]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Auth/AuthController.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated all application urls to allow path prefix.
[bookstack] / app / Http / Controllers / Auth / AuthController.php
diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php
index eacbe2bb906d7c092ae327f1b6844d3810dd9904..2cbc047ce75621a20029bf31fa7409601cfe1e87 100644 (file)
--- a/app/Http/Controllers/Auth/AuthController.php
+++ b/app/Http/Controllers/Auth/AuthController.php
@@ -1,16 +1,18 @@
-<?php
+<?php namespace BookStack\Http\Controllers\Auth;
 
 
-namespace Oxbow\Http\Controllers\Auth;
-
-use Oxbow\Exceptions\SocialDriverNotConfigured;
-use Oxbow\Exceptions\UserNotFound;
-use Oxbow\Repos\UserRepo;
-use Oxbow\User;
+use BookStack\Exceptions\AuthException;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Http\Request;
+use BookStack\Exceptions\SocialSignInException;
+use BookStack\Exceptions\UserRegistrationException;
+use BookStack\Repos\UserRepo;
+use BookStack\Services\EmailConfirmationService;
+use BookStack\Services\SocialAuthService;
+use BookStack\SocialAccount;
 use Validator;
 use Validator;
-use Oxbow\Http\Controllers\Controller;
+use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ThrottlesLogins;
 use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
 use Illuminate\Foundation\Auth\ThrottlesLogins;
 use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
-use Laravel\Socialite\Contracts\Factory as Socialite;
 
 class AuthController extends Controller
 {
 
 class AuthController extends Controller
 {
@@ -27,149 +29,307 @@ class AuthController extends Controller
 
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;
 
 
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;
 
-    protected $loginPath = '/login';
     protected $redirectPath = '/';
     protected $redirectAfterLogout = '/login';
     protected $redirectPath = '/';
     protected $redirectAfterLogout = '/login';
+    protected $username = 'email';
 
 
-    protected $validSocialDrivers = ['google', 'github'];
-
-    protected $socialite;
+    protected $socialAuthService;
+    protected $emailConfirmationService;
     protected $userRepo;
 
     /**
      * Create a new authentication controller instance.
     protected $userRepo;
 
     /**
      * Create a new authentication controller instance.
-     * @param Socialite $socialite
-     * @param UserRepo  $userRepo
+     * @param SocialAuthService $socialAuthService
+     * @param EmailConfirmationService $emailConfirmationService
+     * @param UserRepo $userRepo
      */
      */
-    public function __construct(Socialite $socialite, UserRepo $userRepo)
+    public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
     {
     {
-        $this->middleware('guest', ['except' => 'getLogout']);
-        $this->socialite = $socialite;
+        $this->middleware('guest', ['only' => ['getLogin', 'postLogin', 'getRegister', 'postRegister']]);
+        $this->socialAuthService = $socialAuthService;
+        $this->emailConfirmationService = $emailConfirmationService;
         $this->userRepo = $userRepo;
         $this->userRepo = $userRepo;
+        $this->redirectPath = baseUrl('/');
+        $this->redirectAfterLogout = baseUrl('/login');
+        $this->username = config('auth.method') === 'standard' ? 'email' : 'username';
+        parent::__construct();
     }
 
     /**
      * Get a validator for an incoming registration request.
     }
 
     /**
      * Get a validator for an incoming registration request.
-     *
      * @param  array $data
      * @return \Illuminate\Contracts\Validation\Validator
      */
     protected function validator(array $data)
     {
         return Validator::make($data, [
      * @param  array $data
      * @return \Illuminate\Contracts\Validation\Validator
      */
     protected function validator(array $data)
     {
         return Validator::make($data, [
-            'name'     => 'required|max:255',
-            'email'    => 'required|email|max:255|unique:users',
-            'password' => 'required|confirmed|min:6',
+            'name' => 'required|max:255',
+            'email' => 'required|email|max:255|unique:users',
+            'password' => 'required|min:6',
         ]);
     }
 
         ]);
     }
 
+    protected function checkRegistrationAllowed()
+    {
+        if (!setting('registration-enabled')) {
+            throw new UserRegistrationException('Registrations are currently disabled.', '/login');
+        }
+    }
+
     /**
     /**
-     * Create a new user instance after a valid registration.
-     *
-     * @param  array $data
-     * @return User
+     * Show the application registration form.
+     * @return \Illuminate\Http\Response
      */
      */
-    protected function create(array $data)
+    public function getRegister()
     {
     {
-        return User::create([
-            'name'     => $data['name'],
-            'email'    => $data['email'],
-            'password' => bcrypt($data['password']),
-        ]);
+        $this->checkRegistrationAllowed();
+        $socialDrivers = $this->socialAuthService->getActiveDrivers();
+        return view('auth.register', ['socialDrivers' => $socialDrivers]);
     }
 
