]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Auth/AuthController.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated all application urls to allow path prefix.
[bookstack] / app / Http / Controllers / Auth / AuthController.php
diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php
index 507322c3dad3ebf107570110dd9e423022f7d1ef..2cbc047ce75621a20029bf31fa7409601cfe1e87 100644 (file)
--- a/app/Http/Controllers/Auth/AuthController.php
+++ b/app/Http/Controllers/Auth/AuthController.php
@@ -1,7 +1,7 @@
-<?php
-
-namespace BookStack\Http\Controllers\Auth;
+<?php namespace BookStack\Http\Controllers\Auth;
 
 
+use BookStack\Exceptions\AuthException;
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Http\Request;
 use BookStack\Exceptions\SocialSignInException;
 use BookStack\Exceptions\UserRegistrationException;
 use Illuminate\Http\Request;
 use BookStack\Exceptions\SocialSignInException;
 use BookStack\Exceptions\UserRegistrationException;
@@ -29,9 +29,9 @@ class AuthController extends Controller
 
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;
 
 
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;
 
-    protected $loginPath = '/login';
     protected $redirectPath = '/';
     protected $redirectAfterLogout = '/login';
     protected $redirectPath = '/';
     protected $redirectAfterLogout = '/login';
+    protected $username = 'email';
 
     protected $socialAuthService;
     protected $emailConfirmationService;
 
     protected $socialAuthService;
     protected $emailConfirmationService;
@@ -39,9 +39,9 @@ class AuthController extends Controller
 
     /**
      * Create a new authentication controller instance.
 
     /**
      * Create a new authentication controller instance.
-     * @param SocialAuthService        $socialAuthService
+     * @param SocialAuthService $socialAuthService
      * @param EmailConfirmationService $emailConfirmationService
      * @param EmailConfirmationService $emailConfirmationService
-     * @param UserRepo                 $userRepo
+     * @param UserRepo $userRepo
      */
     public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
     {
      */
     public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
     {
@@ -49,6 +49,9 @@ class AuthController extends Controller
         $this->socialAuthService = $socialAuthService;
         $this->emailConfirmationService = $emailConfirmationService;
         $this->userRepo = $userRepo;
         $this->socialAuthService = $socialAuthService;
         $this->emailConfirmationService = $emailConfirmationService;
         $this->userRepo = $userRepo;
+        $this->redirectPath = baseUrl('/');
+        $this->redirectAfterLogout = baseUrl('/login');
+        $this->username = config('auth.method') === 'standard' ? 'email' : 'username';
         parent::__construct();
     }
 
         parent::__construct();
     }
 
@@ -60,15 +63,15 @@ class AuthController extends Controller
     protected function validator(array $data)
     {
         return Validator::make($data, [
     protected function validator(array $data)
     {
         return Validator::make($data, [
-            'name'     => 'required|max:255',
-            'email'    => 'required|email|max:255|unique:users',
+            'name' => 'required|max:255',
+            'email' => 'required|email|max:255|unique:users',
             'password' => 'required|min:6',
         ]);
     }
 
     protected function checkRegistrationAllowed()
     {
             'password' => 'required|min:6',
         ]);
     }
 
     protected function checkRegistrationAllowed()
     {
-        if (!\Setting::get('registration-enabled')) {
+        if (!setting('registration-enabled')) {
             throw new UserRegistrationException('Registrations are currently disabled.', '/login');
         }
     }
             throw new UserRegistrationException('Registrations are currently disabled.', '/login');
         }
     }
@@ -105,6 +108,46 @@ class AuthController extends Controller
         return $this->registerUser($userData);
     }
 
         return $this->registerUser($userData);
     }
 
+
+    /**
+     * Overrides the action when a user is authenticated.
+     * If the user authenticated but does not exist in the user table we create them.
+     * @param Request $request
+     * @param Authenticatable $user
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws AuthException
+     */
+    protected function authenticated(Request $request, Authenticatable $user)
+    {
+        // Explicitly log them out for now if they do no exist.
+        if (!$user->exists) auth()->logout($user);
+
+        if (!$user->exists && $user->email === null && !$request->has('email')) {
+            $request->flash();
+            session()->flash('request-email', true);
+            return redirect('/login');
+        }
+
+        if (!$user->exists && $user->email === null && $request->has('email')) {
+            $user->email = $request->get('email');
+        }
+
+        if (!$user->exists) {
+
+            // Check for users with same email already
+            $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
+            if ($alreadyUser) {
+                throw new AuthException('A user with the email ' . $user->email . ' already exists but with different credentials.');
+            }
+
+            $user->save();
+            $this->userRepo->attachDefaultRole($user);
+            auth()->login($user);
+        }
+
+        return redirect()->intended($this->redirectPath());
+    }
+
     /**
      * Register a new user after a registration callback.
      * @param $socialDriver
     /**
      * Register a new user after a registration callback.
      * @param $socialDriver
@@ -118,8 +161,8 @@ class AuthController extends Controller
 
         // Create an array of the user data to create a new user instance
         $userData = [
 
         // Create an array of the user data to create a new user instance
         $userData = [
-            'name'     => $socialUser->getName(),
-            'email'    => $socialUser->getEmail(),
+            'name' => $socialUser->getName(),
+            'email' => $socialUser->getEmail(),
             'password' => str_random(30)
         ];
         return $this->registerUser($userData, $socialAccount);
             'password' => str_random(30)
         ];
         return $this->registerUser($userData, $socialAccount);
@@ -127,7 +170,7 @@ class AuthController extends Controller
 
     /**
      * The registrations flow for all users.
 
