X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3298/head:/app/Auth/Access/Guards/LdapSessionGuard.php

diff --git a/app/Auth/Access/Guards/LdapSessionGuard.php b/app/Auth/Access/Guards/LdapSessionGuard.php
index 652141c0c..5a902af76 100644
--- a/app/Auth/Access/Guards/LdapSessionGuard.php
+++ b/app/Auth/Access/Guards/LdapSessionGuard.php
@@ -5,31 +5,28 @@ namespace BookStack\Auth\Access\Guards;
 use BookStack\Auth\Access\LdapService;
 use BookStack\Auth\Access\RegistrationService;
 use BookStack\Auth\User;
-use BookStack\Auth\UserRepo;
 use BookStack\Exceptions\LdapException;
-use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
+use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Exceptions\UserRegistrationException;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Contracts\Session\Session;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Str;
 
 class LdapSessionGuard extends ExternalBaseSessionGuard
 {
-
     protected $ldapService;
 
     /**
      * LdapSessionGuard constructor.
      */
-    public function __construct($name,
+    public function __construct(
+        $name,
         UserProvider $provider,
         Session $session,
         LdapService $ldapService,
         RegistrationService $registrationService
-    )
-    {
+    ) {
         $this->ldapService = $ldapService;
         parent::__construct($name, $provider, $session, $registrationService);
     }
@@ -38,8 +35,10 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
      * Validate a user's credentials.
      *
      * @param array $credentials
-     * @return bool
+     *
      * @throws LdapException
+     *
+     * @return bool
      */
     public function validate(array $credentials = [])
     {
@@ -47,7 +46,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
 
         if (isset($userDetails['uid'])) {
             $this->lastAttempted = $this->provider->retrieveByCredentials([
-                'external_auth_id' => $userDetails['uid']
+                'external_auth_id' => $userDetails['uid'],
             ]);
         }
 
@@ -58,10 +57,12 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
      * Attempt to authenticate a user using the given credentials.
      *
      * @param array $credentials
-     * @param bool $remember
-     * @return bool
+     * @param bool  $remember
+     *
      * @throws LoginAttemptException
      * @throws LdapException
+     *
+     * @return bool
      */
     public function attempt(array $credentials = [], $remember = false)
     {
@@ -71,7 +72,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
         $user = null;
         if (isset($userDetails['uid'])) {
             $this->lastAttempted = $user = $this->provider->retrieveByCredentials([
-                'external_auth_id' => $userDetails['uid']
+                'external_auth_id' => $userDetails['uid'],
             ]);
         }
 
@@ -83,7 +84,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
             try {
                 $user = $this->createNewFromLdapAndCreds($userDetails, $credentials);
             } catch (UserRegistrationException $exception) {
-                throw new LoginAttemptException($exception->message);
+                throw new LoginAttemptException($exception->getMessage());
             }
         }
 
@@ -92,12 +93,19 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
             $this->ldapService->syncGroups($user, $username);
         }
 
+        // Attach avatar if non-existent
+        if (!$user->avatar()->exists()) {
+            $this->ldapService->saveAndAttachAvatar($user, $userDetails);
+        }
+
         $this->login($user, $remember);
+
         return true;
     }
 
     /**
-     * Create a new user from the given ldap credentials and login credentials
+     * Create a new user from the given ldap credentials and login credentials.
+     *
      * @throws LoginAttemptEmailNeededException
      * @throws LoginAttemptException
      * @throws UserRegistrationException
@@ -111,13 +119,15 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
         }
 
         $details = [
-            'name' => $ldapUserDetails['name'],
-            'email' => $ldapUserDetails['email'] ?: $credentials['email'],
+            'name'             => $ldapUserDetails['name'],
+            'email'            => $ldapUserDetails['email'] ?: $credentials['email'],
             'external_auth_id' => $ldapUserDetails['uid'],
-            'password' => Str::random(32),
+            'password'         => Str::random(32),
         ];
 
-        return $this->registrationService->registerUser($details, null, false);
-    }
+        $user = $this->registrationService->registerUser($details, null, false);
+        $this->ldapService->saveAndAttachAvatar($user, $ldapUserDetails);
 
+        return $user;
+    }
 }