mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
Added files missed in previous commit
This commit is contained in:
parent
3470a6a140
commit
e743cd3f60
@ -121,7 +121,7 @@ STORAGE_S3_ENDPOINT=https://my-custom-s3-compatible.service.com:8001
|
||||
STORAGE_URL=false
|
||||
|
||||
# Authentication method to use
|
||||
# Can be 'standard' or 'ldap'
|
||||
# Can be 'standard', 'ldap' or 'saml2'
|
||||
AUTH_METHOD=standard
|
||||
|
||||
# Social authentication configuration
|
||||
@ -205,8 +205,6 @@ LDAP_REMOVE_FROM_GROUPS=false
|
||||
# SAML authentication configuration
|
||||
# Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
|
||||
SAML2_NAME=SSO
|
||||
SAML2_ENABLED=false
|
||||
SAML2_AUTO_REGISTER=true
|
||||
SAML2_EMAIL_ATTRIBUTE=email
|
||||
SAML2_DISPLAY_NAME_ATTRIBUTES=username
|
||||
SAML2_EXTERNAL_ID_ATTRIBUTE=null
|
||||
|
@ -2,6 +2,10 @@
|
||||
|
||||
namespace BookStack\Auth\Access\Guards;
|
||||
|
||||
use BookStack\Auth\User;
|
||||
use BookStack\Auth\UserRepo;
|
||||
use BookStack\Exceptions\LoginAttemptEmailNeededException;
|
||||
use BookStack\Exceptions\LoginAttemptException;
|
||||
use Illuminate\Auth\GuardHelpers;
|
||||
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
|
||||
use Illuminate\Contracts\Auth\StatefulGuard;
|
||||
@ -51,21 +55,24 @@ class ExternalBaseSessionGuard implements StatefulGuard
|
||||
*/
|
||||
protected $loggedOut = false;
|
||||
|
||||
/**
|
||||
* Repository to perform user-specific actions.
|
||||
*
|
||||
* @var UserRepo
|
||||
*/
|
||||
protected $userRepo;
|
||||
|
||||
/**
|
||||
* Create a new authentication guard.
|
||||
*
|
||||
* @param string $name
|
||||
* @param \Illuminate\Contracts\Auth\UserProvider $provider
|
||||
* @param \Illuminate\Contracts\Session\Session $session
|
||||
* @return void
|
||||
*/
|
||||
public function __construct($name,
|
||||
UserProvider $provider,
|
||||
Session $session)
|
||||
public function __construct(string $name, UserProvider $provider, Session $session, UserRepo $userRepo)
|
||||
{
|
||||
$this->name = $name;
|
||||
$this->session = $session;
|
||||
$this->provider = $provider;
|
||||
$this->userRepo = $userRepo;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -15,7 +15,6 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
|
||||
{
|
||||
|
||||
protected $ldapService;
|
||||
protected $userRepo;
|
||||
|
||||
/**
|
||||
* LdapSessionGuard constructor.
|
||||
@ -28,8 +27,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
|
||||
)
|
||||
{
|
||||
$this->ldapService = $ldapService;
|
||||
$this->userRepo = $userRepo;
|
||||
parent::__construct($name, $provider, $session);
|
||||
parent::__construct($name, $provider, $session, $userRepo);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -2,49 +2,27 @@
|
||||
|
||||
namespace BookStack\Auth\Access\Guards;
|
||||
|
||||
use BookStack\Auth\Access\LdapService;
|
||||
use BookStack\Auth\User;
|
||||
use BookStack\Auth\UserRepo;
|
||||
use BookStack\Exceptions\LdapException;
|
||||
use BookStack\Exceptions\LoginAttemptException;
|
||||
use BookStack\Exceptions\LoginAttemptEmailNeededException;
|
||||
use Illuminate\Contracts\Auth\UserProvider;
|
||||
use Illuminate\Contracts\Session\Session;
|
||||
|
||||
class LdapSessionGuard extends ExternalBaseSessionGuard
|
||||
/**
|
||||
* Saml2 Session Guard
|
||||
*
|
||||
* The saml2 login process is async in nature meaning it does not fit very well
|
||||
* into the default laravel 'Guard' auth flow. Instead most of the logic is done
|
||||
* via the Saml2 controller & Saml2Service. This class provides a safer, thin
|
||||
* version of SessionGuard.
