X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/d673bf61c221ca1aa1b72d636ee354e8ac933fd2..refs/pull/2023/head:/app/Auth/Access/SocialAuthService.php

diff --git a/app/Auth/Access/SocialAuthService.php b/app/Auth/Access/SocialAuthService.php
index 0d46b9f88..657aae3f3 100644
--- a/app/Auth/Access/SocialAuthService.php
+++ b/app/Auth/Access/SocialAuthService.php
@@ -5,8 +5,11 @@ use BookStack\Auth\UserRepo;
 use BookStack\Exceptions\SocialDriverNotConfigured;
 use BookStack\Exceptions\SocialSignInAccountNotUsed;
 use BookStack\Exceptions\UserRegistrationException;
+use Illuminate\Support\Str;
 use Laravel\Socialite\Contracts\Factory as Socialite;
+use Laravel\Socialite\Contracts\Provider;
 use Laravel\Socialite\Contracts\User as SocialUser;
+use Symfony\Component\HttpFoundation\RedirectResponse;
 
 class SocialAuthService
 {
@@ -19,9 +22,6 @@ class SocialAuthService
 
     /**
      * SocialAuthService constructor.
-     * @param \BookStack\Auth\UserRepo      $userRepo
-     * @param Socialite     $socialite
-     * @param SocialAccount $socialAccount
      */
     public function __construct(UserRepo $userRepo, Socialite $socialite, SocialAccount $socialAccount)
     {
@@ -33,11 +33,9 @@ class SocialAuthService
 
     /**
      * Start the social login path.
-     * @param string $socialDriver
-     * @return \Symfony\Component\HttpFoundation\RedirectResponse
      * @throws SocialDriverNotConfigured
      */
-    public function startLogIn($socialDriver)
+    public function startLogIn(string $socialDriver): RedirectResponse
     {
         $driver = $this->validateDriver($socialDriver);
         return $this->getSocialDriver($driver)->redirect();
@@ -45,11 +43,9 @@ class SocialAuthService
 
     /**
      * Start the social registration process
-     * @param string $socialDriver
-     * @return \Symfony\Component\HttpFoundation\RedirectResponse
      * @throws SocialDriverNotConfigured
      */
-    public function startRegister($socialDriver)
+    public function startRegister(string $socialDriver): RedirectResponse
     {
         $driver = $this->validateDriver($socialDriver);
         return $this->getSocialDriver($driver)->redirect();
@@ -57,12 +53,9 @@ class SocialAuthService
 
     /**
      * Handle the social registration process on callback.
-     * @param string $socialDriver
-     * @param SocialUser $socialUser
-     * @return SocialUser
      * @throws UserRegistrationException
      */
-    public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser)
+    public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser): SocialUser
     {
         // Check social account has not already been used
         if ($this->socialAccount->where('driver_id', '=', $socialUser->getId())->exists()) {
@@ -71,7 +64,7 @@ class SocialAuthService
 
         if ($this->userRepo->getByEmail($socialUser->getEmail())) {
             $email = $socialUser->getEmail();
-            throw new UserRegistrationException(trans('errors.social_account_in_use', ['socialAccount'=>$socialDriver, 'email' => $email]), '/login');
+            throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $email]), '/login');
         }
 
         return $socialUser;
@@ -79,11 +72,9 @@ class SocialAuthService
 
     /**
      * Get the social user details via the social driver.
-     * @param string $socialDriver
-     * @return SocialUser
      * @throws SocialDriverNotConfigured
      */
-    public function getSocialUser(string $socialDriver)
+    public function getSocialUser(string $socialDriver): SocialUser
     {
         $driver = $this->validateDriver($socialDriver);
         return $this->socialite->driver($driver)->user();
@@ -91,12 +82,9 @@ class SocialAuthService
 
     /**
      * Handle the login process on a oAuth callback.
-     * @param $socialDriver
-     * @param SocialUser $socialUser
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      * @throws SocialSignInAccountNotUsed
      */
-    public function handleLoginCallback($socialDriver, SocialUser $socialUser)
+    public function handleLoginCallback(string $socialDriver, SocialUser $socialUser)
     {
         $socialId = $socialUser->getId();
 
@@ -104,6 +92,7 @@ class SocialAuthService
         $socialAccount = $this->socialAccount->where('driver_id', '=', $socialId)->first();
         $isLoggedIn = auth()->check();
         $currentUser = user();
+        $titleCaseDriver = Str::title($socialDriver);
 
         // When a user is not logged in and a matching SocialAccount exists,
         // Simply log the user into the application.
@@ -117,26 +106,26 @@ class SocialAuthService
         if ($isLoggedIn && $socialAccount === null) {
             $this->fillSocialAccount($socialDriver, $socialUser);
             $currentUser->socialAccounts()->save($this->socialAccount);
-            session()->flash('success', trans('settings.users_social_connected', ['socialAccount' => title_case($socialDriver)]));
+            session()->flash('success', trans('settings.users_social_connected', ['socialAccount' => $titleCaseDriver]));
             return redirect($currentUser->getEditUrl());
         }
 
         // When a user is logged in and the social account exists and is already linked to the current user.
         if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id === $currentUser->id) {
-            session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => title_case($socialDriver)]));
+            session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => $titleCaseDriver]));
             return redirect($currentUser->getEditUrl());
         }
 
