.
'requests_per_minute' => env('API_REQUESTS_PER_MIN', 180)
];

2
app/Config/app.php
View File

@ -52,7 +52,7 @@ return [
'locale' => env('APP_LANG', 'en'),
// Locales available
'locales' => ['en', 'ar', 'de', 'de_informal', 'es', 'es_AR', 'fr', 'hu', 'nl', 'pt_BR', 'sk', 'cs', 'sv', 'ko', 'ja', 'pl', 'it', 'ru', 'uk', 'zh_CN', 'zh_TW', 'tr'],
'locales' => ['en', 'ar', 'da', 'de', 'de_informal', 'es', 'es_AR', 'fr', 'hu', 'nl', 'pt_BR', 'sk', 'cs', 'sv', 'ko', 'ja', 'pl', 'it', 'ru', 'uk', 'zh_CN', 'zh_TW', 'tr'],
// Application Fallback Locale
'fallback_locale' => 'en',

33
app/Config/auth.php
View File

@ -11,14 +11,14 @@
return [
// Method of authentication to use
// Options: standard, ldap
// Options: standard, ldap, saml2
'method' => env('AUTH_METHOD', 'standard'),
// Authentication Defaults
// This option controls the default authentication "guard" and password
// reset options for your application.
'defaults' => [
'guard' => 'web',
'guard' => env('AUTH_METHOD', 'standard'),
'passwords' => 'users',
],
@ -26,17 +26,22 @@ return [
// All authentication drivers have a user provider. This defines how the
// users are actually retrieved out of your database or other storage
// mechanisms used by this application to persist your user's data.
// Supported: "session", "token"
// Supported drivers: "session", "api-token", "ldap-session"
'guards' => [
'web' => [
'standard' => [
'driver' => 'session',
'provider' => 'users',
],
'ldap' => [
'driver' => 'ldap-session',
'provider' => 'external',
],
'saml2' => [
'driver' => 'saml2-session',
'provider' => 'external',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
'driver' => 'api-token',
],
],
@ -44,17 +49,15 @@ return [
// All authentication drivers have a user provider. This defines how the
// users are actually retrieved out of your database or other storage
// mechanisms used by this application to persist your user's data.
// Supported: database, eloquent, ldap
'providers' => [
'users' => [
'driver' => env('AUTH_METHOD', 'standard') === 'standard' ? 'eloquent' : env('AUTH_METHOD'),
'driver' => 'eloquent',
'model' => \BookStack\Auth\User::class,
],
'external' => [
'driver' => 'external-users',
'model' => \BookStack\Auth\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
// Resetting Passwords

4
app/Config/saml2.php
View File

@ -4,10 +4,6 @@ return [
// Display name, shown to users, for SAML2 option
'name' => env('SAML2_NAME', 'SSO'),
// Toggle whether the SAML2 option is active
'enabled' => env('SAML2_ENABLED', false),
// Enable registration via SAML2 authentication
'auto_register' => env('SAML2_AUTO_REGISTER', true),
// Dump user details after a login request for debugging purposes
'dump_user_details' => env('SAML2_DUMP_USER_DETAILS', false),

2
app/Config/services.php
View File

@ -118,11 +118,13 @@ return [
'ldap' => [
'server' => env('LDAP_SERVER', false),
'dump_user_details' => env('LDAP_DUMP_USER_DETAILS', false),
'dn' => env('LDAP_DN', false),
'pass' => env('LDAP_PASS', false),
'base_dn' => env('LDAP_BASE_DN', false),
'user_filter' => env('LDAP_USER_FILTER', '(&(uid=${user}))'),
'version' => env('LDAP_VERSION', false),
'id_attribute' => env('LDAP_ID_ATTRIBUTE', 'uid'),
'email_attribute' => env('LDAP_EMAIL_ATTRIBUTE', 'mail'),
'display_name_attribute' => env('LDAP_DISPLAY_NAME_ATTRIBUTE', 'cn'),
'follow_referrals' => env('LDAP_FOLLOW_REFERRALS', false),

5
app/Config/setting-defaults.php
View File

@ -16,6 +16,11 @@ return [
'app-editor' => 'wysiwyg',
'app-color' => '#206ea7',
'app-color-light' => 'rgba(32,110,167,0.15)',
'bookshelf-color' => '#a94747',
'book-color' => '#077b70',
'chapter-color' => '#af4d0d',
'page-color' => '#206ea7',
'page-draft-color' => '#7e50b1',
'app-custom-head' => false,
'registration-enabled' => false,

88
app/Console/Commands/CopyShelfPermissions.php Normal file
View File

@ -0,0 +1,88 @@
<?php
namespace BookStack\Console\Commands;
use BookStack\Entities\Bookshelf;
use BookStack\Entities\Repos\BookshelfRepo;
use Illuminate\Console\Command;
class CopyShelfPermissions extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'bookstack:copy-shelf-permissions
{--a|all : Perform for all shelves in the system}
{--s|slug= : The slug for a shelf to target}
';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Copy shelf permissions to all child books.';
/**
* @var BookshelfRepo
*/
protected $bookshelfRepo;
/**
* Create a new command instance.
*
* @return void
*/
public function __construct(BookshelfRepo $repo)
{
$this->bookshelfRepo = $repo;
parent::__construct();
}
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
$shelfSlug = $this->option('slug');
$cascadeAll = $this->option('all');
$shelves = null;
if (!$cascadeAll && !$shelfSlug) {
$this->error('Either a --slug or --all option must be provided.');
return;
}
if ($cascadeAll) {
$continue = $this->confirm(
'Permission settings for all shelves will be cascaded. '.
'Books assigned to multiple shelves will receive only the permissions of it\'s last processed shelf. '.
'Are you sure you want to proceed?'
);
if (!$continue && !$this->hasOption('no-interaction')) {
return;
}
$shelves = Bookshelf::query()->get(['id', 'restricted']);
}
if ($shelfSlug) {
$shelves = Bookshelf::query()->where('slug', '=', $shelfSlug)->get(['id', 'restricted']);
if ($shelves->count() === 0) {
$this->info('No shelves found with the given slug.');
}
}
foreach ($shelves as $shelf) {
$this->bookshelfRepo->copyDownPermissions($shelf, false);
$this->info('Copied permissions for shelf [' . $shelf->id . ']');
}
$this->info('Permissions copied for ' . $shelves->count() . ' shelves.');
}
}

5
app/Entities/Book.php
View File

@ -18,7 +18,8 @@ class Book extends Entity implements HasCoverImage
{
public $searchFactor = 2;
protected $fillable = ['name', 'description', 'image_id'];
protected $fillable = ['name', 'description'];
protected $hidden = ['restricted'];
/**
* Get the url for this book.
@ -114,7 +115,7 @@ class Book extends Entity implements HasCoverImage
{
$pages = $this->directPages()->visible()->get();
$chapters = $this->chapters()->visible()->get();
return $pages->contact($chapters)->sortBy('priority')->sortByDesc('draft');
return $pages->concat($chapters)->sortBy('priority')->sortByDesc('draft');
}
/**

30
app/Entities/ExportService.php
View File

@ -29,8 +29,9 @@ class ExportService
public function pageToContainedHtml(Page $page)
{
$page->html = (new PageContent($page))->render();
$pageHtml = view('pages/export', [
'page' => $page
$pageHtml = view('pages.export', [
'page' => $page,
'format' => 'html',
])->render();
return $this->containHtml($pageHtml);
}
@ -45,9 +46,10 @@ class ExportService
$pages->each(function ($page) {
$page->html = (new PageContent($page))->render();
});
$html = view('chapters/export', [
$html = view('chapters.export', [
'chapter' => $chapter,
'pages' => $pages
'pages' => $pages,
'format' => 'html',
])->render();
return $this->containHtml($html);
}
@ -59,9 +61,10 @@ class ExportService
public function bookToContainedHtml(Book $book)
{
$bookTree = (new BookContents($book))->getTree(false, true);
$html = view('books/export', [
$html = view('books.export', [
'book' => $book,
'bookChildren' => $bookTree
'bookChildren' => $bookTree,
'format' => 'html',
])->render();
return $this->containHtml($html);
}
@ -73,8 +76,9 @@ class ExportService
public function pageToPdf(Page $page)
{
$page->html = (new PageContent($page))->render();
$html = view('pages/pdf', [
'page' => $page
$html = view('pages.export', [
'page' => $page,
'format' => 'pdf',
])->render();
return $this->htmlToPdf($html);
}
@ -90,9 +94,10 @@ class ExportService
$page->html = (new PageContent($page))->render();
});
$html = view('chapters/export', [
$html = view('chapters.export', [
'chapter' => $chapter,
'pages' => $pages
'pages' => $pages,
'format' => 'pdf',
])->render();
return $this->htmlToPdf($html);
@ -105,9 +110,10 @@ class ExportService
public function bookToPdf(Book $book)
{
$bookTree = (new BookContents($book))->getTree(false, true);
$html = view('books/export', [
$html = view('books.export', [
'book' => $book,
'bookChildren' => $bookTree
'bookChildren' => $bookTree,
'format' => 'pdf',
])->render();
return $this->htmlToPdf($html);
}

2
app/Entities/Repos/BaseRepo.php
View File

@ -76,7 +76,7 @@ class BaseRepo
* @throws ImageUploadException
* @throws \Exception
*/
public function updateCoverImage(HasCoverImage $entity, UploadedFile $coverImage = null, bool $removeImage = false)
public function updateCoverImage(HasCoverImage $entity, ?UploadedFile $coverImage, bool $removeImage = false)
{
if ($coverImage) {
$this->imageRepo->destroyImage($entity->cover);

2
app/Entities/Repos/BookRepo.php
View File

@ -108,7 +108,7 @@ class BookRepo
* @throws ImageUploadException
* @throws Exception
*/
public function updateCoverImage(Book $book, UploadedFile $coverImage = null, bool $removeImage = false)
public function updateCoverImage(Book $book, ?UploadedFile $coverImage, bool $removeImage = false)
{
$this->baseRepo->updateCoverImage($book, $coverImage, $removeImage);
}

8
app/Entities/Repos/BookshelfRepo.php
View File

@ -123,7 +123,7 @@ class BookshelfRepo
* @throws ImageUploadException
* @throws Exception
*/
public function updateCoverImage(Bookshelf $shelf, UploadedFile $coverImage = null, bool $removeImage = false)
public function updateCoverImage(Bookshelf $shelf, ?UploadedFile $coverImage, bool $removeImage = false)
{
$this->baseRepo->updateCoverImage($shelf, $coverImage, $removeImage);
}
@ -139,15 +139,15 @@ class BookshelfRepo
/**
* Copy down the permissions of the given shelf to all child books.
*/
public function copyDownPermissions(Bookshelf $shelf): int
public function copyDownPermissions(Bookshelf $shelf, $checkUserPermissions = true): int
{
$shelfPermissions = $shelf->permissions()->get(['role_id', 'action'])->toArray();
$shelfBooks = $shelf->books()->get();
$shelfBooks = $shelf->books()->get(['id', 'restricted']);
$updatedBookCount = 0;
/** @var Book $book */
foreach ($shelfBooks as $book) {
if (!userCan('restrictions-manage', $book)) {
if ($checkUserPermissions && !userCan('restrictions-manage', $book)) {
continue;
}
$book->permissions()->delete();

