X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/1c43602f4bed60a84f47735ca8bc4a399018e013..refs/pull/3391/head:/app/Auth/Access/LdapService.php

diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
index 7bfdb5328..2540fe2d8 100644
--- a/app/Auth/Access/LdapService.php
+++ b/app/Auth/Access/LdapService.php
@@ -13,31 +13,36 @@ use Illuminate\Support\Facades\Log;
  * Class LdapService
  * Handles any app-specific LDAP tasks.
  */
-class LdapService extends ExternalAuthService
+class LdapService
 {
-    protected $ldap;
+    protected Ldap $ldap;
+    protected GroupSyncService $groupSyncService;
+    protected UserAvatars $userAvatars;
+
+    /**
+     * @var resource
+     */
     protected $ldapConnection;
-    protected $userAvatars;
-    protected $config;
-    protected $enabled;
+
+    protected array $config;
+    protected bool $enabled;
 
     /**
      * LdapService constructor.
      */
-    public function __construct(Ldap $ldap, UserAvatars $userAvatars)
+    public function __construct(Ldap $ldap, UserAvatars $userAvatars, GroupSyncService $groupSyncService)
     {
         $this->ldap = $ldap;
         $this->userAvatars = $userAvatars;
+        $this->groupSyncService = $groupSyncService;
         $this->config = config('services.ldap');
         $this->enabled = config('auth.method') === 'ldap';
     }
 
     /**
      * Check if groups should be synced.
-     *
-     * @return bool
      */
-    public function shouldSyncGroups()
+    public function shouldSyncGroups(): bool
     {
         return $this->enabled && $this->config['user_to_groups'] !== false;
     }
@@ -165,7 +170,7 @@ class LdapService extends ExternalAuthService
      * Bind the system user to the LDAP connection using the given credentials
      * otherwise anonymous access is attempted.
      *
-     * @param $connection
+     * @param resource $connection
      *
      * @throws LdapException
      */
@@ -274,6 +279,7 @@ class LdapService extends ExternalAuthService
      * Get the groups a user is a part of on ldap.
      *
      * @throws LdapException
+     * @throws JsonDebugException
      */
     public function getUserGroups(string $userName): array
     {
@@ -285,9 +291,17 @@ class LdapService extends ExternalAuthService
         }
 
         $userGroups = $this->groupFilter($user);
-        $userGroups = $this->getGroupsRecursive($userGroups, []);
+        $allGroups = $this->getGroupsRecursive($userGroups, []);
+
+        if ($this->config['dump_user_groups']) {
+            throw new JsonDebugException([
+                'details_from_ldap'             => $user,
+                'parsed_direct_user_groups'     => $userGroups,
+                'parsed_recursive_user_groups'  => $allGroups,
+            ]);
+        }
 
-        return $userGroups;
+        return $allGroups;
     }
 
     /**
@@ -370,11 +384,12 @@ class LdapService extends ExternalAuthService
      * Sync the LDAP groups to the user roles for the current user.
      *
      * @throws LdapException
+     * @throws JsonDebugException
      */
     public function syncGroups(User $user, string $username)
     {
         $userLdapGroups = $this->getUserGroups($username);
-        $this->syncWithGroups($user, $userLdapGroups);
+        $this->groupSyncService->syncUserWithFoundGroups($user, $userLdapGroups, $this->config['remove_from_groups']);
     }
 
     /**