BookStack Code Mirror - bookstack/blobdiff - app/Auth/Access/Saml2Service.php

index c1038e7306b5955b24494e3cd385a2778f52ac5b..4c1fce8643184b476ae5646d0b9855894f3a911a 100644 (file)

--- a/app/Auth/Access/Saml2Service.php

+++ b/app/Auth/Access/Saml2Service.php

@@ -1,11 +1,10 @@

<?php namespace BookStack\Auth\Access;

use BookStack\Auth\User;

-use BookStack\Auth\UserRepo;

use BookStack\Exceptions\JsonDebugException;

use BookStack\Exceptions\SamlException;

+use BookStack\Exceptions\UserRegistrationException;

use Exception;

-use Illuminate\Support\Str;

use OneLogin\Saml2\Auth;

use OneLogin\Saml2\Error;

use OneLogin\Saml2\IdPMetadataParser;

@@ -18,19 +17,15 @@ use OneLogin\Saml2\ValidationError;

class Saml2Service extends ExternalAuthService

{

protected $config;

- protected $userRepo;

- protected $user;

- protected $enabled;

/**

* Saml2Service constructor.

- public function __construct(UserRepo $userRepo, User $user)

+ public function __construct(RegistrationService $registrationService, User $user)

{

+ parent::__construct($registrationService, $user);

$this->config = config('saml2');

- $this->userRepo = $userRepo;

- $this->user = $user;

- $this->enabled = config('saml2.enabled') === true;

}

/**

@@ -80,6 +75,7 @@ class Saml2Service extends ExternalAuthService

* @throws SamlException

* @throws ValidationError

* @throws JsonDebugException

+ * @throws UserRegistrationException

public function processAcsResponse(?string $requestId): ?User

{

@@ -204,7 +200,7 @@ class Saml2Service extends ExternalAuthService

protected function shouldSyncGroups(): bool

{

- return $this->enabled && $this->config['user_to_groups'] !== false;

+ return $this->config['user_to_groups'] !== false;

}

/**

@@ -248,7 +244,7 @@ class Saml2Service extends ExternalAuthService

/**

* Extract the details of a user from a SAML response.

- public function getUserDetails(string $samlID, $samlAttributes): array

+ protected function getUserDetails(string $samlID, $samlAttributes): array

{

$emailAttr = $this->config['email_attribute'];

$externalId = $this->getExternalId($samlAttributes, $samlID);

@@ -310,53 +306,12 @@ class Saml2Service extends ExternalAuthService

return $defaultValue;

}

- /**

- * Register a user that is authenticated but not already registered.

- */

- protected function registerUser(array $userDetails): User

- {

- // Create an array of the user data to create a new user instance

- $userData = [

- 'name' => $userDetails['name'],

- 'email' => $userDetails['email'],

- 'password' => Str::random(32),

- 'external_auth_id' => $userDetails['external_id'],

- 'email_confirmed' => true,

- ];

- $existingUser = $this->user->newQuery()->where('email', '=', $userDetails['email'])->first();

- if ($existingUser) {

- throw new SamlException(trans('errors.saml_email_exists', ['email' => $userDetails['email']]));

- }

- $user = $this->user->forceCreate($userData);

- $this->userRepo->attachDefaultRole($user);

- $this->userRepo->downloadAndAssignUserAvatar($user);

- return $user;

- }

- /**

- * Get the user from the database for the specified details.

- */

- protected function getOrRegisterUser(array $userDetails): ?User

- {

- $isRegisterEnabled = $this->config['auto_register'] === true;

- $user = $this->user

- ->where('external_auth_id', $userDetails['external_id'])

- ->first();

- if ($user === null && $isRegisterEnabled) {

- $user = $this->registerUser($userDetails);

- }

- return $user;

- }

/**

* Process the SAML response for a user. Login the user when

* they exist, optionally registering them automatically.

* @throws SamlException

* @throws JsonDebugException

+ * @throws UserRegistrationException

public function processLoginCallback(string $samlID, array $samlAttributes): User

{