7
app/Exceptions/ApiAuthException.php Normal file
View File

@ -0,0 +1,7 @@
<?php
namespace BookStack\Exceptions;
class ApiAuthException extends UnauthorizedException {
}

6
app/Exceptions/AuthException.php
View File

@ -1,6 +0,0 @@
<?php namespace BookStack\Exceptions;
class AuthException extends PrettyException
{
}

47
app/Exceptions/Handler.php
View File

@ -7,6 +7,9 @@ use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Validation\ValidationException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@ -47,10 +50,17 @@ class Handler extends ExceptionHandler
*/
public function render($request, Exception $e)
{
if ($this->isApiRequest($request)) {
return $this->renderApiException($e);
}
// Handle notify exceptions which will redirect to the
// specified location then show a notification message.
if ($this->isExceptionType($e, NotifyException::class)) {
session()->flash('error', $this->getOriginalMessage($e));
$message = $this->getOriginalMessage($e);
if (!empty($message)) {
session()->flash('error', $message);
}
return redirect($e->redirectLocation);
}
@ -70,6 +80,41 @@ class Handler extends ExceptionHandler
return parent::render($request, $e);
}
/**
* Check if the given request is an API request.
*/
protected function isApiRequest(Request $request): bool
{
return strpos($request->path(), 'api/') === 0;
}
/**
* Render an exception when the API is in use.
*/
protected function renderApiException(Exception $e): JsonResponse
{
$code = $e->getCode() === 0 ? 500 : $e->getCode();
$headers = [];
if ($e instanceof HttpException) {
$code = $e->getStatusCode();
$headers = $e->getHeaders();
}
$responseData = [
'error' => [
'message' => $e->getMessage(),
]
];
if ($e instanceof ValidationException) {
$responseData['error']['validation'] = $e->errors();
$code = $e->status;
}
$responseData['error']['code'] = $code;
return new JsonResponse($responseData, $code, $headers);
}
/**
* Check the exception chain to compare against the original exception type.
* @param Exception $e

6
app/Exceptions/LoginAttemptEmailNeededException.php Normal file
View File

@ -0,0 +1,6 @@
<?php namespace BookStack\Exceptions;
class LoginAttemptEmailNeededException extends LoginAttemptException
{
}

6
app/Exceptions/LoginAttemptException.php Normal file
View File

@ -0,0 +1,6 @@
<?php namespace BookStack\Exceptions;
class LoginAttemptException extends \Exception
{
}

17
app/Exceptions/UnauthorizedException.php Normal file
View File

@ -0,0 +1,17 @@
<?php
namespace BookStack\Exceptions;
use Exception;
class UnauthorizedException extends Exception
{
/**
* ApiAuthException constructor.
*/
public function __construct($message, $code = 401)
{
parent::__construct($message, $code);
}
}

30
app/Http/Controllers/Api/ApiController.php Normal file
View File

@ -0,0 +1,30 @@
<?php namespace BookStack\Http\Controllers\Api;
use BookStack\Api\ListingResponseBuilder;
use BookStack\Http\Controllers\Controller;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Http\JsonResponse;
class ApiController extends Controller
{
protected $rules = [];
/**
* Provide a paginated listing JSON response in a standard format
* taking into account any pagination parameters passed by the user.
*/
protected function apiListingResponse(Builder $query, array $fields): JsonResponse
{
$listing = new ListingResponseBuilder($query, request(), $fields);
return $listing->toResponse();
}
/**
* Get the validation rules for this controller.
*/
public function getValdationRules(): array
{
return $this->rules;
}
}

47
app/Http/Controllers/Api/ApiDocsController.php Normal file
View File

@ -0,0 +1,47 @@
<?php namespace BookStack\Http\Controllers\Api;
use BookStack\Api\ApiDocsGenerator;
use Cache;
use Illuminate\Support\Collection;
class ApiDocsController extends ApiController
{
/**
* Load the docs page for the API.
*/
public function display()
{
$docs = $this->getDocs();
return view('api-docs.index', [
'docs' => $docs,
]);
}
/**
* Show a JSON view of the API docs data.
*/
public function json() {
$docs = $this->getDocs();
return response()->json($docs);
}
/**
* Get the base docs data.
* Checks and uses the system cache for quick re-fetching.
*/
protected function getDocs(): Collection
{
$appVersion = trim(file_get_contents(base_path('version')));
$cacheKey = 'api-docs::' . $appVersion;
if (Cache::has($cacheKey) && config('app.env') === 'production') {
$docs = Cache::get($cacheKey);
} else {
$docs = (new ApiDocsGenerator())->generate();
Cache::put($cacheKey, $docs, 60*24);
}
return $docs;
}
}

101
app/Http/Controllers/Api/BooksApiController.php Normal file
View File

@ -0,0 +1,101 @@
<?php namespace BookStack\Http\Controllers\Api;
use BookStack\Entities\Book;
use BookStack\Entities\Repos\BookRepo;
use BookStack\Exceptions\NotifyException;
use BookStack\Facades\Activity;
use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class BooksApiController extends ApiController
{
protected $bookRepo;
protected $rules = [
'create' => [
'name' => 'required|string|max:255',
'description' => 'string|max:1000',
],
'update' => [
'name' => 'string|min:1|max:255',
'description' => 'string|max:1000',
],
];
/**
* BooksApiController constructor.
*/
public function __construct(BookRepo $bookRepo)
{
$this->bookRepo = $bookRepo;
}
/**
* Get a listing of books visible to the user.
*/
public function list()
{
$books = Book::visible();
return $this->apiListingResponse($books, [
'id', 'name', 'slug', 'description', 'created_at', 'updated_at', 'created_by', 'updated_by', 'image_id',
]);
}
/**
* Create a new book in the system.
* @throws ValidationException
*/
public function create(Request $request)
{
$this->checkPermission('book-create-all');
$requestData = $this->validate($request, $this->rules['create']);
$book = $this->bookRepo->create($requestData);
Activity::add($book, 'book_create', $book->id);
return response()->json($book);
}
/**
* View the details of a single book.
*/
public function read(string $id)
{
$book = Book::visible()->with(['tags', 'cover', 'createdBy', 'updatedBy'])->findOrFail($id);
return response()->json($book);
}
/**
* Update the details of a single book.
* @throws ValidationException
*/
public function update(Request $request, string $id)
{
$book = Book::visible()->findOrFail($id);
$this->checkOwnablePermission('book-update', $book);
$requestData = $this->validate($request, $this->rules['update']);
$book = $this->bookRepo->update($book, $requestData);
Activity::add($book, 'book_update', $book->id);
return response()->json($book);
}
/**
* Delete a single book from the system.
* @throws NotifyException
* @throws BindingResolutionException
*/
public function delete(string $id)
{
$book = Book::visible()->findOrFail($id);
$this->checkOwnablePermission('book-delete', $book);
$this->bookRepo->destroy($book);
Activity::addMessage('book_delete', $book->name);
return response('', 204);
}
}

1
app/Http/Controllers/Auth/ForgotPasswordController.php
View File

@ -30,6 +30,7 @@ class ForgotPasswordController extends Controller
public function __construct()
{
$this->middleware('guest');
$this->middleware('guard:standard');
parent::__construct();
}

157
app/Http/Controllers/Auth/LoginController.php
View File

@ -2,12 +2,11 @@
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\LdapService;
use BookStack\Auth\Access\SocialAuthService;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\AuthException;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\LoginAttemptException;
use BookStack\Exceptions\UserRegistrationException;
use BookStack\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
@ -27,32 +26,23 @@ class LoginController extends Controller
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
* Redirection paths
*/
protected $redirectTo = '/';
protected $redirectPath = '/';
protected $redirectAfterLogout = '/login';
protected $socialAuthService;
protected $ldapService;
protected $userRepo;
/**
* Create a new controller instance.
*
* @param \BookStack\Auth\\BookStack\Auth\Access\SocialAuthService $socialAuthService
* @param LdapService $ldapService
* @param \BookStack\Auth\UserRepo $userRepo
*/
public function __construct(SocialAuthService $socialAuthService, LdapService $ldapService, UserRepo $userRepo)
public function __construct(SocialAuthService $socialAuthService)
{
$this->middleware('guest', ['only' => ['getLogin', 'postLogin']]);
$this->middleware('guest', ['only' => ['getLogin', 'login']]);
$this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]);
$this->socialAuthService = $socialAuthService;
$this->ldapService = $ldapService;
$this->userRepo = $userRepo;
$this->redirectPath = url('/');
$this->redirectAfterLogout = url('/login');
parent::__construct();
@ -64,62 +54,20 @@ class LoginController extends Controller
}
/**
* Overrides the action when a user is authenticated.
* If the user authenticated but does not exist in the user table we create them.
* @param Request $request
* @param Authenticatable $user
* @return \Illuminate\Http\RedirectResponse
* @throws AuthException
* @throws \BookStack\Exceptions\LdapException
* Get the needed authorization credentials from the request.
*/
protected function authenticated(Request $request, Authenticatable $user)
protected function credentials(Request $request)
{
// Explicitly log them out for now if they do no exist.
if (!$user->exists) {
auth()->logout($user);
}
if (!$user->exists && $user->email === null && !$request->filled('email')) {
$request->flash();
session()->flash('request-email', true);
return redirect('/login');
}
if (!$user->exists && $user->email === null && $request->filled('email')) {
$user->email = $request->get('email');
}
if (!$user->exists) {
// Check for users with same email already
$alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
if ($alreadyUser) {
throw new AuthException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
}
$user->save();
$this->userRepo->attachDefaultRole($user);
$this->userRepo->downloadAndAssignUserAvatar($user);
auth()->login($user);
}
// Sync LDAP groups if required
if ($this->ldapService->shouldSyncGroups()) {
$this->ldapService->syncGroups($user, $request->get($this->username()));
}
return redirect()->intended('/');
return $request->only('username', 'email', 'password');
}
/**
* Show the application login form.
* @param Request $request
* @return \Illuminate\Http\Response
*/
public function getLogin(Request $request)
{
$socialDrivers = $this->socialAuthService->getActiveDrivers();
$authMethod = config('auth.method');
$samlEnabled = config('saml2.enabled') === true;
if ($request->has('email')) {
session()->flashInput([
@ -131,38 +79,87 @@ class LoginController extends Controller
return view('auth.login', [
'socialDrivers' => $socialDrivers,
'authMethod' => $authMethod,
'samlEnabled' => $samlEnabled,
]);
}
/**
* Redirect to the relevant social site.
* @param $socialDriver
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* @throws \BookStack\Exceptions\SocialDriverNotConfigured
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*
* @throws \Illuminate\Validation\ValidationException
*/
public function getSocialLogin($socialDriver)
public function login(Request $request)
{
session()->put('social-callback', 'login');
return $this->socialAuthService->startLogIn($socialDriver);
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
try {
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
} catch (LoginAttemptException $exception) {
return $this->sendLoginAttemptExceptionResponse($exception, $request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
/**
* Log the user out of the application.
* Validate the user login request.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @return void
*
* @throws \Illuminate\Validation\ValidationException
*/
public function logout(Request $request)
protected function validateLogin(Request $request)
{
if (config('saml2.enabled') && session()->get('last_login_type') === 'saml2') {
return redirect('/saml2/logout');
$rules = ['password' => 'required|string'];
$authMethod = config('auth.method');
if ($authMethod === 'standard') {
$rules['email'] = 'required|email';
}
$this->guard()->logout();
if ($authMethod === 'ldap') {
$rules['username'] = 'required|string';
$rules['email'] = 'email';
}
$request->session()->invalidate();
return $this->loggedOut($request) ?: redirect('/');
$request->validate($rules);
}
/**
* Send a response when a login attempt exception occurs.
*/
protected function sendLoginAttemptExceptionResponse(LoginAttemptException $exception, Request $request)
{
if ($exception instanceof LoginAttemptEmailNeededException) {
$request->flash();
session()->flash('request-email', true);
}
if ($message = $exception->getMessage()) {
$this->showWarningNotification($message);
}
return redirect('/login');
}
}