|
||||
*
|
||||
* @package BookStack\Auth\Access\Guards
|
||||
*/
|
||||
class Saml2SessionGuard extends ExternalBaseSessionGuard
|
||||
{
|
||||
|
||||
protected $ldapService;
|
||||
|
||||
/**
|
||||
* LdapSessionGuard constructor.
|
||||
*/
|
||||
public function __construct($name,
|
||||
UserProvider $provider,
|
||||
Session $session,
|
||||
LdapService $ldapService,
|
||||
UserRepo $userRepo
|
||||
)
|
||||
{
|
||||
$this->ldapService = $ldapService;
|
||||
parent::__construct($name, $provider, $session, $userRepo);
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate a user's credentials.
|
||||
*
|
||||
* @param array $credentials
|
||||
* @return bool
|
||||
* @throws LdapException
|
||||
*/
|
||||
public function validate(array $credentials = [])
|
||||
{
|
||||
$userDetails = $this->ldapService->getUserDetails($credentials['username']);
|
||||
$this->lastAttempted = $this->provider->retrieveByCredentials([
|
||||
'external_auth_id' => $userDetails['uid']
|
||||
]);
|
||||
|
||||
return $this->ldapService->validateUserCredentials($userDetails, $credentials['username'], $credentials['password']);
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -53,51 +31,10 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
|
||||
* @param array $credentials
|
||||
* @param bool $remember
|
||||
* @return bool
|
||||
* @throws LoginAttemptEmailNeededException
|
||||
* @throws LoginAttemptException
|
||||
* @throws LdapException
|
||||
*/
|
||||
public function attempt(array $credentials = [], $remember = false)
|
||||
{
|
||||
$username = $credentials['username'];
|
||||
$userDetails = $this->ldapService->getUserDetails($username);
|
||||
$this->lastAttempted = $user = $this->provider->retrieveByCredentials([
|
||||
'external_auth_id' => $userDetails['uid']
|
||||
]);
|
||||
|
||||
if (!$this->ldapService->validateUserCredentials($userDetails, $username, $credentials['password'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (is_null($user)) {
|
||||
$user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
|
||||
}
|
||||
|
||||
$this->checkForUserEmail($user, $credentials['email'] ?? '');
|
||||
$this->saveIfNew($user);
|
||||
|
||||
// Sync LDAP groups if required
|
||||
if ($this->ldapService->shouldSyncGroups()) {
|
||||
$this->ldapService->syncGroups($user, $username);
|
||||
}
|
||||
|
||||
$this->login($user, $remember);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a fresh user instance from details provided by a LDAP lookup.
|
||||
*/
|
||||
protected function freshUserInstanceFromLdapUserDetails(array $ldapUserDetails): User
|
||||
{
|
||||
$user = new User();
|
||||
|
||||
$user->name = $ldapUserDetails['name'];
|
||||
$user->external_auth_id = $ldapUserDetails['uid'];
|
||||
$user->email = $ldapUserDetails['email'];
|
||||
$user->email_confirmed = false;
|
||||
|
||||
return $user;
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -20,14 +20,15 @@ class RegistrationService
|
||||
$this->emailConfirmationService = $emailConfirmationService;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check whether or not registrations are allowed in the app settings.
|
||||
* @throws UserRegistrationException
|
||||
*/
|
||||
public function checkRegistrationAllowed()
|
||||
{
|
||||
if (!setting('registration-enabled') || config('auth.method') === 'ldap') {
|
||||
$authMethod = config('auth.method');
|
||||
$authMethodsWithRegistration = ['standard'];
|
||||
if (!setting('registration-enabled') || !in_array($authMethod, $authMethodsWithRegistration)) {
|
||||
throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login');
|
||||
}
|
||||
}
|
||||
|
@ -20,7 +20,6 @@ class Saml2Service extends ExternalAuthService
|
||||
protected $config;
|
||||
protected $userRepo;
|
||||
protected $user;
|
||||
protected $enabled;
|
||||
|
||||
/**
|
||||
* Saml2Service constructor.
