mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 05:36:00 +00:00
Set more appropriate login validation and broken up LDAP guide a bit
This commit is contained in:
parent
575b85021d
commit
7728931f15
@ -75,29 +75,8 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
|
|||||||
$user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
|
$user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
|
||||||
}
|
}
|
||||||
|
|
||||||
$providedEmail = ($credentials['email'] ?? false);
|
$this->checkForUserEmail($user, $credentials['email'] ?? '');
|
||||||
|
$this->saveIfNew($user);
|
||||||
// Request email if missing from LDAP and model and missing from request
|
|
||||||
if (is_null($user->email) && !$providedEmail) {
|
|
||||||
throw new LoginAttemptEmailNeededException();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add email to model if non-existing and email provided in request
|
|
||||||
if (!$user->exists && $user->email === null && $providedEmail) {
|
|
||||||
$user->email = $providedEmail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$user->exists) {
|
|
||||||
// Check for existing users with same email
|
|
||||||
$alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
|
|
||||||
if ($alreadyUser) {
|
|
||||||
throw new LoginAttemptException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
|
|
||||||
}
|
|
||||||
|
|
||||||
$user->save();
|
|
||||||
$this->userRepo->attachDefaultRole($user);
|
|
||||||
$this->userRepo->downloadAndAssignUserAvatar($user);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sync LDAP groups if required
|
// Sync LDAP groups if required
|
||||||
if ($this->ldapService->shouldSyncGroups()) {
|
if ($this->ldapService->shouldSyncGroups()) {
|
||||||
@ -108,6 +87,46 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Save the give user if they don't yet existing in the system.
|
||||||
|
* @throws LoginAttemptException
|
||||||
|
*/
|
||||||
|
protected function saveIfNew(User $user)
|
||||||
|
{
|
||||||
|
if ($user->exists) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check for existing users with same email
|
||||||
|
$alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
|
||||||
|
if ($alreadyUser) {
|
||||||
|
throw new LoginAttemptException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
|
||||||
|
}
|
||||||
|
|
||||||
|
$user->save();
|
||||||
|
$this->userRepo->attachDefaultRole($user);
|
||||||
|
$this->userRepo->downloadAndAssignUserAvatar($user);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Ensure the given user has an email.
|
||||||
|
* Takes the provided email in the request if a value is provided
|
||||||
|
* and the user does not have an existing email.
|
||||||
|
* @throws LoginAttemptEmailNeededException
|
||||||
|
*/
|
||||||
|
protected function checkForUserEmail(User $user, string $providedEmail)
|
||||||
|
{
|
||||||
|
// Request email if missing from user and missing from request
|
||||||
|
if (is_null($user->email) && !$providedEmail) {
|
||||||
|
throw new LoginAttemptEmailNeededException();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add email to model if non-existing and email provided in request
|
||||||
|
if (!$user->exists && is_null($user->email) && $providedEmail) {
|
||||||
|
$user->email = $providedEmail;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a fresh user instance from details provided by a LDAP lookup.
|
* Create a fresh user instance from details provided by a LDAP lookup.
|
||||||
*/
|
*/
|
||||||
|
@ -119,6 +119,43 @@ class LoginController extends Controller
|
|||||||
return $this->sendFailedLoginResponse($request);
|
return $this->sendFailedLoginResponse($request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validate the user login request.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @return void
|
||||||
|
*
|
||||||
|
* @throws \Illuminate\Validation\ValidationException
|
||||||
|
*/
|
||||||
|
protected function validateLogin(Request $request)
|
||||||
|
{
|
||||||
|
$rules = [];
|
||||||
|
$authMethod = config('auth.method');
|
||||||
|
|
||||||
|
if ($authMethod === 'standard') {
|
||||||
|
$rules = [
|
||||||
|
'email' => 'required|string|email',
|
||||||
|
'password' => 'required|string'
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($authMethod === 'ldap') {
|
||||||
|
$rules = [
|
||||||
|
'username' => 'required|string',
|
||||||
|
'password' => 'required|string',
|
||||||
|
'email' => 'email',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($authMethod === 'saml2') {
|
||||||
|
$rules = [
|
||||||
|
'email' => 'email',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
$request->validate($rules);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Send a response when a login attempt exception occurs.
|
* Send a response when a login attempt exception occurs.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user