Added files missed in previous commit

2025-06-02 15:35:18 +08:00 · 2020-02-02 10:59:03 +00:00
parent 3470a6a140
commit e743cd3f60
21 changed files with 139 additions and 229 deletions
--- a/app/Auth/Access/Guards/ExternalBaseSessionGuard.php
+++ b/app/Auth/Access/Guards/ExternalBaseSessionGuard.php
@ -2,6 +2,10 @@

 namespace BookStack\Auth\Access\Guards;

+use BookStack\Auth\User;
+use BookStack\Auth\UserRepo;
+use BookStack\Exceptions\LoginAttemptEmailNeededException;
+use BookStack\Exceptions\LoginAttemptException;
 use Illuminate\Auth\GuardHelpers;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Contracts\Auth\StatefulGuard;
@ -51,21 +55,24 @@ class ExternalBaseSessionGuard implements StatefulGuard
     */
    protected $loggedOut = false;

+    /**
+     * Repository to perform user-specific actions.
+     *
+     * @var UserRepo
+     */
+    protected $userRepo;
+
    /**
     * Create a new authentication guard.
     *
-     * @param  string  $name
-     * @param  \Illuminate\Contracts\Auth\UserProvider  $provider
-     * @param  \Illuminate\Contracts\Session\Session  $session
     * @return void
     */
-    public function __construct($name,
-        UserProvider $provider,
-        Session $session)
+    public function __construct(string $name, UserProvider $provider, Session $session, UserRepo $userRepo)
    {
        $this->name = $name;
        $this->session = $session;
        $this->provider = $provider;
+        $this->userRepo = $userRepo;
    }

    /**
--- a/app/Auth/Access/Guards/LdapSessionGuard.php
+++ b/app/Auth/Access/Guards/LdapSessionGuard.php
@ -15,7 +15,6 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
 {

    protected $ldapService;
-    protected $userRepo;

    /**
     * LdapSessionGuard constructor.
@ -28,8 +27,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
    )
    {
        $this->ldapService = $ldapService;
-        $this->userRepo = $userRepo;
-        parent::__construct($name, $provider, $session);
+        parent::__construct($name, $provider, $session, $userRepo);
    }

    /**
--- a/app/Auth/Access/Guards/Saml2SessionGuard.php
+++ b/app/Auth/Access/Guards/Saml2SessionGuard.php
@ -2,49 +2,27 @@

 namespace BookStack\Auth\Access\Guards;

-use BookStack\Auth\Access\LdapService;
-use BookStack\Auth\User;
-use BookStack\Auth\UserRepo;
-use BookStack\Exceptions\LdapException;
-use BookStack\Exceptions\LoginAttemptException;
-use BookStack\Exceptions\LoginAttemptEmailNeededException;
-use Illuminate\Contracts\Auth\UserProvider;
-use Illuminate\Contracts\Session\Session;
-
-class LdapSessionGuard extends ExternalBaseSessionGuard
+/**
+ * Saml2 Session Guard
+ *
+ * The saml2 login process is async in nature meaning it does not fit very well
+ * into the default laravel 'Guard' auth flow. Instead most of the logic is done
+ * via the Saml2 controller & Saml2Service. This class provides a safer, thin
+ * version of SessionGuard.
+ *
+ * @package BookStack\Auth\Access\Guards
+ */
+class Saml2SessionGuard extends ExternalBaseSessionGuard
 {
-
-    protected $ldapService;
-
-    /**
-     * LdapSessionGuard constructor.
-     */
-    public function __construct($name,
-        UserProvider $provider,
-        Session $session,
-        LdapService $ldapService,
-        UserRepo $userRepo
-    )
-    {
-        $this->ldapService = $ldapService;
-        parent::__construct($name, $provider, $session, $userRepo);
-    }
-
    /**
     * Validate a user's credentials.
     *
     * @param array $credentials
     * @return bool
-     * @throws LdapException
     */
    public function validate(array $credentials = [])
    {
-        $userDetails = $this->ldapService->getUserDetails($credentials['username']);
-        $this->lastAttempted = $this->provider->retrieveByCredentials([
-            'external_auth_id' => $userDetails['uid']
-        ]);
-
-        return $this->ldapService->validateUserCredentials($userDetails, $credentials['username'], $credentials['password']);
+        return false;
    }

    /**
@ -53,51 +31,10 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
     * @param array $credentials
     * @param bool $remember
     * @return bool
-     * @throws LoginAttemptEmailNeededException
-     * @throws LoginAttemptException
-     * @throws LdapException
     */
    public function attempt(array $credentials = [], $remember = false)
    {
-        $username = $credentials['username'];
-        $userDetails = $this->ldapService->getUserDetails($username);
-        $this->lastAttempted = $user = $this->provider->retrieveByCredentials([
-            'external_auth_id' => $userDetails['uid']
-        ]);
-
-        if (!$this->ldapService->validateUserCredentials($userDetails, $username, $credentials['password'])) {
-            return false;
-        }
-
-        if (is_null($user)) {
-            $user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
-        }
-
-        $this->checkForUserEmail($user, $credentials['email'] ?? '');
-        $this->saveIfNew($user);
-
-        // Sync LDAP groups if required
-        if ($this->ldapService->shouldSyncGroups()) {
-            $this->ldapService->syncGroups($user, $username);
-        }
-
-        $this->login($user, $remember);
-        return true;
-    }
-
-    /**
-     * Create a fresh user instance from details provided by a LDAP lookup.
-     */
-    protected function freshUserInstanceFromLdapUserDetails(array $ldapUserDetails): User
-    {
-        $user = new User();
-
-        $user->name = $ldapUserDetails['name'];
-        $user->external_auth_id = $ldapUserDetails['uid'];
-        $user->email = $ldapUserDetails['email'];
-        $user->email_confirmed = false;
-
-        return $user;
+        return false;
    }

 }