diff --git a/app/Auth/Access/RegistrationService.php b/app/Auth/Access/RegistrationService.php new file mode 100644 index 000000000..7e8c7d5f5 --- /dev/null +++ b/app/Auth/Access/RegistrationService.php @@ -0,0 +1,73 @@ +userRepo = $userRepo; + $this->emailConfirmationService = $emailConfirmationService; + } + + + /** + * Check whether or not registrations are allowed in the app settings. + * @throws UserRegistrationException + */ + public function checkRegistrationAllowed() + { + if (!setting('registration-enabled') || config('auth.method') === 'ldap') { + throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login'); + } + } + + /** + * The registrations flow for all users. + * @throws UserRegistrationException + */ + public function registerUser(array $userData, ?SocialAccount $socialAccount = null, bool $emailVerified = false) + { + $registrationRestrict = setting('registration-restrict'); + + if ($registrationRestrict) { + $restrictedEmailDomains = explode(',', str_replace(' ', '', $registrationRestrict)); + $userEmailDomain = $domain = mb_substr(mb_strrchr($userData['email'], "@"), 1); + if (!in_array($userEmailDomain, $restrictedEmailDomains)) { + throw new UserRegistrationException(trans('auth.registration_email_domain_invalid'), '/register'); + } + } + + $newUser = $this->userRepo->registerNew($userData, $emailVerified); + + if ($socialAccount) { + $newUser->socialAccounts()->save($socialAccount); + } + + if ($this->emailConfirmationService->confirmationRequired() && !$emailVerified) { + $newUser->save(); + $message = ''; + + try { + $this->emailConfirmationService->sendConfirmation($newUser); + } catch (Exception $e) { + $message = trans('auth.email_confirm_send_error'); + } + + throw new UserRegistrationException($message, '/register/confirm'); + } + + auth()->login($newUser); + } + +} \ No newline at end of file diff --git a/app/Auth/Access/SocialAuthService.php b/app/Auth/Access/SocialAuthService.php index bc5b7a4d5..cf836618a 100644 --- a/app/Auth/Access/SocialAuthService.php +++ b/app/Auth/Access/SocialAuthService.php @@ -7,7 +7,9 @@ use BookStack\Exceptions\SocialSignInAccountNotUsed; use BookStack\Exceptions\UserRegistrationException; use Illuminate\Support\Str; use Laravel\Socialite\Contracts\Factory as Socialite; +use Laravel\Socialite\Contracts\Provider; use Laravel\Socialite\Contracts\User as SocialUser; +use Symfony\Component\HttpFoundation\RedirectResponse; class SocialAuthService { @@ -20,9 +22,6 @@ class SocialAuthService /** * SocialAuthService constructor. - * @param \BookStack\Auth\UserRepo $userRepo - * @param Socialite $socialite - * @param SocialAccount $socialAccount */ public function __construct(UserRepo $userRepo, Socialite $socialite, SocialAccount $socialAccount) { @@ -34,11 +33,9 @@ class SocialAuthService /** * Start the social login path. - * @param string $socialDriver - * @return \Symfony\Component\HttpFoundation\RedirectResponse * @throws SocialDriverNotConfigured */ - public function startLogIn($socialDriver) + public function startLogIn(string $socialDriver): RedirectResponse { $driver = $this->validateDriver($socialDriver); return $this->getSocialDriver($driver)->redirect(); @@ -46,11 +43,9 @@ class SocialAuthService /** * Start the social registration process - * @param string $socialDriver - * @return \Symfony\Component\HttpFoundation\RedirectResponse * @throws SocialDriverNotConfigured */ - public function startRegister($socialDriver) + public function startRegister(string $socialDriver): RedirectResponse { $driver = $this->validateDriver($socialDriver); return $this->getSocialDriver($driver)->redirect(); @@ -58,12 +53,9 @@ class SocialAuthService /** * Handle the social registration process on callback. - * @param string $socialDriver - * @param SocialUser $socialUser - * @return SocialUser * @throws UserRegistrationException */ - public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser) + public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser): SocialUser { // Check social account has not already been used if ($this->socialAccount->where('driver_id', '=', $socialUser->getId())->exists()) { @@ -80,11 +72,9 @@ class SocialAuthService /** * Get the social user details via the social driver. - * @param string $socialDriver - * @return SocialUser * @throws SocialDriverNotConfigured */ - public function getSocialUser(string $socialDriver) + public function getSocialUser(string $socialDriver): SocialUser { $driver = $this->validateDriver($socialDriver); return $this->socialite->driver($driver)->user(); @@ -92,12 +82,9 @@ class SocialAuthService /** * Handle the login process on a oAuth