     /**
     }
 
     /**
-     * Show the application login form.
-     *
+     * Handle a registration request for the application.
+     * @param  \Illuminate\Http\Request $request
      * @return \Illuminate\Http\Response
      * @return \Illuminate\Http\Response
+     * @throws UserRegistrationException
      */
      */
-    public function getLogin()
+    public function postRegister(Request $request)
     {
     {
+        $this->checkRegistrationAllowed();
+        $validator = $this->validator($request->all());
 
 
-        if (view()->exists('auth.authenticate')) {
-            return view('auth.authenticate');
+        if ($validator->fails()) {
+            $this->throwValidationException(
+                $request, $validator
+            );
         }
 
         }
 
-        $socialDrivers = $this->getActiveSocialDrivers();
+        $userData = $request->all();
+        return $this->registerUser($userData);
+    }
 
 
-        return view('auth.login', ['socialDrivers' => $socialDrivers]);
+
+    /**
+     * Overrides the action when a user is authenticated.
+     * If the user authenticated but does not exist in the user table we create them.
+     * @param Request $request
+     * @param Authenticatable $user
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws AuthException
+     */
+    protected function authenticated(Request $request, Authenticatable $user)
+    {
+        // Explicitly log them out for now if they do no exist.
+        if (!$user->exists) auth()->logout($user);
+
+        if (!$user->exists && $user->email === null && !$request->has('email')) {
+            $request->flash();
+            session()->flash('request-email', true);
+            return redirect('/login');
+        }
+
+        if (!$user->exists && $user->email === null && $request->has('email')) {
+            $user->email = $request->get('email');
+        }
+
+        if (!$user->exists) {
+
+            // Check for users with same email already
+            $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
+            if ($alreadyUser) {
+                throw new AuthException('A user with the email ' . $user->email . ' already exists but with different credentials.');
+            }
+
+            $user->save();
+            $this->userRepo->attachDefaultRole($user);
+            auth()->login($user);
+        }
+
+        return redirect()->intended($this->redirectPath());
     }
 
     /**
     }
 
     /**
-     * Redirect to the relevant social site.
+     * Register a new user after a registration callback.
      * @param $socialDriver
      * @param $socialDriver
-     * @return \Symfony\Component\HttpFoundation\RedirectResponse
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @throws UserRegistrationException
      */
      */
-    public function getSocialLogin($socialDriver)
+    protected function socialRegisterCallback($socialDriver)
     {
     {
-        $driver = $this->validateSocialDriver($socialDriver);
-        return $this->socialite->driver($driver)->redirect();
+        $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver);
+        $socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser);
+
+        // Create an array of the user data to create a new user instance
+        $userData = [
+            'name' => $socialUser->getName(),
+            'email' => $socialUser->getEmail(),
+            'password' => str_random(30)
+        ];
+        return $this->registerUser($userData, $socialAccount);
     }
 
     /**
     }
 
     /**
-     * The callback for social login services.
-     *
-     * @param $socialDriver
+     * The registrations flow for all users.
+     * @param array $userData
+     * @param bool|false|SocialAccount $socialAccount
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
-     * @throws UserNotFound
+     * @throws UserRegistrationException
+     * @throws \BookStack\Exceptions\ConfirmationEmailException
      */
      */
-    public function socialCallback($socialDriver)
+    protected function registerUser(array $userData, $socialAccount = false)
     {
     {
-        $driver = $this->validateSocialDriver($socialDriver);
-        // Get user details from social driver
-        $socialUser = $this->socialite->driver($driver)->user();
-        $user = $this->userRepo->getByEmail($socialUser->getEmail());
+        if (setting('registration-restrict')) {
+            $restrictedEmailDomains = explode(',', str_replace(' ', '', setting('registration-restrict')));
+            $userEmailDomain = $domain = substr(strrchr($userData['email'], "@"), 1);
+            if (!in_array($userEmailDomain, $restrictedEmailDomains)) {
+                throw new UserRegistrationException('That email domain does not have access to this application', '/register');
+            }
+        }
+
+        $newUser = $this->userRepo->registerNew($userData);
+        if ($socialAccount) {
+            $newUser->socialAccounts()->save($socialAccount);
+        }
 
 
-        // Redirect if the email is not a current user.
-        if ($user === null) {
-            throw new UserNotFound('A user with the email ' . $socialUser->getEmail() . ' was not found.', '/login');
+        if (setting('registration-confirmation') || setting('registration-restrict')) {
+            $newUser->save();
+            $this->emailConfirmationService->sendConfirmation($newUser);
+            return redirect('/register/confirm');
         }
 
