X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/12a9a45747f3ce3ff58464cd7ccb88f2c42438e8..refs/pull/2416/head:/app/Http/Controllers/Auth/LoginController.php diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 75ade74e7..1252e6217 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -2,10 +2,11 @@ namespace BookStack\Http\Controllers\Auth; +use Activity; +use BookStack\Actions\ActivityType; use BookStack\Auth\Access\SocialAuthService; use BookStack\Exceptions\LoginAttemptEmailNeededException; use BookStack\Exceptions\LoginAttemptException; -use BookStack\Exceptions\UserRegistrationException; use BookStack\Http\Controllers\Controller; use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Http\Request; @@ -45,7 +46,6 @@ class LoginController extends Controller $this->socialAuthService = $socialAuthService; $this->redirectPath = url('/'); $this->redirectAfterLogout = url('/http/source.bookstackapp.com/login'); - parent::__construct(); } public function username() @@ -76,6 +76,15 @@ class LoginController extends Controller ]); } + // Store the previous location for redirect after login + $previous = url()->previous(''); + if ($previous && $previous !== url('/http/source.bookstackapp.com/login') && setting('app-public')) { + $isPreviousFromInstance = (strpos($previous, url('/')) === 0); + if ($isPreviousFromInstance) { + redirect()->setIntendedUrl($previous); + } + } + return view('auth.login', [ 'socialDrivers' => $socialDrivers, 'authMethod' => $authMethod, @@ -93,6 +102,7 @@ class LoginController extends Controller public function login(Request $request) { $this->validateLogin($request); + $username = $request->get($this->username()); // If the class is using the ThrottlesLogins trait, we can automatically throttle // the login attempts for this application. We'll key this by the username and @@ -101,9 +111,7 @@ class LoginController extends Controller $this->hasTooManyLoginAttempts($request)) { $this->fireLockoutEvent($request); - // Also log some error message - $this->logFailedAccess($request); - + Activity::logFailedLogin($username); return $this->sendLockoutResponse($request); } @@ -112,6 +120,7 @@ class LoginController extends Controller return $this->sendLoginResponse($request); } } catch (LoginAttemptException $exception) { + Activity::logFailedLogin($username); return $this->sendLoginAttemptExceptionResponse($exception, $request); } @@ -120,12 +129,31 @@ class LoginController extends Controller // user surpasses their maximum number of attempts they will get locked out. $this->incrementLoginAttempts($request); - // Also log some error message - $this->logFailedAccess($request); - + Activity::logFailedLogin($username); return $this->sendFailedLoginResponse($request); } + /** + * The user has been authenticated. + * + * @param \Illuminate\Http\Request $request + * @param mixed $user + * @return mixed + */ + protected function authenticated(Request $request, $user) + { + // Authenticate on all session guards if a likely admin + if ($user->can('users-manage') && $user->can('user-roles-manage')) { + $guards = ['standard', 'ldap', 'saml2']; + foreach ($guards as $guard) { + auth($guard)->login($user); + } + } + + $this->logActivity(ActivityType::AUTH_LOGIN, $user); + return redirect()->intended($this->redirectPath()); + } + /** * Validate the user login request. * @@ -168,16 +196,4 @@ class LoginController extends Controller return redirect('/login'); } - /** - * Log failed accesses, matching the default fail2ban nginx/apache auth rules. - */ - protected function logFailedAccess(Request $request) - { - if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) { - error_log('user "' . $request->get($this->username()) . '" was not found in "BookStack"', 4); - } else { - error_log('user "' . $request->get($this->username()) . '" authentication failure for "BookStack"', 4); - } - } - }