callback. - * @param $socialDriver - * @param SocialUser $socialUser - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector * @throws SocialSignInAccountNotUsed */ - public function handleLoginCallback($socialDriver, SocialUser $socialUser) + public function handleLoginCallback(string $socialDriver, SocialUser $socialUser) { $socialId = $socialUser->getId(); @@ -146,18 +133,16 @@ class SocialAuthService /** * Ensure the social driver is correct and supported. - * - * @param $socialDriver - * @return string * @throws SocialDriverNotConfigured */ - private function validateDriver($socialDriver) + protected function validateDriver(string $socialDriver): string { $driver = trim(strtolower($socialDriver)); if (!in_array($driver, $this->validSocialDrivers)) { abort(404, trans('errors.social_driver_not_found')); } + if (!$this->checkDriverConfigured($driver)) { throw new SocialDriverNotConfigured(trans('errors.social_driver_not_configured', ['socialAccount' => Str::title($socialDriver)])); } @@ -167,10 +152,8 @@ class SocialAuthService /** * Check a social driver has been configured correctly. - * @param $driver - * @return bool */ - private function checkDriverConfigured($driver) + protected function checkDriverConfigured(string $driver): bool { $lowerName = strtolower($driver); $configPrefix = 'services.' . $lowerName . '.'; @@ -180,55 +163,48 @@ class SocialAuthService /** * Gets the names of the active social drivers. - * @return array */ - public function getActiveDrivers() + public function getActiveDrivers(): array { $activeDrivers = []; + foreach ($this->validSocialDrivers as $driverKey) { if ($this->checkDriverConfigured($driverKey)) { $activeDrivers[$driverKey] = $this->getDriverName($driverKey); } } + return $activeDrivers; } /** * Get the presentational name for a driver. - * @param $driver - * @return mixed */ - public function getDriverName($driver) + public function getDriverName(string $driver): string { return config('services.' . strtolower($driver) . '.name'); } /** * Check if the current config for the given driver allows auto-registration. - * @param string $driver - * @return bool */ - public function driverAutoRegisterEnabled(string $driver) + public function driverAutoRegisterEnabled(string $driver): bool { return config('services.' . strtolower($driver) . '.auto_register') === true; } /** * Check if the current config for the given driver allow email address auto-confirmation. - * @param string $driver - * @return bool */ - public function driverAutoConfirmEmailEnabled(string $driver) + public function driverAutoConfirmEmailEnabled(string $driver): bool { return config('services.' . strtolower($driver) . '.auto_confirm') === true; } /** - * @param string $socialDriver - * @param SocialUser $socialUser - * @return SocialAccount + * Fill and return a SocialAccount from the given driver name and SocialUser. */ - public function fillSocialAccount($socialDriver, $socialUser) + public function fillSocialAccount(string $socialDriver, SocialUser $socialUser): SocialAccount { $this->socialAccount->fill([ 'driver' => $socialDriver, @@ -240,22 +216,17 @@ class SocialAuthService /** * Detach a social account from a user. - * @param $socialDriver * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector */ - public function detachSocialAccount($socialDriver) + public function detachSocialAccount(string $socialDriver) { user()->socialAccounts()->where('driver', '=', $socialDriver)->delete(); - session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)])); - return redirect(user()->getEditUrl()); } /** * Provide redirect options per service for the Laravel Socialite driver - * @param $driverName - * @return \Laravel\Socialite\Contracts\Provider */ - public function getSocialDriver(string $driverName) + public function getSocialDriver(string $driverName): Provider { $driver = $this->socialite->driver($driverName); diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index b1d22d57e..a74e53617 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -66,9 +66,6 @@ class LoginController extends Controller /** * Overrides the action when a user is authenticated. * If the user authenticated but does not exist in the user table we create them. - * @param Request $request - * @param Authenticatable $user - * @return \Illuminate\Http\RedirectResponse * @throws AuthException * @throws \BookStack\Exceptions\LdapException */ @@ -112,8 +109,6 @@ class LoginController extends Controller /** * Show the application login form. - * @param Request $request - * @return \Illuminate\Http\Response */ public function getLogin(Request $request) { @@ -135,23 +130,8 @@ class LoginController extends Controller ]); } - /** - * Redirect to the relevant social site. - * @param $socialDriver - * @return \Symfony\Component\HttpFoundation\RedirectResponse - * @throws \BookStack\Exceptions\SocialDriverNotConfigured - */ - public function getSocialLogin($socialDriver) - { - session()->put('social-callback', 'login'); - return $this->socialAuthService->startLogIn($socialDriver); - } - /** * Log the user out of the application. - * - * @param \Illuminate\Http\Request $request - * @return \Illuminate\Http\Response */ public function logout(Request $request) { @@ -160,7 +140,6 @@ class LoginController extends Controller } $this->guard()->logout(); - $request->session()->invalidate(); return $this->loggedOut($request) ?: redirect('/'); diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 8e4dd57c3..c9c0c3ec5 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -2,25 +2,14 @@ namespace BookStack\Http\Controllers\Auth; -use BookStack\Auth\Access\EmailConfirmationService; +use BookStack\Auth\Access\RegistrationService; use BookStack\Auth\Access\SocialAuthService; -use BookStack\Auth\SocialAccount; use BookStack\Auth\User; -use BookStack\Auth\UserRepo; -use BookStack\Exceptions\SocialDriverNotConfigured; -use BookStack\Exceptions\SocialSignInAccountNotUsed; -use BookStack\Exceptions\SocialSignInException; use BookStack\Exceptions\UserRegistrationException; use BookStack\Http\Controllers\Controller; -use Exception; use Illuminate\Foundation\Auth\RegistersUsers; -use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; -use Illuminate\Http\Response; -use Illuminate\Routing\Redirector; use Illuminate\Support\Facades\Hash; -use Illuminate\Support\Str; -use Laravel\Socialite\Contracts\User as SocialUser; use Validator; class RegisterController extends Controller @@ -39,8 +28,7 @@ class RegisterController extends Controller use RegistersUsers; protected $socialAuthService; - protected $emailConfirmationService; - protected $userRepo; + protected $registrationService; /** * Where to redirect users after login / registration. @@ -52,17 +40,14 @@ class RegisterController extends Controller /** * Create a new controller instance. - * - * @param SocialAuthService $socialAuthService - * @param EmailConfirmationService $emailConfirmationService - * @param UserRepo $userRepo */ - public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo) + public function __construct(SocialAuthService $socialAuthService, RegistrationService $registrationService) { - $this->middleware('guest')->only(['getRegister', 'postRegister', 'socialRegister']); + $this->middleware('guest')->only(['getRegister', 'postRegister']); + $this->socialAuthService = $socialAuthService; - $this->emailConfirmationService = $emailConfirmationService; - $this->userRepo = $userRepo; + $this->registrationService = $registrationService; + $this->redirectTo = url('/'); $this->redirectPath = url('/'); parent::__construct(); @@ -71,7 +56,6 @@ class RegisterController extends Controller /** * Get a validator for an incoming registration request. * - * @param array $data * @return \Illuminate\Contracts\Validation\Validator */ protected function validator(array $data) @@ -83,25 +67,13 @@ class RegisterController extends Controller ]); } - /** - * Check whether or not registrations are allowed in the app settings. - * @throws UserRegistrationException - */ - protected function checkRegistrationAllowed() - { - if (!setting('registration-enabled') || config('auth.method') === 'ldap') { - throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login'); - } - } - /** * Show the application registration form. - * @return Response * @throws UserRegistrationException */ public function getRegister() { - $this->checkRegistrationAllowed(); + $this->registrationService->checkRegistrationAllowed(); $socialDrivers = $this->socialAuthService->getActiveDrivers(); $samlEnabled = (config('saml2.enabled') === true) && (config('saml2.auto_register') === true); return view('auth.register', [ @@ -112,17 +84,25 @@ class RegisterController extends Controller /** * Handle a registration request for the application. - * @param Request|Request $request - * @return RedirectResponse|Redirector * @throws UserRegistrationException */ public function postRegister(Request $request) { - $this->checkRegistrationAllowed(); + $this->registrationService->checkRegistrationAllowed(); $this->validator($request->all())->validate(); - $userData = $request->all(); - return $this->registerUser($userData); + + try { + $this->registrationService->registerUser($userData); + } catch (UserRegistrationException $exception) { + if ($exception->getMessage()) { + $this->showErrorNotification($exception->getMessage()); + } + return redirect($exception->redirectLocation); + } + + $this->showSuccessNotification(trans('auth.register_success')); + return redirect($this->redirectPath()); } /** @@ -139,136 +119,4 @@ class RegisterController extends Controller ]); } - /** - * The registrations flow for all users. - * @param array $userData - * @param bool|false|SocialAccount $socialAccount - * @param bool $emailVerified - * @return RedirectResponse|Redirector - * @throws UserRegistrationException - */ - protected function registerUser(array $userData, $socialAccount = false, $emailVerified = false) - { - $registrationRestrict = setting('registration-restrict'); - - if ($registrationRestrict) { - $restrictedEmailDomains = explode(',', str_replace(' ', '', $registrationRestrict)); - $userEmailDomain = $domain = mb_substr(mb_strrchr($userData['email'], "@"), 1); - if (!in_array($userEmailDomain, $restrictedEmailDomains)) { - throw new UserRegistrationException(trans('auth.registration_email_domain_invalid'), '/register'); - } - } - - $newUser = $this->userRepo->registerNew($userData, $emailVerified); - if ($socialAccount) { - $newUser->socialAccounts()->save($socialAccount); - } - - if ($this->emailConfirmationService->confirmationRequired() && !$emailVerified) { - $newUser->save(); - - try { - $this->emailConfirmationService->sendConfirmation($newUser); - } catch (Exception $e) { - $this->showErrorNotification(trans('auth.email_confirm_send_error')); - } - - return redirect('/register/confirm'); - } - - auth()->login($newUser); - $this->showSuccessNotification(trans('auth.register_success')); - return redirect($this->redirectPath()); - } - - /** - * Redirect to the social site for authentication intended to register. - * @param $socialDriver - * @return mixed - * @throws UserRegistrationException - * @throws SocialDriverNotConfigured - */ - public function socialRegister($socialDriver) - { - $this->checkRegistrationAllowed(); - session()->put('social-callback', 'register'); - return $this->socialAuthService->startRegister($socialDriver); - } - - /** - * The callback for social login services. - * @param Request $request - * @param string $socialDriver - * @return RedirectResponse|Redirector - * @throws SocialSignInException - * @throws UserRegistrationException - * @throws SocialDriverNotConfigured - */ - public function socialCallback(Request $request, string $socialDriver) - { - if (!session()->has('social-callback')) { - throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login'); - } - - // Check request for error information - if ($request->has('error') && $request->has('error_description')) { - throw new SocialSignInException(trans('errors.social_login_bad_response', [ - 'socialAccount' => $socialDriver, - 'error' => $request->get('error_description'), - ]), '/login'); - } - - $action = session()->pull('social-callback'); - - // Attempt login or fall-back to register if allowed. - $socialUser = $this->socialAuthService->getSocialUser($socialDriver); - if ($action == 'login') { - try { - return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser); - } catch (SocialSignInAccountNotUsed $exception) { - if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) { - return $this->socialRegisterCallback($socialDriver, $socialUser); - } - throw $exception; - } - } - - if ($action == 'register') { - return $this->socialRegisterCallback($socialDriver, $socialUser); - } - - return redirect()->back(); - } - - /** - * Detach a social account from a user. - * @param $socialDriver - * @return RedirectResponse|Redirector - */ - public function detachSocialAccount($socialDriver) - { - return $this->socialAuthService->detachSocialAccount($socialDriver); - } - - /** - * Register a new user after a registration callback. - * @param string $socialDriver - * @param SocialUser $socialUser - * @return RedirectResponse|Redirector - * @throws UserRegistrationException - */ - protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser) - { - $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser); - $socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser); - $emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver); - - // Create an array of the user data to create a new user instance - $userData = [ - 'name' => $socialUser->getName(), - 'email' => $socialUser->getEmail(), - 'password' => Str::random(30) - ]; - return $this->registerUser($userData, $socialAccount, $emailVerified); - } } diff --git a/app/Http/Controllers/Auth/SocialController.php b/app/Http/Controllers/Auth/SocialController.php