198
app/Http/Controllers/Auth/RegisterController.php
View File

@ -2,25 +2,14 @@
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\EmailConfirmationService;
use BookStack\Auth\Access\RegistrationService;
use BookStack\Auth\Access\SocialAuthService;
use BookStack\Auth\SocialAccount;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\SocialDriverNotConfigured;
use BookStack\Exceptions\SocialSignInAccountNotUsed;
use BookStack\Exceptions\SocialSignInException;
use BookStack\Exceptions\UserRegistrationException;
use BookStack\Http\Controllers\Controller;
use Exception;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Routing\Redirector;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use Laravel\Socialite\Contracts\User as SocialUser;
use Validator;
class RegisterController extends Controller
@ -39,8 +28,7 @@ class RegisterController extends Controller
use RegistersUsers;
protected $socialAuthService;
protected $emailConfirmationService;
protected $userRepo;
protected $registrationService;
/**
* Where to redirect users after login / registration.
@ -52,17 +40,15 @@ class RegisterController extends Controller
/**
* Create a new controller instance.
*
* @param SocialAuthService $socialAuthService
* @param EmailConfirmationService $emailConfirmationService
* @param UserRepo $userRepo
*/
public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
public function __construct(SocialAuthService $socialAuthService, RegistrationService $registrationService)
{
$this->middleware('guest')->only(['getRegister', 'postRegister', 'socialRegister']);
$this->middleware('guest');
$this->middleware('guard:standard');
$this->socialAuthService = $socialAuthService;
$this->emailConfirmationService = $emailConfirmationService;
$this->userRepo = $userRepo;
$this->registrationService = $registrationService;
$this->redirectTo = url('/');
$this->redirectPath = url('/');
parent::__construct();
@ -71,7 +57,6 @@ class RegisterController extends Controller
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
@ -83,46 +68,41 @@ class RegisterController extends Controller
]);
}
/**
* Check whether or not registrations are allowed in the app settings.
* @throws UserRegistrationException
*/
protected function checkRegistrationAllowed()
{
if (!setting('registration-enabled')) {
throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login');
}
}
/**
* Show the application registration form.
* @return Response
* @throws UserRegistrationException
*/
public function getRegister()
{
$this->checkRegistrationAllowed();
$this->registrationService->ensureRegistrationAllowed();
$socialDrivers = $this->socialAuthService->getActiveDrivers();
$samlEnabled = (config('saml2.enabled') === true) && (config('saml2.auto_register') === true);
return view('auth.register', [
'socialDrivers' => $socialDrivers,
'samlEnabled' => $samlEnabled,
]);
}
/**
* Handle a registration request for the application.
* @param Request|Request $request
* @return RedirectResponse|Redirector
* @throws UserRegistrationException
*/
public function postRegister(Request $request)
{
$this->checkRegistrationAllowed();
$this->registrationService->ensureRegistrationAllowed();
$this->validator($request->all())->validate();
$userData = $request->all();
return $this->registerUser($userData);
try {
$user = $this->registrationService->registerUser($userData);
auth()->login($user);
} catch (UserRegistrationException $exception) {
if ($exception->getMessage()) {
$this->showErrorNotification($exception->getMessage());
}
return redirect($exception->redirectLocation);
}
$this->showSuccessNotification(trans('auth.register_success'));
return redirect($this->redirectPath());
}
/**
@ -139,136 +119,4 @@ class RegisterController extends Controller
]);
}
/**
* The registrations flow for all users.
* @param array $userData
* @param bool|false|SocialAccount $socialAccount
* @param bool $emailVerified
* @return RedirectResponse|Redirector
* @throws UserRegistrationException
*/
protected function registerUser(array $userData, $socialAccount = false, $emailVerified = false)
{
$registrationRestrict = setting('registration-restrict');
if ($registrationRestrict) {
$restrictedEmailDomains = explode(',', str_replace(' ', '', $registrationRestrict));
$userEmailDomain = $domain = mb_substr(mb_strrchr($userData['email'], "@"), 1);
if (!in_array($userEmailDomain, $restrictedEmailDomains)) {
throw new UserRegistrationException(trans('auth.registration_email_domain_invalid'), '/register');
}
}
$newUser = $this->userRepo->registerNew($userData, $emailVerified);
if ($socialAccount) {
$newUser->socialAccounts()->save($socialAccount);
}
if ($this->emailConfirmationService->confirmationRequired() && !$emailVerified) {
$newUser->save();
try {
$this->emailConfirmationService->sendConfirmation($newUser);
} catch (Exception $e) {
$this->showErrorNotification(trans('auth.email_confirm_send_error'));
}
return redirect('/register/confirm');
}
auth()->login($newUser);
$this->showSuccessNotification(trans('auth.register_success'));
return redirect($this->redirectPath());
}
/**
* Redirect to the social site for authentication intended to register.
* @param $socialDriver
* @return mixed
* @throws UserRegistrationException
* @throws SocialDriverNotConfigured
*/
public function socialRegister($socialDriver)
{
$this->checkRegistrationAllowed();
session()->put('social-callback', 'register');
return $this->socialAuthService->startRegister($socialDriver);
}
/**
* The callback for social login services.
* @param Request $request
* @param string $socialDriver
* @return RedirectResponse|Redirector
* @throws SocialSignInException
* @throws UserRegistrationException
* @throws SocialDriverNotConfigured
*/
public function socialCallback(Request $request, string $socialDriver)
{
if (!session()->has('social-callback')) {
throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login');
}
// Check request for error information
if ($request->has('error') && $request->has('error_description')) {
throw new SocialSignInException(trans('errors.social_login_bad_response', [
'socialAccount' => $socialDriver,
'error' => $request->get('error_description'),
]), '/login');
}
$action = session()->pull('social-callback');
// Attempt login or fall-back to register if allowed.
$socialUser = $this->socialAuthService->getSocialUser($socialDriver);
if ($action == 'login') {
try {
return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser);
} catch (SocialSignInAccountNotUsed $exception) {
if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) {
return $this->socialRegisterCallback($socialDriver, $socialUser);
}
throw $exception;
}
}
if ($action == 'register') {
return $this->socialRegisterCallback($socialDriver, $socialUser);
}
return redirect()->back();
}
/**
* Detach a social account from a user.
* @param $socialDriver
* @return RedirectResponse|Redirector
*/
public function detachSocialAccount($socialDriver)
{
return $this->socialAuthService->detachSocialAccount($socialDriver);
}
/**
* Register a new user after a registration callback.
* @param string $socialDriver
* @param SocialUser $socialUser
* @return RedirectResponse|Redirector
* @throws UserRegistrationException
*/
protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser)
{
$socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser);
$socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser);
$emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver);
// Create an array of the user data to create a new user instance
$userData = [
'name' => $socialUser->getName(),
'email' => $socialUser->getEmail(),
'password' => Str::random(30)
];
return $this->registerUser($userData, $socialAccount, $emailVerified);
}
}

1
app/Http/Controllers/Auth/ResetPasswordController.php
View File

@ -31,6 +31,7 @@ class ResetPasswordController extends Controller
public function __construct()
{
$this->middleware('guest');
$this->middleware('guard:standard');
parent::__construct();
}

11
app/Http/Controllers/Auth/Saml2Controller.php
View File

@ -17,15 +17,7 @@ class Saml2Controller extends Controller
{
parent::__construct();
$this->samlService = $samlService;
// SAML2 access middleware
$this->middleware(function ($request, $next) {
if (!config('saml2.enabled')) {
$this->showPermissionError();
}
return $next($request);
});
$this->middleware('guard:saml2');
}
/**
@ -89,7 +81,6 @@ class Saml2Controller extends Controller
return redirect('/login');
}
session()->put('last_login_type', 'saml2');
return redirect()->intended();
}

132
app/Http/Controllers/Auth/SocialController.php Normal file
View File

@ -0,0 +1,132 @@
<?php
namespace BookStack\Http\Controllers\Auth;
use BookStack\Auth\Access\RegistrationService;
use BookStack\Auth\Access\SocialAuthService;
use BookStack\Exceptions\SocialDriverNotConfigured;
use BookStack\Exceptions\SocialSignInAccountNotUsed;
use BookStack\Exceptions\SocialSignInException;
use BookStack\Exceptions\UserRegistrationException;
use BookStack\Http\Controllers\Controller;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
use Illuminate\Support\Str;
use Laravel\Socialite\Contracts\User as SocialUser;
class SocialController extends Controller
{
protected $socialAuthService;
protected $registrationService;
/**
* SocialController constructor.
*/
public function __construct(SocialAuthService $socialAuthService, RegistrationService $registrationService)
{
$this->middleware('guest')->only(['getRegister', 'postRegister']);
$this->socialAuthService = $socialAuthService;
$this->registrationService = $registrationService;
}
/**
* Redirect to the relevant social site.
* @throws \BookStack\Exceptions\SocialDriverNotConfigured
*/
public function getSocialLogin(string $socialDriver)
{
session()->put('social-callback', 'login');
return $this->socialAuthService->startLogIn($socialDriver);
}
/**
* Redirect to the social site for authentication intended to register.
* @throws SocialDriverNotConfigured
* @throws UserRegistrationException
*/
public function socialRegister(string $socialDriver)
{
$this->registrationService->ensureRegistrationAllowed();
session()->put('social-callback', 'register');
return $this->socialAuthService->startRegister($socialDriver);
}
/**
* The callback for social login services.
* @throws SocialSignInException
* @throws SocialDriverNotConfigured
* @throws UserRegistrationException
*/
public function socialCallback(Request $request, string $socialDriver)
{
if (!session()->has('social-callback')) {
throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login');
}
// Check request for error information
if ($request->has('error') && $request->has('error_description')) {
throw new SocialSignInException(trans('errors.social_login_bad_response', [
'socialAccount' => $socialDriver,
'error' => $request->get('error_description'),
]), '/login');
}
$action = session()->pull('social-callback');
// Attempt login or fall-back to register if allowed.
$socialUser = $this->socialAuthService->getSocialUser($socialDriver);
if ($action === 'login') {
try {
return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser);
} catch (SocialSignInAccountNotUsed $exception) {
if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) {
return $this->socialRegisterCallback($socialDriver, $socialUser);
}
throw $exception;
}
}
if ($action === 'register') {
return $this->socialRegisterCallback($socialDriver, $socialUser);
}
return redirect()->back();
}
/**
* Detach a social account from a user.
*/
public function detachSocialAccount(string $socialDriver)
{
$this->socialAuthService->detachSocialAccount($socialDriver);
session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)]));
return redirect(user()->getEditUrl());
}
/**
* Register a new user after a registration callback.
* @throws UserRegistrationException
*/
protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser)
{
$socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser);
$socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser);
$emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver);
// Create an array of the user data to create a new user instance
$userData = [
'name' => $socialUser->getName(),
'email' => $socialUser->getEmail(),
'password' => Str::random(32)
];
$user = $this->registrationService->registerUser($userData, $socialAccount, $emailVerified);
auth()->login($user);
$this->showSuccessNotification(trans('auth.register_success'));
return redirect('/');
}
}