         }
 
-        \Auth::login($user, true);
+        auth()->login($newUser);
+        session()->flash('success', 'Thanks for signing up! You are now registered and signed in.');
+        return redirect($this->redirectPath());
+    }
+
+    /**
+     * Show the page to tell the user to check their email
+     * and confirm their address.
+     */
+    public function getRegisterConfirmation()
+    {
+        return view('auth/register-confirm');
+    }
+
+    /**
+     * View the confirmation email as a standard web page.
+     * @param $token
+     * @return \Illuminate\View\View
+     * @throws UserRegistrationException
+     */
+    public function viewConfirmEmail($token)
+    {
+        $confirmation = $this->emailConfirmationService->getEmailConfirmationFromToken($token);
+        return view('emails/email-confirmation', ['token' => $confirmation->token]);
+    }
+
+    /**
+     * Confirms an email via a token and logs the user into the system.
+     * @param $token
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @throws UserRegistrationException
+     */
+    public function confirmEmail($token)
+    {
+        $confirmation = $this->emailConfirmationService->getEmailConfirmationFromToken($token);
+        $user = $confirmation->user;
+        $user->email_confirmed = true;
+        $user->save();
+        auth()->login($confirmation->user);
+        session()->flash('success', 'Your email has been confirmed!');
+        $this->emailConfirmationService->deleteConfirmationsByUser($user);
         return redirect($this->redirectPath);
     }
 
     /**
         return redirect($this->redirectPath);
     }
 
     /**
-     * Ensure the social driver is correct and supported.
-     *
-     * @param $socialDriver
-     * @return string
-     * @throws SocialDriverNotConfigured
+     * Shows a notice that a user's email address has not been confirmed,
+     * Also has the option to re-send the confirmation email.
+     * @return \Illuminate\View\View
+     */
+    public function showAwaitingConfirmation()
+    {
+        return view('auth/user-unconfirmed');
+    }
+
+    /**
+     * Resend the confirmation email
+     * @param Request $request
+     * @return \Illuminate\View\View
      */
      */
-    protected function validateSocialDriver($socialDriver)
+    public function resendConfirmation(Request $request)
     {
     {
-        $driver = trim(strtolower($socialDriver));
+        $this->validate($request, [
+            'email' => 'required|email|exists:users,email'
+        ]);
+        $user = $this->userRepo->getByEmail($request->get('email'));
+        $this->emailConfirmationService->sendConfirmation($user);
+        session()->flash('success', 'Confirmation email resent, Please check your inbox.');
+        return redirect('/register/confirm');
+    }
 
 
-        if (!in_array($driver, $this->validSocialDrivers)) abort(404, 'Social Driver Not Found');
-        if(!$this->checkSocialDriverConfigured($driver)) throw new SocialDriverNotConfigured;
+    /**
+     * Show the application login form.
+     * @return \Illuminate\Http\Response
+     */
+    public function getLogin()
+    {
+        $socialDrivers = $this->socialAuthService->getActiveDrivers();
+        $authMethod = config('auth.method');
+        return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
+    }
 
 
-        return $driver;
+    /**
+     * Redirect to the relevant social site.
+     * @param $socialDriver
+     * @return \Symfony\Component\HttpFoundation\RedirectResponse
+     */
+    public function getSocialLogin($socialDriver)
+    {
+        session()->put('social-callback', 'login');
+        return $this->socialAuthService->startLogIn($socialDriver);
     }
 
     /**
     }
 
     /**
-     * Check a social driver has been configured correctly.
-     * @param $driver
-     * @return bool
+     * Redirect to the social site for authentication intended to register.
+     * @param $socialDriver
+     * @return mixed
      */
      */
-    protected function checkSocialDriverConfigured($driver)
+    public function socialRegister($socialDriver)
     {
     {
-        $upperName = strtoupper($driver);
-        $config = [env($upperName . '_APP_ID', false), env($upperName . '_APP_SECRET', false), env('APP_URL', false)];
-        return (!in_array(false, $config) && !in_array(null, $config));
+        $this->checkRegistrationAllowed();
+        session()->put('social-callback', 'register');
+        return $this->socialAuthService->startRegister($socialDriver);
     }
 
     /**
     }
 
     /**
-     * Gets the names of the active social drivers.
-     * @return array
+     * The callback for social login services.
+     * @param $socialDriver
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @throws SocialSignInException
      */
      */
-    protected function getActiveSocialDrivers()
+    public function socialCallback($socialDriver)
     {
     {
-        $activeDrivers = [];
-        foreach($this->validSocialDrivers as $driverName) {
-            if($this->checkSocialDriverConfigured($driverName)) {
-                $activeDrivers[$driverName] = true;
+        if (session()->has('social-callback')) {
+            $action = session()->pull('social-callback');
+            if ($action == 'login') {
+                return $this->socialAuthService->handleLoginCallback($socialDriver);
+            } elseif ($action == 'register') {
+                return $this->socialRegisterCallback($socialDriver);
             }
             }
+        } else {
+            throw new SocialSignInException('No action defined', '/login');
         }
         }
-        return $activeDrivers;
+        return redirect()->back();
     }
     }
+
+    /**
+     * Detach a social account from a user.
+     * @param $socialDriver
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     */
+    public function detachSocialAccount($socialDriver)
+    {
+        return $this->socialAuthService->detachSocialAccount($socialDriver);
+    }
+
 }
 }
The core source code for the BookStack project.