new file mode 100644 index 000000000..bcd82a9c0 --- /dev/null +++ b/app/Http/Controllers/Auth/SocialController.php @@ -0,0 +1,139 @@ +middleware('guest')->only(['getRegister', 'postRegister']); + $this->socialAuthService = $socialAuthService; + $this->registrationService = $registrationService; + } + + + /** + * Redirect to the relevant social site. + * @throws \BookStack\Exceptions\SocialDriverNotConfigured + */ + public function getSocialLogin(string $socialDriver) + { + session()->put('social-callback', 'login'); + return $this->socialAuthService->startLogIn($socialDriver); + } + + /** + * Redirect to the social site for authentication intended to register. + * @throws SocialDriverNotConfigured + * @throws UserRegistrationException + */ + public function socialRegister(string $socialDriver) + { + $this->registrationService->checkRegistrationAllowed(); + session()->put('social-callback', 'register'); + return $this->socialAuthService->startRegister($socialDriver); + } + + /** + * The callback for social login services. + * @throws SocialSignInException + * @throws SocialDriverNotConfigured + * @throws UserRegistrationException + */ + public function socialCallback(Request $request, string $socialDriver) + { + if (!session()->has('social-callback')) { + throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login'); + } + + // Check request for error information + if ($request->has('error') && $request->has('error_description')) { + throw new SocialSignInException(trans('errors.social_login_bad_response', [ + 'socialAccount' => $socialDriver, + 'error' => $request->get('error_description'), + ]), '/login'); + } + + $action = session()->pull('social-callback'); + + // Attempt login or fall-back to register if allowed. + $socialUser = $this->socialAuthService->getSocialUser($socialDriver); + if ($action == 'login') { + try { + return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser); + } catch (SocialSignInAccountNotUsed $exception) { + if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) { + return $this->socialRegisterCallback($socialDriver, $socialUser); + } + throw $exception; + } + } + + if ($action == 'register') { + return $this->socialRegisterCallback($socialDriver, $socialUser); + } + + return redirect()->back(); + } + + /** + * Detach a social account from a user. + */ + public function detachSocialAccount(string $socialDriver) + { + $this->socialAuthService->detachSocialAccount($socialDriver); + session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)])); + return redirect(user()->getEditUrl()); + } + + /** + * Register a new user after a registration callback. + * @return RedirectResponse|Redirector + * @throws UserRegistrationException + */ + protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser) + { + $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser); + $socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser); + $emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver); + + // Create an array of the user data to create a new user instance + $userData = [ + 'name' => $socialUser->getName(), + 'email' => $socialUser->getEmail(), + 'password' => Str::random(30) + ]; + + try { + $this->registrationService->registerUser($userData, $socialAccount, $emailVerified); + } catch (UserRegistrationException $exception) { + if ($exception->getMessage()) { + $this->showErrorNotification($exception->getMessage()); + } + return redirect($exception->redirectLocation); + } + + $this->showSuccessNotification(trans('auth.register_success')); + return redirect('/'); + } +} diff --git a/routes/web.php b/routes/web.php index f38575b79..eafad6489 100644 --- a/routes/web.php +++ b/routes/web.php @@ -208,10 +208,10 @@ Route::group(['middleware' => 'auth'], function () { }); // Social auth routes -Route::get('/login/service/{socialDriver}', 'Auth\LoginController@getSocialLogin'); -Route::get('/login/service/{socialDriver}/callback', 'Auth\RegisterController@socialCallback'); -Route::get('/login/service/{socialDriver}/detach', 'Auth\RegisterController@detachSocialAccount'); -Route::get('/register/service/{socialDriver}', 'Auth\RegisterController@socialRegister'); +Route::get('/login/service/{socialDriver}', 'Auth\SocialController@getSocialLogin'); +Route::get('/login/service/{socialDriver}/callback', 'Auth\SocialController@socialCallback'); +Route::get('/login/service/{socialDriver}/detach', 'Auth\SocialController@detachSocialAccount'); +Route::get('/register/service/{socialDriver}', 'Auth\SocialController@socialRegister'); // Login/Logout routes Route::get('/login', 'Auth\LoginController@getLogin');