BookStack Code Mirror - bookstack/blobdiff - app/Auth/Access/LoginService.php

index f6ea7517f75c65bd3a66cfe499ec3c02a4344594..f41570417ef7f4594495a042e9834eda69adbb7d 100644 (file)

--- a/app/Auth/Access/LoginService.php

+++ b/app/Auth/Access/LoginService.php

@@ -10,18 +10,18 @@ use BookStack\Facades\Activity;

use BookStack\Facades\Theme;

use BookStack\Theming\ThemeEvents;

use Exception;

use BookStack\Facades\Theme;

use BookStack\Theming\ThemeEvents;

use Exception;

-use phpDocumentor\Reflection\DocBlock\Tags\Method;

class LoginService

{

class LoginService

{

protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted';

protected $mfaSession;

protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted';

protected $mfaSession;

+ protected $emailConfirmationService;

- public function __construct(MfaSession $mfaSession)

+ public function __construct(MfaSession $mfaSession, EmailConfirmationService $emailConfirmationService)

{

$this->mfaSession = $mfaSession;

{

$this->mfaSession = $mfaSession;

+ $this->emailConfirmationService = $emailConfirmationService;

}

/**

}

/**

@@ -29,32 +29,25 @@ class LoginService

* Will start a login of the given user but will prevent if there's

* a reason to (MFA or Unconfirmed Email).

* Returns a boolean to indicate the current login result.

* Will start a login of the given user but will prevent if there's

* a reason to (MFA or Unconfirmed Email).

* Returns a boolean to indicate the current login result.

+ *

* @throws StoppedAuthenticationException

- public function login(User $user, string $method): void

+ public function login(User $user, string $method, bool $remember = false): void

{

if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) {

{

if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) {

- $this->setLastLoginAttemptedForUser($user, $method);

- throw new StoppedAuthenticationException($user, $this);

- // TODO - Does 'remember' still work? Probably not right now.

- // TODO - Need to clear MFA sessions out upon logout

+ $this->setLastLoginAttemptedForUser($user, $method, $remember);

- // Old MFA middleware todos:

- // TODO - Handle email confirmation handling

- // Left BookStack\Http\Middleware\Authenticate@emailConfirmationErrorResponse in which needs

- // be removed as an example of old behaviour.

+ throw new StoppedAuthenticationException($user, $this);

}

$this->clearLastLoginAttempted();

}

$this->clearLastLoginAttempted();

- auth()->login($user);

+ auth()->login($user, $remember);

Activity::add(ActivityType::AUTH_LOGIN, "{$method}; {$user->logDescriptor()}");

Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user);

// Authenticate on all session guards if a likely admin

if ($user->can('users-manage') && $user->can('user-roles-manage')) {

Activity::add(ActivityType::AUTH_LOGIN, "{$method}; {$user->logDescriptor()}");

Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user);

// Authenticate on all session guards if a likely admin

if ($user->can('users-manage') && $user->can('user-roles-manage')) {

- $guards = ['standard', 'ldap', 'saml2'];

+ $guards = ['standard', 'ldap', 'saml2', 'oidc'];

foreach ($guards as $guard) {

auth($guard)->login($user);

}

foreach ($guards as $guard) {

auth($guard)->login($user);

}

@@ -63,6 +56,7 @@ class LoginService

/**

* Reattempt a system login after a previous stopped attempt.

/**

* Reattempt a system login after a previous stopped attempt.

+ *

* @throws Exception

public function reattemptLoginFor(User $user)

* @throws Exception

public function reattemptLoginFor(User $user)

@@ -71,7 +65,8 @@ class LoginService

throw new Exception('Login reattempt user does align with current session state');

}

throw new Exception('Login reattempt user does align with current session state');

}

- $this->login($user, $this->getLastLoginAttemptMethod());

+ $lastLoginDetails = $this->getLastLoginAttemptDetails();

+ $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember'] ?? false);

}

/**

}

/**

@@ -82,21 +77,15 @@ class LoginService

public function getLastLoginAttemptUser(): ?User

{

$id = $this->getLastLoginAttemptDetails()['user_id'];

public function getLastLoginAttemptUser(): ?User

{

$id = $this->getLastLoginAttemptDetails()['user_id'];

- return User::query()->where('id', '=', $id)->first();

- }

- /**

- * Get the method for the last login attempt.

- */

- protected function getLastLoginAttemptMethod(): ?string

- {

- return $this->getLastLoginAttemptDetails()['method'];

+ return User::query()->where('id', '=', $id)->first();

}

/**

* Get the details of the last login attempt.

* Checks upon a ttl of about 1 hour since that last attempted login.

}

/**

* Get the details of the last login attempt.

* Checks upon a ttl of about 1 hour since that last attempted login.

- * @return array{user_id: ?string, method: ?string}

+ *

+ * @return array{user_id: ?string, method: ?string, remember: bool}

protected function getLastLoginAttemptDetails(): array

{

protected function getLastLoginAttemptDetails(): array

{

@@ -105,14 +94,15 @@ class LoginService

return ['user_id' => null, 'method' => null];

}

return ['user_id' => null, 'method' => null];

}

- [$id, $method, $time] = explode(':', $value);

- $hourAgo = time() - (60*60);

+ [$id, $method, $remember, $time] = explode(':', $value);

+ $hourAgo = time() - (60 * 60);

if ($time < $hourAgo) {

$this->clearLastLoginAttempted();

if ($time < $hourAgo) {

$this->clearLastLoginAttempted();

return ['user_id' => null, 'method' => null];

}

return ['user_id' => null, 'method' => null];

}

- return ['user_id' => $id, 'method' => $method];

+ return ['user_id' => $id, 'method' => $method, 'remember' => boolval($remember)];

}

/**

}

/**

@@ -120,11 +110,11 @@ class LoginService

* Must be only used when credentials are correct and a login could be

* achieved but a secondary factor has stopped the login.

* Must be only used when credentials are correct and a login could be

* achieved but a secondary factor has stopped the login.

- protected function setLastLoginAttemptedForUser(User $user, string $method)

+ protected function setLastLoginAttemptedForUser(User $user, string $method, bool $remember)

{

session()->put(

self::LAST_LOGIN_ATTEMPTED_SESSION_KEY,

{

session()->put(

self::LAST_LOGIN_ATTEMPTED_SESSION_KEY,

- implode(':', [$user->id, $method, time()])

+ implode(':', [$user->id, $method, $remember, time()])

);

}

);

}

@@ -149,8 +139,7 @@ class LoginService

public function awaitingEmailConfirmation(User $user): bool

{

public function awaitingEmailConfirmation(User $user): bool

{

- $requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict'));

- return $requireConfirmation && !$user->email_confirmed;

+ return $this->emailConfirmationService->confirmationRequired() && !$user->email_confirmed;

}

/**

}

/**

@@ -167,10 +156,9 @@ class LoginService

if ($result) {

$user = auth()->user();

auth()->logout();

if ($result) {

$user = auth()->user();

auth()->logout();

- $this->login($user, $method);

+ $this->login($user, $method, $remember);

}

return $result;

}

return $result;

}

\ No newline at end of file