         // When a user is logged in, A social account exists but the users do not match.
         if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id != $currentUser->id) {
-            session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => title_case($socialDriver)]));
+            session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => $titleCaseDriver]));
             return redirect($currentUser->getEditUrl());
         }
 
         // Otherwise let the user know this social account is not used by anyone.
-        $message = trans('errors.social_account_not_used', ['socialAccount' => title_case($socialDriver)]);
-        if (setting('registration-enabled')) {
-            $message .= trans('errors.social_account_register_instructions', ['socialAccount' => title_case($socialDriver)]);
+        $message = trans('errors.social_account_not_used', ['socialAccount' => $titleCaseDriver]);
+        if (setting('registration-enabled') && config('auth.method') !== 'ldap' && config('auth.method') !== 'saml2') {
+            $message .= trans('errors.social_account_register_instructions', ['socialAccount' => $titleCaseDriver]);
         }
         
         throw new SocialSignInAccountNotUsed($message, '/login');
@@ -144,20 +133,18 @@ class SocialAuthService
 
     /**
      * Ensure the social driver is correct and supported.
-     *
-     * @param $socialDriver
-     * @return string
      * @throws SocialDriverNotConfigured
      */
-    private function validateDriver($socialDriver)
+    protected function validateDriver(string $socialDriver): string
     {
         $driver = trim(strtolower($socialDriver));
 
         if (!in_array($driver, $this->validSocialDrivers)) {
             abort(404, trans('errors.social_driver_not_found'));
         }
+
         if (!$this->checkDriverConfigured($driver)) {
-            throw new SocialDriverNotConfigured(trans('errors.social_driver_not_configured', ['socialAccount' => title_case($socialDriver)]));
+            throw new SocialDriverNotConfigured(trans('errors.social_driver_not_configured', ['socialAccount' => Str::title($socialDriver)]));
         }
 
         return $driver;
@@ -165,10 +152,8 @@ class SocialAuthService
 
     /**
      * Check a social driver has been configured correctly.
-     * @param $driver
-     * @return bool
      */
-    private function checkDriverConfigured($driver)
+    protected function checkDriverConfigured(string $driver): bool
     {
         $lowerName = strtolower($driver);
         $configPrefix = 'services.' . $lowerName . '.';
@@ -178,55 +163,48 @@ class SocialAuthService
 
     /**
      * Gets the names of the active social drivers.
-     * @return array
      */
-    public function getActiveDrivers()
+    public function getActiveDrivers(): array
     {
         $activeDrivers = [];
+
         foreach ($this->validSocialDrivers as $driverKey) {
             if ($this->checkDriverConfigured($driverKey)) {
                 $activeDrivers[$driverKey] = $this->getDriverName($driverKey);
             }
         }
+
         return $activeDrivers;
     }
 
     /**
      * Get the presentational name for a driver.
-     * @param $driver
-     * @return mixed
      */
-    public function getDriverName($driver)
+    public function getDriverName(string $driver): string
     {
         return config('services.' . strtolower($driver) . '.name');
     }
 
     /**
      * Check if the current config for the given driver allows auto-registration.
-     * @param string $driver
-     * @return bool
      */
-    public function driverAutoRegisterEnabled(string $driver)
+    public function driverAutoRegisterEnabled(string $driver): bool
     {
         return config('services.' . strtolower($driver) . '.auto_register') === true;
     }
 
     /**
      * Check if the current config for the given driver allow email address auto-confirmation.
-     * @param string $driver
-     * @return bool
      */
-    public function driverAutoConfirmEmailEnabled(string $driver)
+    public function driverAutoConfirmEmailEnabled(string $driver): bool
     {
         return config('services.' . strtolower($driver) . '.auto_confirm') === true;
     }
 
     /**
-     * @param string $socialDriver
-     * @param SocialUser $socialUser
-     * @return SocialAccount
+     * Fill and return a SocialAccount from the given driver name and SocialUser.
      */
-    public function fillSocialAccount($socialDriver, $socialUser)
+    public function fillSocialAccount(string $socialDriver, SocialUser $socialUser): SocialAccount
     {
         $this->socialAccount->fill([
             'driver'    => $socialDriver,
@@ -238,28 +216,26 @@ class SocialAuthService
 
     /**
      * Detach a social account from a user.
-     * @param $socialDriver
      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      */
-    public function detachSocialAccount($socialDriver)
+    public function detachSocialAccount(string $socialDriver)
     {
         user()->socialAccounts()->where('driver', '=', $socialDriver)->delete();
-        session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => title_case($socialDriver)]));
-        return redirect(user()->getEditUrl());
     }
 
     /**
      * Provide redirect options per service for the Laravel Socialite driver
-     * @param $driverName
-     * @return \Laravel\Socialite\Contracts\Provider
      */
-    public function getSocialDriver(string $driverName)
+    public function getSocialDriver(string $driverName): Provider
     {
         $driver = $this->socialite->driver($driverName);
 
         if ($driverName === 'google' && config('services.google.select_account')) {
             $driver->with(['prompt' => 'select_account']);
         }
+        if ($driverName === 'azure') {
+            $driver->with(['resource' => 'https://graph.windows.net']);
+        }
 
         return $driver;
     }