|
||||
@ -30,7 +29,6 @@ class Saml2Service extends ExternalAuthService
|
||||
$this->config = config('saml2');
|
||||
$this->userRepo = $userRepo;
|
||||
$this->user = $user;
|
||||
$this->enabled = config('saml2.enabled') === true;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -204,7 +202,7 @@ class Saml2Service extends ExternalAuthService
|
||||
*/
|
||||
protected function shouldSyncGroups(): bool
|
||||
{
|
||||
return $this->enabled && $this->config['user_to_groups'] !== false;
|
||||
return $this->config['user_to_groups'] !== false;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -248,7 +246,7 @@ class Saml2Service extends ExternalAuthService
|
||||
/**
|
||||
* Extract the details of a user from a SAML response.
|
||||
*/
|
||||
public function getUserDetails(string $samlID, $samlAttributes): array
|
||||
protected function getUserDetails(string $samlID, $samlAttributes): array
|
||||
{
|
||||
$emailAttr = $this->config['email_attribute'];
|
||||
$externalId = $this->getExternalId($samlAttributes, $samlID);
|
||||
@ -329,7 +327,7 @@ class Saml2Service extends ExternalAuthService
|
||||
throw new SamlException(trans('errors.saml_email_exists', ['email' => $userDetails['email']]));
|
||||
}
|
||||
|
||||
$user = $this->user->forceCreate($userData);
|
||||
$user = $this->user->newQuery()->forceCreate($userData);
|
||||
$this->userRepo->attachDefaultRole($user);
|
||||
$this->userRepo->downloadAndAssignUserAvatar($user);
|
||||
return $user;
|
||||
@ -337,15 +335,15 @@ class Saml2Service extends ExternalAuthService
|
||||
|
||||
/**
|
||||
* Get the user from the database for the specified details.
|
||||
* @throws SamlException
|
||||
*/
|
||||
protected function getOrRegisterUser(array $userDetails): ?User
|
||||
{
|
||||
$isRegisterEnabled = $this->config['auto_register'] === true;
|
||||
$user = $this->user
|
||||
->where('external_auth_id', $userDetails['external_id'])
|
||||
$user = $this->user->newQuery()
|
||||
->where('external_auth_id', '=', $userDetails['external_id'])
|
||||
->first();
|
||||
|
||||
if ($user === null && $isRegisterEnabled) {
|
||||
if (is_null($user)) {
|
||||
$user = $this->registerUser($userDetails);
|
||||
}
|
||||
|
||||
|
@ -34,7 +34,11 @@ return [
|
||||
],
|
||||
'ldap' => [
|
||||
'driver' => 'ldap-session',
|
||||
'provider' => 'external'
|
||||
'provider' => 'external',
|
||||
],
|
||||
'saml2' => [
|
||||
'driver' => 'saml2-session',
|
||||
'provider' => 'external',
|
||||
],
|
||||
'api' => [
|
||||
'driver' => 'api-token',
|
||||
|
@ -4,10 +4,6 @@ return [
|
||||
|
||||
// Display name, shown to users, for SAML2 option
|
||||
'name' => env('SAML2_NAME', 'SSO'),
|
||||
// Toggle whether the SAML2 option is active
|
||||
'enabled' => env('SAML2_ENABLED', false),
|
||||
// Enable registration via SAML2 authentication
|
||||
'auto_register' => env('SAML2_AUTO_REGISTER', true),
|
||||
|
||||
// Dump user details after a login request for debugging purposes
|
||||
'dump_user_details' => env('SAML2_DUMP_USER_DETAILS', false),
|
||||
|
@ -65,7 +65,6 @@ class LoginController extends Controller
|
||||
{
|
||||
$socialDrivers = $this->socialAuthService->getActiveDrivers();
|
||||
$authMethod = config('auth.method');
|
||||
$samlEnabled = config('saml2.enabled') === true;
|
||||
|
||||
if ($request->has('email')) {
|
||||
session()->flashInput([
|
||||
@ -77,7 +76,6 @@ class LoginController extends Controller
|
||||
return view('auth.login', [
|
||||
'socialDrivers' => $socialDrivers,
|
||||
'authMethod' => $authMethod,
|
||||
'samlEnabled' => $samlEnabled,
|
||||
]);
|
||||
}
|
||||
|
||||
@ -129,28 +127,16 @@ class LoginController extends Controller
|
||||
*/
|
||||
protected function validateLogin(Request $request)
|
||||
{
|
||||
$rules = [];
|
||||
$rules = ['password' => 'required|string'];
|
||||
$authMethod = config('auth.method');