16
app/Http/Controllers/Auth/UserInviteController.php
View File

@ -8,11 +8,9 @@ use BookStack\Exceptions\UserTokenExpiredException;
use BookStack\Exceptions\UserTokenNotFoundException;
use BookStack\Http\Controllers\Controller;
use Exception;
use Illuminate\Contracts\View\Factory;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
use Illuminate\View\View;
class UserInviteController extends Controller
{
@ -21,22 +19,20 @@ class UserInviteController extends Controller
/**
* Create a new controller instance.
*
* @param UserInviteService $inviteService
* @param UserRepo $userRepo
*/
public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
{
$this->middleware('guest');
$this->middleware('guard:standard');
$this->inviteService = $inviteService;
$this->userRepo = $userRepo;
$this->middleware('guest');
parent::__construct();
}
/**
* Show the page for the user to set the password for their account.
* @param string $token
* @return Factory|View|RedirectResponse
* @throws Exception
*/
public function showSetPassword(string $token)
@ -54,9 +50,6 @@ class UserInviteController extends Controller
/**
* Sets the password for an invited user and then grants them access.
* @param Request $request
* @param string $token
* @return RedirectResponse|Redirector
* @throws Exception
*/
public function setPassword(Request $request, string $token)
@ -85,7 +78,6 @@ class UserInviteController extends Controller
/**
* Check and validate the exception thrown when checking an invite token.
* @param Exception $exception
* @return RedirectResponse|Redirector
* @throws Exception
*/

2
app/Http/Controllers/BookshelfController.php
View File

@ -90,7 +90,7 @@ class BookshelfController extends Controller
$bookIds = explode(',', $request->get('books', ''));
$shelf = $this->bookshelfRepo->create($request->all(), $bookIds);
$this->bookshelfRepo->updateCoverImage($shelf);
$this->bookshelfRepo->updateCoverImage($shelf, $request->file('image', null));
Activity::add($shelf, 'bookshelf_create');
return redirect($shelf->getUrl());

3
app/Http/Controllers/PageController.php
View File

@ -304,11 +304,12 @@ class PageController extends Controller
$this->checkOwnablePermission('page-delete', $page);
$book = $page->book;
$parent = $page->chapter ?? $book;
$this->pageRepo->destroy($page);
Activity::addMessage('page_delete', $page->name, $book->id);
$this->showSuccessNotification(trans('entities.pages_delete_success'));
return redirect($book->getUrl());
return redirect($parent->getUrl());
}
/**

2
app/Http/Controllers/SearchController.php
View File

@ -109,7 +109,7 @@ class SearchController extends Controller
// Page in chapter
if ($entity->isA('page') && $entity->chapter) {
$entities = $entity->chapter->visiblePages();
$entities = $entity->chapter->getVisiblePages();
}
// Page in book or chapter

29
app/Http/Controllers/SettingController.php
View File

@ -5,8 +5,6 @@ use BookStack\Notifications\TestEmail;
use BookStack\Uploads\ImageRepo;
use BookStack\Uploads\ImageService;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Setting;
class SettingController extends Controller
{
@ -14,7 +12,6 @@ class SettingController extends Controller
/**
* SettingController constructor.
* @param $imageRepo
*/
public function __construct(ImageRepo $imageRepo)
{
@ -22,10 +19,8 @@ class SettingController extends Controller
parent::__construct();
}
/**
* Display a listing of the settings.
* @return Response
*/
public function index()
{
@ -43,8 +38,6 @@ class SettingController extends Controller
/**
* Update the specified settings in storage.
* @param Request $request
* @return Response
*/
public function update(Request $request)
{
@ -78,12 +71,12 @@ class SettingController extends Controller
}
$this->showSuccessNotification(trans('settings.settings_save_success'));
return redirect('/settings');
$redirectLocation = '/settings#' . $request->get('section', '');
return redirect(rtrim($redirectLocation, '#'));
}
/**
* Show the page for application maintenance.
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function showMaintenance()
{
@ -98,9 +91,6 @@ class SettingController extends Controller
/**
* Action to clean-up images in the system.
* @param Request $request
* @param ImageService $imageService
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function cleanupImages(Request $request, ImageService $imageService)
{
@ -127,16 +117,19 @@ class SettingController extends Controller
/**
* Action to send a test e-mail to the current user.
* @param Request $request
* @param User $user
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function sendTestEmail(Request $request)
public function sendTestEmail()
{
$this->checkPermission('settings-manage');
user()->notify(new TestEmail());
$this->showSuccessNotification(trans('settings.maint_send_test_email_success', ['address' => user()->email]));
try {
user()->notify(new TestEmail());
$this->showSuccessNotification(trans('settings.maint_send_test_email_success', ['address' => user()->email]));
} catch (\Exception $exception) {
$errorMessage = trans('errors.maintenance_test_email_failure') . "\n" . $exception->getMessage();
$this->showErrorNotification($errorMessage);
}
return redirect('/settings/maintenance#image-cleanup')->withInput();
}

139
app/Http/Controllers/UserApiTokenController.php Normal file
View File

@ -0,0 +1,139 @@
<?php namespace BookStack\Http\Controllers;
use BookStack\Api\ApiToken;
use BookStack\Auth\User;
use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
class UserApiTokenController extends Controller
{
/**
* Show the form to create a new API token.
*/
public function create(int $userId)
{
// Ensure user is has access-api permission and is the current user or has permission to manage the current user.
$this->checkPermission('access-api');
$this->checkPermissionOrCurrentUser('users-manage', $userId);
$user = User::query()->findOrFail($userId);
return view('users.api-tokens.create', [
'user' => $user,
]);
}
/**
* Store a new API token in the system.
*/
public function store(Request $request, int $userId)
{
$this->checkPermission('access-api');
$this->checkPermissionOrCurrentUser('users-manage', $userId);
$this->validate($request, [
'name' => 'required|max:250',
'expires_at' => 'date_format:Y-m-d',
]);
$user = User::query()->findOrFail($userId);
$secret = Str::random(32);
$token = (new ApiToken())->forceFill([
'name' => $request->get('name'),
'token_id' => Str::random(32),
'secret' => Hash::make($secret),
'user_id' => $user->id,
'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(),
]);
while (ApiToken::query()->where('token_id', '=', $token->token_id)->exists()) {
$token->token_id = Str::random(32);
}
$token->save();
session()->flash('api-token-secret:' . $token->id, $secret);
$this->showSuccessNotification(trans('settings.user_api_token_create_success'));
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
}
/**
* Show the details for a user API token, with access to edit.
*/
public function edit(int $userId, int $tokenId)
{
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
$secret = session()->pull('api-token-secret:' . $token->id, null);
return view('users.api-tokens.edit', [
'user' => $user,
'token' => $token,
'model' => $token,
'secret' => $secret,
]);
}
/**
* Update the API token.
*/
public function update(Request $request, int $userId, int $tokenId)
{
$this->validate($request, [
'name' => 'required|max:250',
'expires_at' => 'date_format:Y-m-d',
]);
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
$token->fill([
'name' => $request->get('name'),
'expires_at' => $request->get('expires_at') ?: ApiToken::defaultExpiry(),
])->save();
$this->showSuccessNotification(trans('settings.user_api_token_update_success'));
return redirect($user->getEditUrl('/api-tokens/' . $token->id));
}
/**
* Show the delete view for this token.
*/
public function delete(int $userId, int $tokenId)
{
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
return view('users.api-tokens.delete', [
'user' => $user,
'token' => $token,
]);
}
/**
* Destroy a token from the system.
*/
public function destroy(int $userId, int $tokenId)
{
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
$token->delete();
$this->showSuccessNotification(trans('settings.user_api_token_delete_success'));
return redirect($user->getEditUrl('#api_tokens'));
}
/**
* Check the permission for the current user and return an array
* where the first item is the user in context and the second item is their
* API token in context.
*/
protected function checkPermissionAndFetchUserToken(int $userId, int $tokenId): array
{
$this->checkPermissionOr('users-manage', function () use ($userId) {
return $userId === user()->id && userCan('access-api');
});
$user = User::query()->findOrFail($userId);
$token = ApiToken::query()->where('user_id', '=', $user->id)->where('id', '=', $tokenId)->firstOrFail();
return [$user, $token];
}
}

14
app/Http/Controllers/UserController.php
View File

@ -116,22 +116,24 @@ class UserController extends Controller
/**
* Show the form for editing the specified user.
* @param int $id
* @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
* @return Response
*/
public function edit($id, SocialAuthService $socialAuthService)
public function edit(int $id, SocialAuthService $socialAuthService)
{
$this->checkPermissionOrCurrentUser('users-manage', $id);
$user = $this->user->findOrFail($id);
$user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);
$authMethod = ($user->system_name) ? 'system' : config('auth.method');
$activeSocialDrivers = $socialAuthService->getActiveDrivers();
$this->setPageTitle(trans('settings.user_profile'));
$roles = $this->userRepo->getAllRoles();
return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
return view('users.edit', [
'user' => $user,
'activeSocialDrivers' => $activeSocialDrivers,
'authMethod' => $authMethod,
'roles' => $roles
]);
}
/**

