Commit Graph

44 Commits

Author SHA1 Message Date
ch0wm3in
c1fe81466f
Fixed 'interaction_required' response for azure
Azure Conditional Access policy 2FA returns 'interaction_required' 400 response https://github.com/SocialiteProviders/Providers/issues/208
2020-02-12 15:03:55 +01:00
Dan Brown
3991fbe726
Checked over and aligned registration option behavior across all auth options
- Added tests to cover
2020-02-02 17:31:00 +00:00
Dan Brown
e743cd3f60
Added files missed in previous commit 2020-02-02 10:59:03 +00:00
Dan Brown
3470a6a140
Aligned SAML2 system with LDAP implementation in terms of guards and UI 2020-02-01 16:11:56 +00:00
Dan Brown
7728931f15
Set more appropriate login validation and broken up LDAP guide a bit 2020-02-01 14:30:23 +00:00
Dan Brown
575b85021d
Started alignment of auth services
- Removed LDAP specific logic from login controller, placed in Guard.
- Created safer base user provider for ldap login, to be used for SAML
soon.
- Moved LDAP auth work from user provider to guard.
2020-02-01 11:42:22 +00:00
Dan Brown
92690d1ae9
Moved socal auth routes to their own controller
Also cleaned some phpdocs and extracted register actions to their own
service.
2020-01-26 14:42:50 +00:00
Dan Brown
e06f9f7fe3
Removed setting override system due to confusing behaviour
- Was only used to disable registration when LDAP was enabled.
- Caused saved option not to show on settings page causing confusion.
- Extended setting logic where used to take ldap into account instead of
global override.
- Added warning on setting page to show registration enable setting is
not used while ldap is active.

For #1541
2019-12-22 13:19:17 +00:00
Dan Brown
f9fa6904b9
Made LDAP auth ID attribute configurable
- Allows the field that gets stored as the "External Authentication ID"
to be configurable. Defined as LDAP_ID_ATTRIBUTE=uid in .env.
- Added test to cover usage.
- Also now auto-lowercases when searching for attributes in LDAP
response since PHP always provides them as lower case.

Closes #592.
2019-12-16 12:40:21 +00:00
Dan Brown
ebb3724892
Added onelogin attribution and tweaks after testing saml with onelogin 2019-11-17 17:00:42 +00:00
Dan Brown
aef6eb81e4
Added SAML singleLogoutService capabilities 2019-11-17 15:40:36 +00:00
Dan Brown
488325f459
Added the ability to auto-load config from metadata url 2019-11-17 14:44:26 +00:00
Dan Brown
3a17ba2cb9
Started using OneLogin SAML lib directly
- Aligned and formatted config options.
- Provided way to override onelogin lib options if required.
- Added endpoints in core bookstack routes.
- Provided way to debug details provided by idp and formatted by
bookstack.
- Started on test work
- Handled case of email address already in use.
2019-11-17 13:26:43 +00:00
Dan Brown
9bba84684f
Appeased codeclimate by extracting out external_auth_id group matching 2019-11-16 15:24:09 +00:00
Dan Brown
8169c725d5
Started review of SAML implementation
- Updated PHPdoc of SAML service to use type hinting instead.
- Updated groups to only sync if enabled.
- Updated names of some config props.
- Removed a couple of unused config props.
- Added exception to handle no email on SAML response.
2019-11-16 14:42:51 +00:00
Dan Brown
bb1f43cbd8
Merge branch 'feature/saml' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/saml 2019-11-16 12:42:45 +00:00
Dan Brown
be08dc1588
Ran phpcbf and updated helpers typehinting 2019-09-15 18:29:51 +01:00
Dan Brown
140298bd96
Updated to Laravel 5.8 2019-09-13 23:58:40 +01:00
Dan Brown
eab0ca9648
Covered new invite system with testing
Closes #316
2019-08-18 13:55:28 +01:00
Dan Brown
e5155a5dcb
Refactored confirm actions to their own controller 2019-08-18 10:47:59 +01:00
Dan Brown
44330bdd24
Start user invite system 2019-08-17 15:52:33 +01:00
Daniel Seiler
8e723f10dc Add error messages, fix LDAP error 2019-08-07 15:31:10 +02:00
Daniel Seiler
03dbe32f99 Refactor for codestyle 2019-08-07 12:07:21 +02:00
Daniel Seiler
bda0082461 Add login and automatic registration; Prepare Group sync 2019-08-06 23:42:46 +02:00
Dan Brown
c24764018a
Updated ldap server option parsing to work with protocol and port
- Aligns with PHP behaviour where ports is ignore for full LDAP URI.
- Added tests to check format being passed to LDAP is as expected.
- May be related to #1220
- Related to #1386 and #1278
2019-04-16 22:47:53 +01:00
Dan Brown
44c537de1a
Performed some LDAP service/test cleanup 2019-03-10 10:54:19 +00:00
Daniel Fanara
502ea608bf Issue #1306 - Unit Tests for LdapService Changes 2019-03-09 01:08:49 -05:00
Daniel Fanara
55b07c7076 Issue #1306 - Specify display name attribute from LDAP 2019-03-08 23:55:11 -05:00
abijeet
5ef0992d5b PHPCS related fixes. 2019-01-27 15:59:23 +05:30
Dan Brown
7c8edf5673
Merge pull request #1096 from christophert/add-ldaptlsinsecure
Add option to disable LDAPS Certificate Validation
2018-12-22 16:38:50 +00:00
Dan Brown
26ec1cc3dc
Added proper escaping to LDAP filter operations
To cover #1163
2018-12-20 20:04:09 +00:00
Dan Brown
178b5af83a
Added google select_account test
Also cleaned the function naming a little to be more descriptive of the
work they do.
2018-11-10 14:52:43 +00:00
Justin Stein
2ca8038df2 Removed return from documentation for function redirectToSocialProvider 2018-11-04 11:07:04 -08:00
Justin Stein
c37e73b626 Moved redirect functionality back to start register and log in functions 2018-11-04 10:48:55 -08:00
Justin Stein
0283ab11b5 Added function for redirect with parameters for Socialite 2018-11-04 10:40:06 -08:00
Christopher Tran
8e7f703af7 fix how the option is set, change handle to NULL 2018-10-27 16:58:10 -04:00
Christopher Tran
6c14c09880 Add ability to disable LDAP certificate validation 2018-10-27 16:14:19 -04:00
Justin Stein
216358c6e4 Added Google select account functionality to login 2018-10-13 15:14:06 -07:00
Justin Stein
57d99130ee Added environment variable for google select account option. 2018-10-13 14:50:58 -07:00
Justin Stein
79afec9737 Revert "Added else clause"
This reverts commit 77d7f764f1.
2018-10-13 14:31:29 -07:00
justein230
77d7f764f1
Added else clause 2018-10-12 22:50:02 -07:00
Justin Stein
a76599bd2a Add select account parameter for google authorization
Useful for choosing an account if a default account is outside the scope of a G Suite organization.
2018-10-12 11:52:13 -07:00
Dan Brown
257a5a23ec
Fleshed out entity provided and optimized imports 2018-09-25 16:58:03 +01:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based 2018-09-25 12:30:50 +01:00