|
||||
|
||||
if ($authMethod === 'standard') {
|
||||
$rules = [
|
||||
'email' => 'required|string|email',
|
||||
'password' => 'required|string'
|
||||
];
|
||||
$rules['email'] = 'required|email';
|
||||
}
|
||||
|
||||
if ($authMethod === 'ldap') {
|
||||
$rules = [
|
||||
'username' => 'required|string',
|
||||
'password' => 'required|string',
|
||||
'email' => 'email',
|
||||
];
|
||||
}
|
||||
|
||||
if ($authMethod === 'saml2') {
|
||||
$rules = [
|
||||
'email' => 'email',
|
||||
];
|
||||
$rules['username'] = 'required|string';
|
||||
$rules['email'] = 'email';
|
||||
}
|
||||
|
||||
$request->validate($rules);
|
||||
@ -178,10 +164,6 @@ class LoginController extends Controller
|
||||
*/
|
||||
public function logout(Request $request)
|
||||
{
|
||||
if (config('saml2.enabled') && session()->get('last_login_type') === 'saml2') {
|
||||
return redirect('/saml2/logout');
|
||||
}
|
||||
|
||||
$this->guard()->logout();
|
||||
$request->session()->invalidate();
|
||||
|
||||
|
@ -75,10 +75,8 @@ class RegisterController extends Controller
|
||||
{
|
||||
$this->registrationService->checkRegistrationAllowed();
|
||||
$socialDrivers = $this->socialAuthService->getActiveDrivers();
|
||||
$samlEnabled = (config('saml2.enabled') === true) && (config('saml2.auto_register') === true);
|
||||
return view('auth.register', [
|
||||
'socialDrivers' => $socialDrivers,
|
||||
'samlEnabled' => $samlEnabled,
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -20,7 +20,8 @@ class Saml2Controller extends Controller
|
||||
|
||||
// SAML2 access middleware
|
||||
$this->middleware(function ($request, $next) {
|
||||
if (!config('saml2.enabled')) {
|
||||
|
||||
if (config('auth.method') !== 'saml2') {
|
||||
$this->showPermissionError();
|
||||
}
|
||||
|
||||
|
@ -6,6 +6,7 @@ use Auth;
|
||||
use BookStack\Api\ApiTokenGuard;
|
||||
use BookStack\Auth\Access\ExternalBaseUserProvider;
|
||||
use BookStack\Auth\Access\Guards\LdapSessionGuard;
|
||||
use BookStack\Auth\Access\Guards\Saml2SessionGuard;
|
||||
use BookStack\Auth\Access\LdapService;
|
||||
use BookStack\Auth\UserRepo;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
@ -33,6 +34,16 @@ class AuthServiceProvider extends ServiceProvider
|
||||
$app[UserRepo::class]
|
||||
);
|
||||
});
|
||||
|
||||
Auth::extend('saml2-session', function ($app, $name, array $config) {
|
||||
$provider = Auth::createUserProvider($config['provider']);
|
||||
return new Saml2SessionGuard(
|
||||
$name,
|
||||
$provider,
|
||||
$this->app['session.store'],
|
||||
$app[UserRepo::class]
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,19 +1,30 @@
|
||||
<div class="form-group">
|
||||
<label for="username">{{ trans('auth.username') }}</label>
|
||||
@include('form.text', ['name' => 'username', 'autofocus' => true])
|
||||
</div>
|
||||
<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
|
||||
{!! csrf_field() !!}
|
||||
|
||||
@if(session('request-email', false) === true)
|
||||
<div class="form-group">
|
||||
<label for="email">{{ trans('auth.email') }}</label>
|
||||
@include('form.text', ['name' => 'email'])
|
||||
<span class="text-neg">
|
||||
{{ trans('auth.ldap_email_hint') }}
|
||||
</span>
|
||||
<div class="stretch-inputs">
|
||||
<div class="form-group">
|
||||
<label for="username">{{ trans('auth.username') }}</label>
|
||||
@include('form.text', ['name' => 'username', 'autofocus' => true])
|
||||
</div>
|
||||
|
||||
@if(session('request-email', false) === true)
|
||||
<div class="form-group">
|
||||
<label for="email">{{ trans('auth.email') }}</label>
|
||||
@include('form.text', ['name' => 'email'])
|
||||
<span class="text-neg">{{ trans('auth.ldap_email_hint') }}</span>
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<div class="form-group">
|
||||
<label for="password">{{ trans('auth.password') }}</label>