16
app/Http/Kernel.php
View File

@ -6,10 +6,7 @@ class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\BookStack\Http\Middleware\CheckForMaintenanceMode::class,
@ -31,13 +28,14 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class,
\BookStack\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\BookStack\Http\Middleware\Localization::class,
\BookStack\Http\Middleware\GlobalViewData::class,
],
'api' => [
'throttle:60,1',
'bindings',
\BookStack\Http\Middleware\ThrottleApiRequests::class,
\BookStack\Http\Middleware\EncryptCookies::class,
\BookStack\Http\Middleware\StartSessionIfCookieExists::class,
\BookStack\Http\Middleware\ApiAuthenticate::class,
],
];
@ -48,10 +46,10 @@ class Kernel extends HttpKernel
*/
protected $routeMiddleware = [
'auth' => \BookStack\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \BookStack\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'perm' => \BookStack\Http\Middleware\PermissionMiddleware::class
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'perm' => \BookStack\Http\Middleware\PermissionMiddleware::class,
'guard' => \BookStack\Http\Middleware\CheckGuard::class,
];
}

66
app/Http/Middleware/ApiAuthenticate.php Normal file
View File

@ -0,0 +1,66 @@
<?php
namespace BookStack\Http\Middleware;
use BookStack\Exceptions\ApiAuthException;
use BookStack\Exceptions\UnauthorizedException;
use Closure;
use Illuminate\Http\Request;
class ApiAuthenticate
{
use ChecksForEmailConfirmation;
/**
* Handle an incoming request.
*/
public function handle(Request $request, Closure $next)
{
// Validate the token and it's users API access
try {
$this->ensureAuthorizedBySessionOrToken();
} catch (UnauthorizedException $exception) {
return $this->unauthorisedResponse($exception->getMessage(), $exception->getCode());
}
return $next($request);
}
/**
* Ensure the current user can access authenticated API routes, either via existing session
* authentication or via API Token authentication.
* @throws UnauthorizedException
*/
protected function ensureAuthorizedBySessionOrToken(): void
{
// Return if the user is already found to be signed in via session-based auth.
// This is to make it easy to browser the API via browser after just logging into the system.
if (signedInUser()) {
$this->ensureEmailConfirmedIfRequested();
if (!auth()->user()->can('access-api')) {
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
}
return;
}
// Set our api guard to be the default for this request lifecycle.
auth()->shouldUse('api');
// Validate the token and it's users API access
auth()->authenticate();
$this->ensureEmailConfirmedIfRequested();
}
/**
* Provide a standard API unauthorised response.
*/
protected function unauthorisedResponse(string $message, int $code)
{
return response()->json([
'error' => [
'code' => $code,
'message' => $message,
]
], $code);
}
}

47
app/Http/Middleware/Authenticate.php
View File

@ -3,38 +3,19 @@
namespace BookStack\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\Request;
class Authenticate
{
/**
* The Guard implementation.
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
* @param Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
use ChecksForEmailConfirmation;
/**
* Handle an incoming request.
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
public function handle(Request $request, Closure $next)
{
if ($this->auth->check()) {
$requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict'));
if ($requireConfirmation && !$this->auth->user()->email_confirmed) {
return redirect('/register/confirm/awaiting');
}
if ($this->awaitingEmailConfirmation()) {
return $this->emailConfirmationErrorResponse($request);
}
if (!hasAppAccess()) {
@ -47,4 +28,22 @@ class Authenticate
return $next($request);
}
/**
* Provide an error response for when the current user's email is not confirmed
* in a system which requires it.
*/
protected function emailConfirmationErrorResponse(Request $request)
{
if ($request->wantsJson()) {
return response()->json([
'error' => [
'code' => 401,
'message' => trans('errors.email_confirmation_awaiting')
]
], 401);
}
return redirect('/register/confirm/awaiting');
}
}

27
app/Http/Middleware/CheckGuard.php Normal file
View File

@ -0,0 +1,27 @@
<?php
namespace BookStack\Http\Middleware;
use Closure;
class CheckGuard
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $allowedGuards
* @return mixed
*/
public function handle($request, Closure $next, ...$allowedGuards)
{
$activeGuard = config('auth.method');
if (!in_array($activeGuard, $allowedGuards)) {
session()->flash('error', trans('errors.permission'));
return redirect('/');
}
return $next($request);
}
}

36
app/Http/Middleware/ChecksForEmailConfirmation.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace BookStack\Http\Middleware;
use BookStack\Exceptions\UnauthorizedException;
use Illuminate\Http\Request;
trait ChecksForEmailConfirmation
{
/**
* Check if the current user has a confirmed email if the instance deems it as required.
* Throws if confirmation is required by the user.
* @throws UnauthorizedException
*/
protected function ensureEmailConfirmedIfRequested()
{
if ($this->awaitingEmailConfirmation()) {
throw new UnauthorizedException(trans('errors.email_confirmation_awaiting'));
}
}
/**
* Check if email confirmation is required and the current user is awaiting confirmation.
*/
protected function awaitingEmailConfirmation(): bool
{
if (auth()->check()) {
$requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict'));
if ($requireConfirmation && !auth()->user()->email_confirmed) {
return true;
}
}
return false;
}
}

1
app/Http/Middleware/Localization.php
View File

@ -19,6 +19,7 @@ class Localization
*/
protected $localeMap = [
'ar' => 'ar',
'da' => 'da_DK',
'de' => 'de_DE',
'de_informal' => 'de_DE',
'en' => 'en_GB',

2
app/Http/Middleware/PermissionMiddleware.php
View File

@ -19,7 +19,7 @@ class PermissionMiddleware
{
if (!$request->user() || !$request->user()->can($permission)) {
Session::flash('error', trans('errors.permission'));
session()->flash('error', trans('errors.permission'));
return redirect()->back();
}

22
app/Http/Middleware/StartSessionIfCookieExists.php Normal file
View File

@ -0,0 +1,22 @@
<?php
namespace BookStack\Http\Middleware;
use Closure;
use Illuminate\Session\Middleware\StartSession as Middleware;
class StartSessionIfCookieExists extends Middleware
{
/**
* Handle an incoming request.
*/
public function handle($request, Closure $next)
{
$sessionCookieName = config('session.cookie');
if ($request->cookies->has($sessionCookieName)) {
return parent::handle($request, $next);
}
return $next($request);
}
}

18
app/Http/Middleware/ThrottleApiRequests.php Normal file
View File

@ -0,0 +1,18 @@
<?php
namespace BookStack\Http\Middleware;
use Illuminate\Routing\Middleware\ThrottleRequests as Middleware;
class ThrottleApiRequests extends Middleware
{
/**
* Resolve the number of attempts if the user is authenticated or not.
*/
protected function resolveMaxAttempts($request, $maxAttempts)
{
return (int) config('api.requests_per_minute');
}
}

2
app/Http/Middleware/TrustProxies.php
View File

@ -28,7 +28,7 @@ class TrustProxies extends Middleware
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
public function handle(Request $request, Closure $next)
{
$setProxies = config('app.proxies');
if ($setProxies !== '**' && $setProxies !== '*' && $setProxies !== '') {

35
app/Providers/AuthServiceProvider.php
View File

@ -3,7 +3,13 @@
namespace BookStack\Providers;
use Auth;
use BookStack\Api\ApiTokenGuard;
use BookStack\Auth\Access\ExternalBaseUserProvider;
use BookStack\Auth\Access\Guards\LdapSessionGuard;
use BookStack\Auth\Access\Guards\Saml2SessionGuard;
use BookStack\Auth\Access\LdapService;
use BookStack\Auth\Access\RegistrationService;
use BookStack\Auth\UserRepo;
use Illuminate\Support\ServiceProvider;
class AuthServiceProvider extends ServiceProvider
@ -15,7 +21,30 @@ class AuthServiceProvider extends ServiceProvider
*/
public function boot()
{
//
Auth::extend('api-token', function ($app, $name, array $config) {
return new ApiTokenGuard($app['request']);
});
Auth::extend('ldap-session', function ($app, $name, array $config) {
$provider = Auth::createUserProvider($config['provider']);
return new LdapSessionGuard(
$name,
$provider,
$this->app['session.store'],
$app[LdapService::class],
$app[RegistrationService::class]
);
});
Auth::extend('saml2-session', function ($app, $name, array $config) {
$provider = Auth::createUserProvider($config['provider']);
return new Saml2SessionGuard(
$name,
$provider,
$this->app['session.store'],
$app[RegistrationService::class]
);
});
}
/**
@ -25,8 +54,8 @@ class AuthServiceProvider extends ServiceProvider
*/
public function register()
{
Auth::provider('ldap', function ($app, array $config) {
return new LdapUserProvider($config['model'], $app[LdapService::class]);
Auth::provider('external-users', function ($app, array $config) {
return new ExternalBaseUserProvider($config['model']);
});
}
}

4
app/Providers/RouteServiceProvider.php
View File

@ -34,7 +34,7 @@ class RouteServiceProvider extends ServiceProvider
public function map()
{
$this->mapWebRoutes();
// $this->mapApiRoutes();
$this->mapApiRoutes();
}
/**
* Define the "web" routes for the application.
@ -63,7 +63,7 @@ class RouteServiceProvider extends ServiceProvider
{
Route::group([
'middleware' => 'api',
'namespace' => $this->namespace,
'namespace' => $this->namespace . '\Api',
'prefix' => 'api',
], function ($router) {
require base_path('routes/api.php');

22
app/Settings/SettingService.php
View File

@ -98,12 +98,6 @@ class SettingService
*/
protected function getValueFromStore($key, $default)
{
// Check for an overriding value
$overrideValue = $this->getOverrideValue($key);
if ($overrideValue !== null) {
return $overrideValue;
}
// Check the cache
$cacheKey = $this->cachePrefix . $key;
$cacheVal = $this->cache->get($cacheKey, null);
@ -255,20 +249,4 @@ class SettingService
{
return $this->setting->where('setting_key', '=', $key)->first();
}
/**
* Returns an override value for a setting based on certain app conditions.
* Used where certain configuration options overrule others.
* Returns null if no override value is available.
* @param $key
* @return bool|null
*/
protected function getOverrideValue($key)
{
if ($key === 'registration-enabled' && config('auth.method') === 'ldap') {
return false;
}
return null;
}
}

1
app/Uploads/Image.php
View File

@ -8,6 +8,7 @@ class Image extends Ownable
{
protected $fillable = ['name'];
protected $hidden = [];
/**
* Get a thumbnail for this image.

