Simplified guard names and rolled out guard route checks

- Included tests to cover for LDAP and SAML - Updated wording for external auth id option. - Updated 'assertPermissionError' test case to be usable in BrowserKitTests
2025-06-04 08:54:33 +08:00 · 2020-02-02 13:10:21 +00:00
parent 5d08ec3cef
commit e6c6de0848
17 changed files with 146 additions and 67 deletions
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@ -30,6 +30,7 @@ class ForgotPasswordController extends Controller
    public function __construct()
    {
        $this->middleware('guest');
+        $this->middleware('guard:standard');
        parent::__construct();
    }

--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -38,7 +38,9 @@ class LoginController extends Controller
     */
    public function __construct(SocialAuthService $socialAuthService)
    {
-        $this->middleware('guest', ['only' => ['getLogin', 'postLogin']]);
+        $this->middleware('guest', ['only' => ['getLogin', 'login']]);
+        $this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]);
+
        $this->socialAuthService = $socialAuthService;
        $this->redirectPath = url('/');
        $this->redirectAfterLogout = url('/login');
@ -159,14 +161,4 @@ class LoginController extends Controller
        return redirect('/login');
    }

-    /**
-     * Log the user out of the application.
-     */
-    public function logout(Request $request)
-    {
-        $this->guard()->logout();
-        $request->session()->invalidate();
-
-        return $this->loggedOut($request) ?: redirect('/');
-    }
 }
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@ -43,7 +43,8 @@ class RegisterController extends Controller
     */
    public function __construct(SocialAuthService $socialAuthService, RegistrationService $registrationService)
    {
-        $this->middleware('guest')->only(['getRegister', 'postRegister']);
+        $this->middleware('guest');
+        $this->middleware('guard:standard');

        $this->socialAuthService = $socialAuthService;
        $this->registrationService = $registrationService;
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@ -31,6 +31,7 @@ class ResetPasswordController extends Controller
    public function __construct()
    {
        $this->middleware('guest');
+        $this->middleware('guard:standard');
        parent::__construct();
    }

--- a/app/Http/Controllers/Auth/Saml2Controller.php
+++ b/app/Http/Controllers/Auth/Saml2Controller.php
@ -17,16 +17,7 @@ class Saml2Controller extends Controller
    {
        parent::__construct();
        $this->samlService = $samlService;
-
-        // SAML2 access middleware
-        $this->middleware(function ($request, $next) {
-
-            if (config('auth.method') !== 'saml2') {
-                $this->showPermissionError();
-            }
-
-            return $next($request);
-        });
+        $this->middleware('guard:saml2');
    }

    /**
--- a/app/Http/Controllers/Auth/UserInviteController.php
+++ b/app/Http/Controllers/Auth/UserInviteController.php
@ -8,11 +8,9 @@ use BookStack\Exceptions\UserTokenExpiredException;
 use BookStack\Exceptions\UserTokenNotFoundException;
 use BookStack\Http\Controllers\Controller;
 use Exception;
-use Illuminate\Contracts\View\Factory;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Redirector;
-use Illuminate\View\View;

 class UserInviteController extends Controller
 {
@ -21,22 +19,20 @@ class UserInviteController extends Controller

    /**
     * Create a new controller instance.
-     *
-     * @param UserInviteService $inviteService
-     * @param UserRepo $userRepo
     */
    public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
    {
+        $this->middleware('guest');
+        $this->middleware('guard:standard');
+
        $this->inviteService = $inviteService;
        $this->userRepo = $userRepo;
-        $this->middleware('guest');
+
        parent::__construct();
    }

    /**
     * Show the page for the user to set the password for their account.
-     * @param string $token
-     * @return Factory|View|RedirectResponse
     * @throws Exception
     */
    public function showSetPassword(string $token)
@ -54,9 +50,6 @@ class UserInviteController extends Controller

    /**
     * Sets the password for an invited user and then grants them access.
-     * @param Request $request
-     * @param string $token
-     * @return RedirectResponse|Redirector
     * @throws Exception
     */
    public function setPassword(Request $request, string $token)
@ -85,7 +78,6 @@ class UserInviteController extends Controller

    /**
     * Check and validate the exception thrown when checking an invite token.
-     * @param Exception $exception
     * @return RedirectResponse|Redirector
     * @throws Exception
     */