Set more appropriate login validation and broken up LDAP guide a bit

diff --git a/app/Auth/Access/Guards/LdapSessionGuard.php b/app/Auth/Access/Guards/LdapSessionGuard.php
index ad173cf73fef2ec4787c7be5ba500705d32e35a2..223088d05c32f361a2058567aeedf9b7fdd74a24 100644 (file)
--- a/app/Auth/Access/Guards/LdapSessionGuard.php
+++ b/app/Auth/Access/Guards/LdapSessionGuard.php
@@ -75,37 +75,56 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
             $user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
         }
 
             $user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
         }
 

-        $providedEmail = ($credentials['email'] ?? false);
+        $this->checkForUserEmail($user, $credentials['email'] ?? '');
+        $this->saveIfNew($user);

 
 

-        // Request email if missing from LDAP and model and missing from request
-        if (is_null($user->email) && !$providedEmail) {
-            throw new LoginAttemptEmailNeededException();
+        // Sync LDAP groups if required
+        if ($this->ldapService->shouldSyncGroups()) {
+            $this->ldapService->syncGroups($user, $username);

         }
 
         }
 

-        // Add email to model if non-existing and email provided in request
-        if (!$user->exists && $user->email === null && $providedEmail) {
-            $user->email = $providedEmail;
-        }
+        $this->login($user, $remember);
+        return true;
+    }

 
 

-        if (!$user->exists) {
-            // Check for existing users with same email
-            $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
-            if ($alreadyUser) {
-                throw new LoginAttemptException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
-            }
+    /**
+     * Save the give user if they don't yet existing in the system.
+     * @throws LoginAttemptException
+     */
+    protected function saveIfNew(User $user)
+    {
+        if ($user->exists) {
+            return;
+        }

 
 

-            $user->save();
-            $this->userRepo->attachDefaultRole($user);
-            $this->userRepo->downloadAndAssignUserAvatar($user);
+        // Check for existing users with same email
+        $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
+        if ($alreadyUser) {
+            throw new LoginAttemptException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));

         }
 
         }
 

-        // Sync LDAP groups if required
-        if ($this->ldapService->shouldSyncGroups()) {
-            $this->ldapService->syncGroups($user, $username);
+        $user->save();
+        $this->userRepo->attachDefaultRole($user);
+        $this->userRepo->downloadAndAssignUserAvatar($user);
+    }
+
+    /**
+     * Ensure the given user has an email.
+     * Takes the provided email in the request if a value is provided
+     * and the user does not have an existing email.
+     * @throws LoginAttemptEmailNeededException
+     */
+    protected function checkForUserEmail(User $user, string $providedEmail)
+    {
+        // Request email if missing from user and missing from request
+        if (is_null($user->email) && !$providedEmail) {
+            throw new LoginAttemptEmailNeededException();

         }
 
         }
 

-        $this->login($user, $remember);
-        return true;
+        // Add email to model if non-existing and email provided in request
+        if (!$user->exists && is_null($user->email) && $providedEmail) {
+            $user->email = $providedEmail;
+        }

     }
 
     /**
     }
 
     /**

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 1ff86fff66eb6a9e6273221b857a8e115f49d64e..2302937cb5e4f6035af8dd9adbfb3f1ccab922e7 100644 (file)
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -119,6 +119,43 @@ class LoginController extends Controller
         return $this->sendFailedLoginResponse($request);
     }
 
         return $this->sendFailedLoginResponse($request);
     }
 

+    /**
+     * Validate the user login request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
+     *
+     * @throws \Illuminate\Validation\ValidationException
+     */
+    protected function validateLogin(Request $request)
+    {
+        $rules = [];
+        $authMethod = config('auth.method');
+
+        if ($authMethod === 'standard') {
+            $rules = [
+                'email' => 'required|string|email',
+                'password' => 'required|string'
+            ];
+        }
+
+        if ($authMethod === 'ldap') {
+            $rules = [
+                'username' => 'required|string',
+                'password' => 'required|string',
+                'email' => 'email',
+            ];
+        }
+
+        if ($authMethod === 'saml2') {
+            $rules = [
+                'email' => 'email',
+            ];
+        }
+
+        $request->validate($rules);
+    }
+

     /**
      * Send a response when a login attempt exception occurs.
      */
     /**
      * Send a response when a login attempt exception occurs.
      */