104
app/Uploads/ImageRepo.php
View File

@ -2,6 +2,8 @@
use BookStack\Auth\Permissions\PermissionService;
use BookStack\Entities\Page;
use BookStack\Exceptions\ImageUploadException;
use Exception;
use Illuminate\Database\Eloquent\Builder;
use Symfony\Component\HttpFoundation\File\UploadedFile;
@ -15,10 +17,6 @@ class ImageRepo
/**
* ImageRepo constructor.
* @param Image $image
* @param ImageService $imageService
* @param \BookStack\Auth\Permissions\PermissionService $permissionService
* @param \BookStack\Entities\Page $page
*/
public function __construct(
Image $image,
@ -35,10 +33,8 @@ class ImageRepo
/**
* Get an image with the given id.
* @param $id
* @return Image
*/
public function getById($id)
public function getById($id): Image
{
return $this->image->findOrFail($id);
}
@ -46,13 +42,8 @@ class ImageRepo
/**
* Execute a paginated query, returning in a standard format.
* Also runs the query through the restriction system.
* @param $query
* @param int $page
* @param int $pageSize
* @param bool $filterOnPage
* @return array
*/
private function returnPaginated($query, $page = 1, $pageSize = 24)
private function returnPaginated($query, $page = 1, $pageSize = 24): array
{
$images = $query->orderBy('created_at', 'desc')->skip($pageSize * ($page - 1))->take($pageSize + 1)->get();
$hasMore = count($images) > $pageSize;
@ -71,13 +62,6 @@ class ImageRepo
/**
* Fetch a list of images in a paginated format, filtered by image type.
* Can be filtered by uploaded to and also by name.
* @param string $type
* @param int $page
* @param int $pageSize
* @param int $uploadedTo
* @param string|null $search
* @param callable|null $whereClause
* @return array
*/
public function getPaginatedByType(
string $type,
@ -86,7 +70,8 @@ class ImageRepo
int $uploadedTo = null,
string $search = null,
callable $whereClause = null
) {
): array
{
$imageQuery = $this->image->newQuery()->where('type', '=', strtolower($type));
if ($uploadedTo !== null) {
@ -109,13 +94,6 @@ class ImageRepo
/**
* Get paginated gallery images within a specific page or book.
* @param string $type
* @param string $filterType
* @param int $page
* @param int $pageSize
* @param int|null $uploadedTo
* @param string|null $search
* @return array
*/
public function getEntityFiltered(
string $type,
@ -124,7 +102,8 @@ class ImageRepo
int $pageSize = 24,
int $uploadedTo = null,
string $search = null
) {
): array
{
$contextPage = $this->page->findOrFail($uploadedTo);
$parentFilter = null;
@ -144,16 +123,9 @@ class ImageRepo
/**
* Save a new image into storage and return the new image.
* @param UploadedFile $uploadFile
* @param string $type
* @param int $uploadedTo
* @param int|null $resizeWidth
* @param int|null $resizeHeight
* @param bool $keepRatio
* @return Image
* @throws \BookStack\Exceptions\ImageUploadException
* @throws ImageUploadException
*/
public function saveNew(UploadedFile $uploadFile, $type, $uploadedTo = 0, int $resizeWidth = null, int $resizeHeight = null, bool $keepRatio = true)
public function saveNew(UploadedFile $uploadFile, string $type, int $uploadedTo = 0, int $resizeWidth = null, int $resizeHeight = null, bool $keepRatio = true): Image
{
$image = $this->imageService->saveNewFromUpload($uploadFile, $type, $uploadedTo, $resizeWidth, $resizeHeight, $keepRatio);
$this->loadThumbs($image);
@ -161,29 +133,22 @@ class ImageRepo
}
/**
* Save a drawing the the database;
* @param string $base64Uri
* @param int $uploadedTo
* @return Image
* @throws \BookStack\Exceptions\ImageUploadException
* Save a drawing the the database.
* @throws ImageUploadException
*/
public function saveDrawing(string $base64Uri, int $uploadedTo)
public function saveDrawing(string $base64Uri, int $uploadedTo): Image
{
$name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png';
$image = $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
return $image;
return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
}
/**
* Update the details of an image via an array of properties.
* @param Image $image
* @param array $updateDetails
* @return Image
* @throws \BookStack\Exceptions\ImageUploadException
* @throws \Exception
* @throws ImageUploadException
* @throws Exception
*/
public function updateImageDetails(Image $image, $updateDetails)
public function updateImageDetails(Image $image, $updateDetails): Image
{
$image->fill($updateDetails);
$image->save();
@ -191,14 +156,11 @@ class ImageRepo
return $image;
}
/**
* Destroys an Image object along with its revisions, files and thumbnails.
* @param Image $image
* @return bool
* @throws \Exception
* @throws Exception
*/
public function destroyImage(Image $image = null)
public function destroyImage(Image $image = null): bool
{
if ($image) {
$this->imageService->destroy($image);
@ -208,8 +170,7 @@ class ImageRepo
/**
* Destroy all images of a certain type.
* @param string $imageType
* @throws \Exception
* @throws Exception
*/
public function destroyByType(string $imageType)
{
@ -222,9 +183,7 @@ class ImageRepo
/**
* Load thumbnails onto an image object.
* @param Image $image
* @throws \BookStack\Exceptions\ImageUploadException
* @throws \Exception
* @throws Exception
*/
protected function loadThumbs(Image $image)
{
@ -238,42 +197,33 @@ class ImageRepo
* Get the thumbnail for an image.
* If $keepRatio is true only the width will be used.
* Checks the cache then storage to avoid creating / accessing the filesystem on every check.
* @param Image $image
* @param int $width
* @param int $height
* @param bool $keepRatio
* @return string
* @throws \BookStack\Exceptions\ImageUploadException
* @throws \Exception
* @throws Exception
*/
protected function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false)
protected function getThumbnail(Image $image, ?int $width = 220, ?int $height = 220, bool $keepRatio = false): ?string
{
try {
return $this->imageService->getThumbnail($image, $width, $height, $keepRatio);
} catch (\Exception $exception) {
} catch (Exception $exception) {
return null;
}
}
/**
* Get the raw image data from an Image.
* @param Image $image
* @return null|string
*/
public function getImageData(Image $image)
public function getImageData(Image $image): ?string
{
try {
return $this->imageService->getImageData($image);
} catch (\Exception $exception) {
} catch (Exception $exception) {
return null;
}
}
/**
* Get the validation rules for image files.
* @return string
*/
public function getImageValidationRules()
public function getImageValidationRules(): string
{
return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
}

11
app/Uploads/ImageService.php
View File

@ -254,7 +254,16 @@ class ImageService extends UploadService
} else {
$thumb->fit($width, $height);
}
return (string)$thumb->encode();
$thumbData = (string)$thumb->encode();
// Use original image data if we're keeping the ratio
// and the resizing does not save any space.
if ($keepRatio && strlen($thumbData) > strlen($imageData)) {
return $imageData;
}
return $thumbData;
}
/**

5
app/helpers.php
View File

@ -42,7 +42,6 @@ function user(): User
/**
* Check if current user is a signed in user.
* @return bool
*/
function signedInUser(): bool
{
@ -51,7 +50,6 @@ function signedInUser(): bool
/**
* Check if the current user has general access.
* @return bool
*/
function hasAppAccess(): bool
{
@ -62,9 +60,6 @@ function hasAppAccess(): bool
* Check if the current user has a permission.
* If an ownable element is passed in the jointPermissions are checked against
* that particular item.
* @param string $permission
* @param Ownable $ownable
* @return bool
*/
function userCan(string $permission, Ownable $ownable = null): bool
{

8
composer.json
View File

@ -19,7 +19,7 @@
"fideloper/proxy": "^4.0",
"gathercontent/htmldiff": "^0.2.1",
"intervention/image": "^2.5",
"laravel/framework": "^6.0",
"laravel/framework": "^6.12",
"laravel/socialite": "^4.2",
"league/flysystem-aws-s3-v3": "^1.0",
"onelogin/php-saml": "^3.3",
@ -29,16 +29,16 @@
"socialiteproviders/microsoft-azure": "^3.0",
"socialiteproviders/okta": "^1.0",
"socialiteproviders/slack": "^3.0",
"socialiteproviders/twitch": "^5.0"
"socialiteproviders/twitch": "^5.0",
"facade/ignition": "^1.4",
"nunomaduro/collision": "^3.0"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.2.8",
"barryvdh/laravel-ide-helper": "^2.6.4",
"facade/ignition": "^1.4",
"fzaninotto/faker": "^1.4",
"laravel/browser-kit-testing": "^5.1",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^3.0",
"phpunit/phpunit": "^8.0",
"squizlabs/php_codesniffer": "^3.4",
"wnx/laravel-stats": "^2.0"

1960
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

4
database/migrations/2019_07_07_112515_add_template_support.php
View File

@ -46,9 +46,9 @@ class AddTemplateSupport extends Migration
// Remove templates-manage permission
$templatesManagePermission = DB::table('role_permissions')
->where('name', '=', 'templates_manage')->first();
->where('name', '=', 'templates-manage')->first();
DB::table('permission_role')->where('permission_id', '=', $templatesManagePermission->id)->delete();
DB::table('role_permissions')->where('name', '=', 'templates_manage')->delete();
DB::table('role_permissions')->where('name', '=', 'templates-manage')->delete();
}
}

60
database/migrations/2019_12_29_120917_add_api_auth.php Normal file
View File

@ -0,0 +1,60 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Schema;
class AddApiAuth extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
// Add API tokens table
Schema::create('api_tokens', function(Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('token_id')->unique();
$table->string('secret');
$table->integer('user_id')->unsigned()->index();
$table->date('expires_at')->index();
$table->nullableTimestamps();
});
// Add access-api permission
$adminRoleId = DB::table('roles')->where('system_name', '=', 'admin')->first()->id;
$permissionId = DB::table('role_permissions')->insertGetId([
'name' => 'access-api',
'display_name' => 'Access system API',
'created_at' => Carbon::now()->toDateTimeString(),
'updated_at' => Carbon::now()->toDateTimeString()
]);
DB::table('permission_role')->insert([
'role_id' => $adminRoleId,
'permission_id' => $permissionId
]);
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
// Remove API tokens table
Schema::dropIfExists('api_tokens');
// Remove access-api permission
$apiAccessPermission = DB::table('role_permissions')
->where('name', '=', 'access-api')->first();
DB::table('permission_role')->where('permission_id', '=', $apiAccessPermission->id)->delete();
DB::table('role_permissions')->where('name', '=', 'access-api')->delete();
}
}

14
database/seeds/DummyContentSeeder.php
View File

@ -1,6 +1,8 @@
<?php
use BookStack\Api\ApiToken;
use BookStack\Auth\Permissions\PermissionService;
use BookStack\Auth\Permissions\RolePermission;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use BookStack\Entities\Bookshelf;
@ -52,6 +54,18 @@ class DummyContentSeeder extends Seeder
$shelves = factory(Bookshelf::class, 10)->create($byData);
$largeBook->shelves()->attach($shelves->pluck('id'));
// Assign API permission to editor role and create an API key
$apiPermission = RolePermission::getByName('access-api');
$editorRole->attachPermission($apiPermission);
$token = (new ApiToken())->forceFill([
'user_id' => $editorUser->id,
'name' => 'Testing API key',
'expires_at' => ApiToken::defaultExpiry(),
'secret' => Hash::make('password'),
'token_id' => 'apitoken',
]);
$token->save();
app(PermissionService::class)->buildJointPermissions();
app(SearchService::class)->indexAllEntities();
}