     /**
      * The registrations flow for all users.
-     * @param array                    $userData
+     * @param array $userData
      * @param bool|false|SocialAccount $socialAccount
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      * @throws UserRegistrationException
      * @param bool|false|SocialAccount $socialAccount
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      * @throws UserRegistrationException
@@ -135,8 +178,8 @@ class AuthController extends Controller
      */
     protected function registerUser(array $userData, $socialAccount = false)
     {
      */
     protected function registerUser(array $userData, $socialAccount = false)
     {
-        if (\Setting::get('registration-restrict')) {
-            $restrictedEmailDomains = explode(',', str_replace(' ', '', \Setting::get('registration-restrict')));
+        if (setting('registration-restrict')) {
+            $restrictedEmailDomains = explode(',', str_replace(' ', '', setting('registration-restrict')));
             $userEmailDomain = $domain = substr(strrchr($userData['email'], "@"), 1);
             if (!in_array($userEmailDomain, $restrictedEmailDomains)) {
                 throw new UserRegistrationException('That email domain does not have access to this application', '/register');
             $userEmailDomain = $domain = substr(strrchr($userData['email'], "@"), 1);
             if (!in_array($userEmailDomain, $restrictedEmailDomains)) {
                 throw new UserRegistrationException('That email domain does not have access to this application', '/register');
@@ -148,8 +191,7 @@ class AuthController extends Controller
             $newUser->socialAccounts()->save($socialAccount);
         }
 
             $newUser->socialAccounts()->save($socialAccount);
         }
 
-        if (\Setting::get('registration-confirmation') || \Setting::get('registration-restrict')) {
-            $newUser->email_confirmed = false;
+        if (setting('registration-confirmation') || setting('registration-restrict')) {
             $newUser->save();
             $this->emailConfirmationService->sendConfirmation($newUser);
             return redirect('/register/confirm');
             $newUser->save();
             $this->emailConfirmationService->sendConfirmation($newUser);
             return redirect('/register/confirm');
@@ -161,7 +203,7 @@ class AuthController extends Controller
     }
 
     /**
     }
 
     /**
-     * Show the page to tell the user to check thier email
+     * Show the page to tell the user to check their email
      * and confirm their address.
      */
     public function getRegisterConfirmation()
      * and confirm their address.
      */
     public function getRegisterConfirmation()
@@ -169,6 +211,18 @@ class AuthController extends Controller
         return view('auth/register-confirm');
     }
 
         return view('auth/register-confirm');
     }
 
+    /**
+     * View the confirmation email as a standard web page.
+     * @param $token
+     * @return \Illuminate\View\View
+     * @throws UserRegistrationException
+     */
+    public function viewConfirmEmail($token)
+    {
+        $confirmation = $this->emailConfirmationService->getEmailConfirmationFromToken($token);
+        return view('emails/email-confirmation', ['token' => $confirmation->token]);
+    }
+
     /**
      * Confirms an email via a token and logs the user into the system.
      * @param $token
     /**
      * Confirms an email via a token and logs the user into the system.
      * @param $token
@@ -209,7 +263,7 @@ class AuthController extends Controller
         ]);
         $user = $this->userRepo->getByEmail($request->get('email'));
         $this->emailConfirmationService->sendConfirmation($user);
         ]);
         $user = $this->userRepo->getByEmail($request->get('email'));
         $this->emailConfirmationService->sendConfirmation($user);
-        \Session::flash('success', 'Confirmation email resent, Please check your inbox.');
+        session()->flash('success', 'Confirmation email resent, Please check your inbox.');
         return redirect('/register/confirm');
     }
 
         return redirect('/register/confirm');
     }
 
@@ -219,13 +273,9 @@ class AuthController extends Controller
      */
     public function getLogin()
     {
      */
     public function getLogin()
     {
-
-        if (view()->exists('auth.authenticate')) {
-            return view('auth.authenticate');
-        }
-
         $socialDrivers = $this->socialAuthService->getActiveDrivers();
         $socialDrivers = $this->socialAuthService->getActiveDrivers();
-        return view('auth.login', ['socialDrivers' => $socialDrivers]);
+        $authMethod = config('auth.method');
+        return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
     }
 
     /**
     }
 
     /**
@@ -240,7 +290,7 @@ class AuthController extends Controller
     }
 
     /**
     }
 
     /**
-     * Redirect to the social site for authentication initended to register.
+     * Redirect to the social site for authentication intended to register.
      * @param $socialDriver
      * @return mixed
      */
      * @param $socialDriver
      * @return mixed
      */
The core source code for the BookStack project.