|
||||
@include('form.password', ['name' => 'password'])
|
||||
</div>
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<div class="form-group">
|
||||
<label for="password">{{ trans('auth.password') }}</label>
|
||||
@include('form.password', ['name' => 'password'])
|
||||
</div>
|
||||
<div class="grid half collapse-xs gap-xl v-center">
|
||||
<div class="text-right">
|
||||
<button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
@ -1,30 +1,11 @@
|
||||
<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
|
||||
<form action="{{ url('/saml2/login') }}" method="POST" id="login-form" class="mt-l">
|
||||
{!! csrf_field() !!}
|
||||
|
||||
<div class="stretch-inputs">
|
||||
<div class="form-group">
|
||||
<label for="username">{{ trans('auth.username') }}</label>
|
||||
@include('form.text', ['name' => 'username', 'autofocus' => true])
|
||||
</div>
|
||||
|
||||
@if(session('request-email', false) === true)
|
||||
<div class="form-group">
|
||||
<label for="email">{{ trans('auth.email') }}</label>
|
||||
@include('form.text', ['name' => 'email'])
|
||||
<span class="text-neg">{{ trans('auth.ldap_email_hint') }}</span>
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<div class="form-group">
|
||||
<label for="password">{{ trans('auth.password') }}</label>
|
||||
@include('form.password', ['name' => 'password'])
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="grid half collapse-xs gap-xl v-center">
|
||||
<div class="text-right">
|
||||
<button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
|
||||
</div>
|
||||
<div>
|
||||
<button id="saml-login" class="button outline block svg">
|
||||
@icon('saml2')
|
||||
{{ trans('auth.log_in_with', ['socialDriver' => config('saml2.name')]) }}
|
||||
</button>
|
||||
</div>
|
||||
|
||||
</form>
|
@ -1,12 +1,36 @@
|
||||
<div class="form-group">
|
||||
<label for="email">{{ trans('auth.email') }}</label>
|
||||
@include('form.text', ['name' => 'email', 'autofocus' => true])
|
||||
</div>
|
||||
<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
|
||||
{!! csrf_field() !!}
|
||||
|
||||
<div class="stretch-inputs">
|
||||
<div class="form-group">
|
||||
<label for="email">{{ trans('auth.email') }}</label>
|
||||
@include('form.text', ['name' => 'email', 'autofocus' => true])
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="password">{{ trans('auth.password') }}</label>
|
||||
@include('form.password', ['name' => 'password'])
|
||||
<div class="small mt-s">
|
||||
<a href="{{ url('/password/email') }}">{{ trans('auth.forgot_password') }}</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="grid half collapse-xs gap-xl v-center">
|
||||
<div class="text-left ml-xxs">
|
||||
@include('components.custom-checkbox', [
|
||||
'name' => 'remember',
|
||||
'checked' => false,
|
||||
'value' => 'on',
|
||||
'label' => trans('auth.remember_me'),
|
||||
])
|
||||
</div>
|
||||
|
||||
<div class="text-right">
|
||||
<button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
|
||||
<div class="form-group">
|
||||
<label for="password">{{ trans('auth.password') }}</label>
|
||||
@include('form.password', ['name' => 'password'])
|
||||
<span class="block small mt-s">
|
||||
<a href="{{ url('/password/email') }}">{{ trans('auth.forgot_password') }}</a>
|
||||
</span>
|
||||
</div>
|
||||
|
@ -9,29 +9,7 @@
|
||||
<div class="card content-wrap auto-height">
|
||||
<h1 class="list-heading">{{ Str::title(trans('auth.log_in')) }}</h1>
|
||||
|
||||
<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
|
||||
{!! csrf_field() !!}
|
||||
|
||||
<div class="stretch-inputs">
|
||||
@include('auth.forms.login.' . $authMethod)
|
||||
</div>
|
||||
|
||||
<div class="grid half collapse-xs gap-xl v-center">
|
||||
<div class="text-left ml-xxs">
|
||||
@include('components.custom-checkbox', [
|
||||
'name' => 'remember',