4
dev/api/requests/books-create.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "My own book",
"description": "This is my own little book"
}

4
dev/api/requests/books-update.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "My updated book",
"description": "This is my book with updated details"
}

10
dev/api/responses/books-create.json Normal file
View File

@ -0,0 +1,10 @@
{
"name": "My new book",
"description": "This is a book created via the API",
"created_by": 1,
"updated_by": 1,
"slug": "my-new-book",
"updated_at": "2020-01-12 14:05:11",
"created_at": "2020-01-12 14:05:11",
"id": 15
}

27
dev/api/responses/books-list.json Normal file
View File

@ -0,0 +1,27 @@
{
"data": [
{
"id": 1,
"name": "BookStack User Guide",
"slug": "bookstack-user-guide",
"description": "This is a general guide on using BookStack on a day-to-day basis.",
"created_at": "2019-05-05 21:48:46",
"updated_at": "2019-12-11 20:57:31",
"created_by": 1,
"updated_by": 1,
"image_id": 3
},
{
"id": 2,
"name": "Inventore inventore quia voluptatem.",
"slug": "inventore-inventore-quia-voluptatem",
"description": "Veniam nihil voluptas enim laborum corporis quos sint. Ab rerum voluptas ut iste voluptas magni quibusdam ut. Amet omnis enim voluptate neque facilis.",
"created_at": "2019-05-05 22:10:14",
"updated_at": "2019-12-11 20:57:23",
"created_by": 4,
"updated_by": 3,
"image_id": 34
}
],
"total": 14
}

47
dev/api/responses/books-read.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": 16,
"name": "My own book",
"slug": "my-own-book",
"description": "This is my own little book",
"created_at": "2020-01-12 14:09:59",
"updated_at": "2020-01-12 14:11:51",
"created_by": {
"id": 1,
"name": "Admin",
"created_at": "2019-05-05 21:15:13",
"updated_at": "2019-12-16 12:18:37",
"image_id": 48
},
"updated_by": {
"id": 1,
"name": "Admin",
"created_at": "2019-05-05 21:15:13",
"updated_at": "2019-12-16 12:18:37",
"image_id": 48
},
"image_id": 452,
"tags": [
{
"id": 13,
"entity_id": 16,
"entity_type": "BookStack\\Book",
"name": "Category",
"value": "Guide",
"order": 0,
"created_at": "2020-01-12 14:11:51",
"updated_at": "2020-01-12 14:11:51"
}
],
"cover": {
"id": 452,
"name": "sjovall_m117hUWMu40.jpg",
"url": "http:\/\/bookstack.local\/uploads\/images\/cover_book\/2020-01\/sjovall_m117hUWMu40.jpg",
"created_at": "2020-01-12 14:11:51",
"updated_at": "2020-01-12 14:11:51",
"created_by": 1,
"updated_by": 1,
"path": "\/uploads\/images\/cover_book\/2020-01\/sjovall_m117hUWMu40.jpg",
"type": "cover_book",
"uploaded_to": 16
}
}

11
dev/api/responses/books-update.json Normal file
View File

@ -0,0 +1,11 @@
{
"id": 16,
"name": "My own book",
"slug": "my-own-book",
"description": "This is my own little book - updated",
"created_at": "2020-01-12 14:09:59",
"updated_at": "2020-01-12 14:16:10",
"created_by": 1,
"updated_by": 1,
"image_id": 452
}

1636
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

26
package.json
View File

@ -10,25 +10,25 @@
"permissions": "chown -R $USER:$USER bootstrap/cache storage public/uploads"
},
"devDependencies": {
"css-loader": "^2.1.1",
"livereload": "^0.8.0",
"mini-css-extract-plugin": "^0.7.0",
"node-sass": "^4.12.0",
"css-loader": "^3.4.0",
"livereload": "^0.8.2",
"mini-css-extract-plugin": "^0.9.0",
"node-sass": "^4.13.0",
"npm-run-all": "^4.1.5",
"sass-loader": "^7.1.0",
"style-loader": "^0.23.1",
"webpack": "^4.32.2",
"webpack-cli": "^3.3.2"
"sass-loader": "^8.0.0",
"style-loader": "^1.1.1",
"webpack": "^4.41.4",
"webpack-cli": "^3.3.10"
},
"dependencies": {
"clipboard": "^2.0.4",
"codemirror": "^5.47.0",
"codemirror": "^5.50.0",
"dropzone": "^5.5.1",
"markdown-it": "^8.4.2",
"markdown-it": "^10.0.0",
"markdown-it-task-lists": "^2.1.1",
"sortablejs": "^1.9.0",
"vue": "^2.6.10",
"vuedraggable": "^2.21.0"
"sortablejs": "^1.10.1",
"vue": "^2.6.11",
"vuedraggable": "^2.23.2"
},
"browser": {
"vue": "vue/dist/vue.common.js"

2
phpunit.xml
View File

@ -22,6 +22,7 @@
<server name="APP_ENV" value="testing"/>
<server name="APP_DEBUG" value="false"/>
<server name="APP_LANG" value="en"/>
<server name="APP_THEME" value="none"/>
<server name="APP_AUTO_LANG_PUBLIC" value="true"/>
<server name="CACHE_DRIVER" value="array"/>
<server name="SESSION_DRIVER" value="array"/>
@ -49,5 +50,6 @@
<server name="APP_URL" value="http://bookstack.dev"/>
<server name="DEBUGBAR_ENABLED" value="false"/>
<server name="SAML2_ENABLED" value="false"/>
<server name="API_REQUESTS_PER_MIN" value="180"/>
</php>
</phpunit>

24
readme.md
View File

@ -2,10 +2,11 @@
[![GitHub release](https://img.shields.io/github/release/BookStackApp/BookStack.svg)](https://github.com/BookStackApp/BookStack/releases/latest)
[![license](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/BookStackApp/BookStack/blob/master/LICENSE)
[![Crowdin](https://badges.crowdin.net/bookstack/localized.svg)](https://crowdin.com/project/bookstack)
[![Build Status](https://github.com/BookStackApp/BookStack/workflows/phpunit/badge.svg)](https://github.com/BookStackApp/BookStack/actions)
[![Discord](https://img.shields.io/static/v1?label=Chat&message=Discord&color=738adb&logo=discord)](https://discord.gg/ztkBqR2)
A platform for storing and organising information and documentation. General information and documentation for BookStack can be found at https://www.bookstackapp.com/.
A platform for storing and organising information and documentation. Details for BookStack can be found on the official website at https://www.bookstackapp.com/.
* [Installation Instructions](https://www.bookstackapp.com/docs/admin/installation)
* [Documentation](https://www.bookstackapp.com/docs)
@ -25,7 +26,7 @@ In regards to development philosophy, BookStack has a relaxed, open & positive a
Below is a high-level road map view for BookStack to provide a sense of direction of where the project is going. This can change at any point and does not reflect many features and improvements that will also be included as part of the journey along this road map. For more granular detail of what will be included in upcoming releases you can review the project milestones as defined in the "Release Process" section below.
- **Platform REST API** *(In Design)*
- **Platform REST API** *(Base Implemented, In review and roll-out)*
- *A REST API covering, at minimum, control of core content models (Books, Chapters, Pages) for automation and platform extension.*
- **Editor Alignment & Review**
- *Review the page editors with goal of achieving increased interoperability & feature parity while also considering collaborative editing potential.*
@ -107,22 +108,11 @@ The docker-compose setup runs an instance of [MailHog](https://github.com/mailho
## 🌎 Translations
All text strings can be found in the `resources/lang` folder where each language option has its own folder. To add a new language you should copy the `en` folder to an new folder (eg. `fr` for french) then go through and translate all text strings in those files, leaving the keys and file-names intact. If a language string is missing then the `en` translation will be used. To show the language option in the user preferences language drop-down you will need to add your language to the options found at the bottom of the `resources/lang/en/settings.php` file. A system-wide language can also be set in the `.env` file like so: `APP_LANG=en`.
Translations for text within BookStack is managed through the [BookStack project on Crowdin](https://crowdin.com/project/bookstack). Some strings have colon-prefixed variables in such as `:userName`. Leave these values as they are as they will be replaced at run-time. Crowdin is the preferred way to provide translations, otherwise the raw translations files can be found within the `resources/lang` path.
You will also need to add the language to the `locales` array in the `config/app.php` file.
If you'd like a new language to be added to Crowdin, for you to be able to provide translations for, please [open a new issue here](https://github.com/BookStackApp/BookStack/issues/new?template=language_request.md).
There is a script available which compares translation content to `en` files to see what items are missing or redundant. This can be ran like so from your BookStack install folder:
```bash
# Syntax
php resources/lang/check.php <lang>
# Examples
php resources/lang/check.php fr
php resources/lang/check.php pt_BR
```
Some strings have colon-prefixed variables in such as `:userName`. Leave these values as they are as they will be replaced at run-time.
Please note, translations in BookStack are provided to the "Crowdin Global Translation Memory" which helps BookStack and other projects with finding translations. If you are not happy with contributing to this then providing translations to BookStack, even manually via GitHub, is not advised.
## 🎁 Contributing, Issues & Pull Requests
@ -156,6 +146,8 @@ The BookStack source is provided under the MIT License. The libraries used by, a
The great people that have worked to build and improve BookStack can [be seen here](https://github.com/BookStackApp/BookStack/graphs/contributors).
The wonderful people that have provided translations, either through GitHub or via Crowdin [can be seen here](https://github.com/BookStackApp/BookStack/blob/master/.github/translators.txt).
These are the great open-source projects used to help build BookStack:
* [Laravel](http://laravel.com/)

1
resources/icons/fullscreen.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M7 14H5v5h5v-2H7v-3zm-2-4h2V7h3V5H5v5zm12 7h-3v2h5v-5h-2v3zM14 5v2h3v3h2V5h-5z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 156 B

10
resources/js/components/code-highlighter.js Normal file
View File

@ -0,0 +1,10 @@
import Code from "../services/code"
class CodeHighlighter {
constructor(elem) {
Code.highlightWithin(elem);
}
}
export default CodeHighlighter;

9
resources/js/components/collapsible.js
View File

@ -12,8 +12,8 @@ class Collapsible {
this.content = elem.querySelector('[collapsible-content]');
if (!this.trigger) return;
this.trigger.addEventListener('click', this.toggle.bind(this));
this.openIfContainsError();
}
open() {
@ -36,6 +36,13 @@ class Collapsible {
}
}
openIfContainsError() {
const error = this.content.querySelector('.text-neg');
if (error) {
this.open();
}
}
}
export default Collapsible;

18
resources/js/components/details-highlighter.js Normal file
View File

@ -0,0 +1,18 @@
import Code from "../services/code"
class DetailsHighlighter {
constructor(elem) {
this.elem = elem;
this.dealtWith = false;
elem.addEventListener('toggle', this.onToggle.bind(this));
}
onToggle() {
if (this.dealtWith) return;
Code.highlightWithin(this.elem);
this.dealtWith = true;
}
}
export default DetailsHighlighter;

6
resources/js/components/index.js
View File

@ -26,9 +26,12 @@ import permissionsTable from "./permissions-table";
import customCheckbox from "./custom-checkbox";
import bookSort from "./book-sort";
import settingAppColorPicker from "./setting-app-color-picker";
import settingColorPicker from "./setting-color-picker";
import entityPermissionsEditor from "./entity-permissions-editor";
import templateManager from "./template-manager";
import newUserPassword from "./new-user-password";
import detailsHighlighter from "./details-highlighter";
import codeHighlighter from "./code-highlighter";
const componentMapping = {
'dropdown': dropdown,
@ -59,9 +62,12 @@ const componentMapping = {
'custom-checkbox': customCheckbox,
'book-sort': bookSort,
'setting-app-color-picker': settingAppColorPicker,
'setting-color-picker': settingColorPicker,
'entity-permissions-editor': entityPermissionsEditor,
'template-manager': templateManager,
'new-user-password': newUserPassword,
'details-highlighter': detailsHighlighter,
'code-highlighter': codeHighlighter,
};
window.components = {};

35
resources/js/components/markdown-editor.js
View File

@ -1,6 +1,7 @@
import MarkdownIt from "markdown-it";
import mdTasksLists from 'markdown-it-task-lists';
import code from '../services/code';
import Clipboard from "../services/clipboard";
import {debounce} from "../services/util";
import DrawIO from "../services/drawio";
@ -75,6 +76,7 @@ class MarkdownEditor {
return;
}
if (action === 'insertDrawing') this.actionStartDrawing();
if (action === 'fullscreen') this.actionFullScreen();
});
// Mobile section toggling
@ -215,20 +217,16 @@ class MarkdownEditor {
// Handle image paste
cm.on('paste', (cm, event) => {
const clipboardItems = event.clipboardData.items;
if (!event.clipboardData || !clipboardItems) return;
const clipboard = new Clipboard(event.clipboardData || event.dataTransfer);
// Don't handle if clipboard includes text content
for (let clipboardItem of clipboardItems) {
if (clipboardItem.type.includes('text/')) {
return;
}
// Don't handle the event ourselves if no items exist of contains table-looking data
if (!clipboard.hasItems() || clipboard.containsTabularData()) {
return;
}
for (let clipboardItem of clipboardItems) {
if (clipboardItem.type.includes("image")) {
uploadImage(clipboardItem.getAsFile());
}
const images = clipboard.getImages();
for (const image of images) {
uploadImage(image);
}
});
@ -246,13 +244,15 @@ class MarkdownEditor {
});
}
if (event.dataTransfer && event.dataTransfer.files && event.dataTransfer.files.length > 0) {
const clipboard = new Clipboard(event.dataTransfer);
if (clipboard.hasItems()) {
const cursorPos = cm.coordsChar({left: event.pageX, top: event.pageY});
cm.setCursor(cursorPos);
event.stopPropagation();
event.preventDefault();
for (let i = 0; i < event.dataTransfer.files.length; i++) {
uploadImage(event.dataTransfer.files[i]);
const images = clipboard.getImages();
for (const image of images) {
uploadImage(image);
}
}
@ -481,6 +481,13 @@ class MarkdownEditor {
});
}
// Make the editor full screen
actionFullScreen() {
const alreadyFullscreen = this.elem.classList.contains('fullscreen');
this.elem.classList.toggle('fullscreen', !alreadyFullscreen);
document.body.classList.toggle('markdown-fullscreen', !alreadyFullscreen);
}
// Scroll to a specified text
scrollToText(searchText) {
if (!searchText) {

29
resources/js/components/overlay.js
View File

@ -1,3 +1,4 @@
import {fadeIn, fadeOut} from "../services/animations";
class Overlay {
@ -19,29 +20,15 @@ class Overlay {
}
}
hide() { this.toggle(false); }
show() { this.toggle(true); }
hide(onComplete = null) { this.toggle(false, onComplete); }
show(onComplete = null) { this.toggle(true, onComplete); }
toggle(show = true) {
let start = Date.now();
let duration = 240;
function setOpacity() {
let elapsedTime = (Date.now() - start);
let targetOpacity = show ? (elapsedTime / duration) : 1-(elapsedTime / duration);
this.container.style.opacity = targetOpacity;
if (elapsedTime > duration) {
this.container.style.display = show ? 'flex' : 'none';
if (show) {
this.focusOnBody();
}
this.container.style.opacity = '';
} else {
requestAnimationFrame(setOpacity.bind(this));
}
toggle(show = true, onComplete) {
if (show) {
fadeIn(this.container, 240, onComplete);
} else {
fadeOut(this.container, 240, onComplete);
}
requestAnimationFrame(setOpacity.bind(this));
}
focusOnBody() {

9
resources/js/components/setting-app-color-picker.js
View File

@ -6,11 +6,16 @@ class SettingAppColorPicker {
this.colorInput = elem.querySelector('input[type=color]');
this.lightColorInput = elem.querySelector('input[name="setting-app-color-light"]');
this.resetButton = elem.querySelector('[setting-app-color-picker-reset]');
this.defaultButton = elem.querySelector('[setting-app-color-picker-default]');
this.colorInput.addEventListener('change', this.updateColor.bind(this));
this.colorInput.addEventListener('input', this.updateColor.bind(this));
this.resetButton.addEventListener('click', event => {
this.colorInput.value = '#206ea7';
this.colorInput.value = this.colorInput.dataset.current;
this.updateColor();
});
this.defaultButton.addEventListener('click', event => {
this.colorInput.value = this.colorInput.dataset.default;
this.updateColor();
});
}
@ -53,4 +58,4 @@ class SettingAppColorPicker {
}
export default SettingAppColorPicker;
export default SettingAppColorPicker;

18
resources/js/components/setting-color-picker.js Normal file
View File

@ -0,0 +1,18 @@
class SettingColorPicker {
constructor(elem) {
this.elem = elem;
this.colorInput = elem.querySelector('input[type=color]');
this.resetButton = elem.querySelector('[setting-color-picker-reset]');
this.defaultButton = elem.querySelector('[setting-color-picker-default]');
this.resetButton.addEventListener('click', event => {
this.colorInput.value = this.colorInput.dataset.current;
});
this.defaultButton.addEventListener('click', event => {
this.colorInput.value = this.colorInput.dataset.default;
});
}
}
export default SettingColorPicker;

72
resources/js/components/wysiwyg-editor.js
View File

@ -1,5 +1,6 @@
import Code from "../services/code";
import DrawIO from "../services/drawio";
import Clipboard from "../services/clipboard";
/**
* Handle pasting images from clipboard.
@ -8,30 +9,33 @@ import DrawIO from "../services/drawio";
* @param editor
*/
function editorPaste(event, editor, wysiwygComponent) {
const clipboardItems = event.clipboardData.items;
if (!event.clipboardData || !clipboardItems) return;
const clipboard = new Clipboard(event.clipboardData || event.dataTransfer);
// Don't handle if clipboard includes text content
for (let clipboardItem of clipboardItems) {
if (clipboardItem.type.includes('text/')) {
return;
}
// Don't handle the event ourselves if no items exist of contains table-looking data
if (!clipboard.hasItems() || clipboard.containsTabularData()) {
return;
}
for (let clipboardItem of clipboardItems) {
if (!clipboardItem.type.includes("image")) {
continue;
}
const images = clipboard.getImages();
for (const imageFile of images) {
const id = "image-" + Math.random().toString(16).slice(2);
const loadingImage = window.baseUrl('/loading.gif');
const file = clipboardItem.getAsFile();
event.preventDefault();
setTimeout(() => {
editor.insertContent(`<p><img src="${loadingImage}" id="${id}"></p>`);
uploadImageFile(file, wysiwygComponent).then(resp => {
editor.dom.setAttrib(id, 'src', resp.thumbs.display);
uploadImageFile(imageFile, wysiwygComponent).then(resp => {
const safeName = resp.name.replace(/"/g, '');
const newImageHtml = `<img src="${resp.thumbs.display}" alt="${safeName}" />`;
const newEl = editor.dom.create('a', {
target: '_blank',
href: resp.url,
}, newImageHtml);
editor.dom.replace(newEl, id);
}).catch(err => {
editor.dom.remove(id);
window.$events.emit('error', trans('errors.image_upload_error'));
@ -160,7 +164,7 @@ function codePlugin() {
let cmInstance = editorElem.CodeMirror;
if (cmInstance) {
Code.setContent(cmInstance, code);
Code.setMode(cmInstance, lang);
Code.setMode(cmInstance, lang, code);
}
let textArea = selectedNode.querySelector('textarea');
if (textArea) textArea.textContent = code;
@ -589,6 +593,7 @@ class WysiwygEditor {
registerEditorShortcuts(editor);
let wrap;
let draggedContentEditable;
function hasTextContent(node) {
return node && !!( node.textContent || node.innerText );
@ -597,12 +602,19 @@ class WysiwygEditor {
editor.on('dragstart', function () {
let node = editor.selection.getNode();
if (node.nodeName !== 'IMG') return;
wrap = editor.dom.getParent(node, '.mceTemp');
if (node.nodeName === 'IMG') {
wrap = editor.dom.getParent(node, '.mceTemp');
if (!wrap && node.parentNode.nodeName === 'A' && !hasTextContent(node.parentNode)) {
wrap = node.parentNode;
if (!wrap && node.parentNode.nodeName === 'A' && !hasTextContent(node.parentNode)) {
wrap = node.parentNode;
}
}
// Track dragged contenteditable blocks
if (node.hasAttribute('contenteditable') && node.getAttribute('contenteditable') === 'false') {
draggedContentEditable = node;
}
});
editor.on('drop', function (event) {
@ -610,7 +622,7 @@ class WysiwygEditor {
rng = tinymce.dom.RangeUtils.getCaretRangeFromPoint(event.clientX, event.clientY, editor.getDoc());
// Template insertion
const templateId = event.dataTransfer.getData('bookstack/template');
const templateId = event.dataTransfer && event.dataTransfer.getData('bookstack/template');
if (templateId) {
event.preventDefault();
window.$http.get(`/templates/${templateId}`).then(resp => {
@ -634,6 +646,26 @@ class WysiwygEditor {
});
}
// Handle contenteditable section drop
if (!event.isDefaultPrevented() && draggedContentEditable) {
event.preventDefault();
editor.undoManager.transact(function () {
const selectedNode = editor.selection.getNode();
const range = editor.selection.getRng();
const selectedNodeRoot = selectedNode.closest('body > *');
if (range.startOffset > (range.startContainer.length / 2)) {
editor.$(selectedNodeRoot).after(draggedContentEditable);
} else {
editor.$(selectedNodeRoot).before(draggedContentEditable);
}
});
}
// Handle image insert
if (!event.isDefaultPrevented()) {
editorPaste(event, editor, context);
}
wrap = null;
});

Some files were not shown because too many files have changed in this diff Show More