|
||||
'checked' => false,
|
||||
'value' => 'on',
|
||||
'label' => trans('auth.remember_me'),
|
||||
])
|
||||
</div>
|
||||
|
||||
<div class="text-right">
|
||||
<button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
@include('auth.forms.login.' . $authMethod)
|
||||
|
||||
@if(count($socialDrivers) > 0)
|
||||
<hr class="my-l">
|
||||
@ -45,17 +23,7 @@
|
||||
@endforeach
|
||||
@endif
|
||||
|
||||
@if($samlEnabled)
|
||||
<hr class="my-l">
|
||||
<div>
|
||||
<a id="saml-login" class="button outline block svg" href="{{ url("/saml2/login") }}">
|
||||
@icon('saml2')
|
||||
{{ trans('auth.log_in_with', ['socialDriver' => config('saml2.name')]) }}
|
||||
</a>
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if(setting('registration-enabled') && config('auth.method') !== 'ldap')
|
||||
@if(setting('registration-enabled') && config('auth.method') === 'standard')
|
||||
<div class="text-center pb-s">
|
||||
<hr class="my-l">
|
||||
<a href="{{ url('/register') }}">{{ trans('auth.dont_have_account') }}</a>
|
||||
|
@ -50,15 +50,6 @@
|
||||
@endforeach
|
||||
@endif
|
||||
|
||||
@if($samlEnabled)
|
||||
<hr class="my-l">
|
||||
<div>
|
||||
<a id="saml-login" class="button outline block svg" href="{{ url("/saml2/login") }}">
|
||||
@icon('saml2')
|
||||
{{ trans('auth.log_in_with', ['socialDriver' => config('saml2.name')]) }}
|
||||
</a>
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
@stop
|
||||
|
@ -42,7 +42,7 @@
|
||||
@endif
|
||||
|
||||
@if(!signedInUser())
|
||||
@if(setting('registration-enabled') && config('auth.method') !== 'ldap')
|
||||
@if(setting('registration-enabled') && config('auth.method') === 'standard')
|
||||
<a href="{{ url('/register') }}">@icon('new-user') {{ trans('auth.sign_up') }}</a>
|
||||
@endif
|
||||
<a href="{{ url('/login') }}">@icon('login') {{ trans('auth.log_in') }}</a>
|
||||
@ -64,7 +64,11 @@
|
||||
<a href="{{ url("/settings/users/{$currentUser->id}") }}">@icon('edit'){{ trans('common.edit_profile') }}</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{{ url('/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
|
||||
@if(config('auth.method') === 'saml2')
|
||||
<a href="{{ url('/saml2/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
|
||||
@else
|
||||
<a href="{{ url('/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
|
||||
@endif
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -19,7 +19,7 @@
|
||||
@include('form.text', ['name' => 'description'])
|
||||
</div>
|
||||
|
||||
@if(config('auth.method') === 'ldap' || config('saml2.enabled') === true)
|
||||
@if(config('auth.method') === 'ldap' || config('auth.method') === 'saml2')
|
||||
<div class="form-group">
|
||||
<label for="name">{{ trans('settings.role_external_auth_id') }}</label>
|
||||
@include('form.text', ['name' => 'external_auth_id'])
|
||||
|
@ -25,7 +25,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@if(($authMethod === 'ldap' || config('saml2.enabled') === true) && userCan('users-manage'))
|
||||
@if(($authMethod === 'ldap' || $authMethod === 'saml2') && userCan('users-manage'))
|
||||
<div class="grid half gap-xl v-center">
|
||||
<div>
|
||||
<label class="setting-list-label">{{ trans('settings.users_external_auth_id') }}</label>
|
||||
|
@ -225,7 +225,7 @@ Route::get('/register/confirm/{token}', 'Auth\ConfirmEmailController@confirm');
|
||||
Route::post('/register', 'Auth\RegisterController@postRegister');
|
||||
|
||||
// SAML routes
|
||||
Route::get('/saml2/login', 'Auth\Saml2Controller@login');
|
||||
Route::post('/saml2/login', 'Auth\Saml2Controller@login');
|
||||
Route::get('/saml2/logout', 'Auth\Saml2Controller@logout');
|
||||
Route::get('/saml2/metadata', 'Auth\Saml2Controller@metadata');
|
||||
Route::get('/saml2/sls', 'Auth\Saml2Controller@sls');
|
||||
|
Loading…
Reference in New Issue
Block a user