BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/LoginController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use Activity;
   6 use BookStack\Actions\ActivityType;
   7 use BookStack\Auth\Access\SocialAuthService;
   8 use BookStack\Exceptions\LoginAttemptEmailNeededException;
   9 use BookStack\Exceptions\LoginAttemptException;
  10 use BookStack\Http\Controllers\Controller;
  11 use Illuminate\Foundation\Auth\AuthenticatesUsers;
  12 use Illuminate\Http\Request;
  13
  14 class LoginController extends Controller
  15 {
  16     /*
  17     |--------------------------------------------------------------------------
  18     | Login Controller
  19     |--------------------------------------------------------------------------
  20     |
  21     | This controller handles authenticating users for the application and
  22     | redirecting them to your home screen. The controller uses a trait
  23     | to conveniently provide its functionality to your applications.
  24     |
  25     */
  26
  27     use AuthenticatesUsers;
  28
  29     /**
  30      * Redirection paths
  31      */
  32     protected $redirectTo = '/';
  33     protected $redirectPath = '/';
  34     protected $redirectAfterLogout = '/login';
  35
  36     protected $socialAuthService;
  37
  38     /**
  39      * Create a new controller instance.
  40      */
  41     public function __construct(SocialAuthService $socialAuthService)
  42     {
  43         $this->middleware('guest', ['only' => ['getLogin', 'login']]);
  44         $this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]);
  45
  46         $this->socialAuthService = $socialAuthService;
  47         $this->redirectPath = url('/');
  48         $this->redirectAfterLogout = url('/login');
  49         parent::__construct();
  50     }
  51
  52     public function username()
  53     {
  54         return config('auth.method') === 'standard' ? 'email' : 'username';
  55     }
  56
  57     /**
  58      * Get the needed authorization credentials from the request.
  59      */
  60     protected function credentials(Request $request)
  61     {
  62         return $request->only('username', 'email', 'password');
  63     }
  64
  65     /**
  66      * Show the application login form.
  67      */
  68     public function getLogin(Request $request)
  69     {
  70         $socialDrivers = $this->socialAuthService->getActiveDrivers();
  71         $authMethod = config('auth.method');
  72
  73         if ($request->has('email')) {
  74             session()->flashInput([
  75                 'email' => $request->get('email'),
  76                 'password' => (config('app.env') === 'demo') ? $request->get('password', '') : ''
  77             ]);
  78         }
  79
  80         // Store the previous location for redirect after login
  81         $previous = url()->previous('');
  82         if ($previous && $previous !== url('/login') && setting('app-public')) {
  83             $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
  84             if ($isPreviousFromInstance) {
  85                 redirect()->setIntendedUrl($previous);
  86             }
  87         }
  88
  89         return view('auth.login', [
  90           'socialDrivers' => $socialDrivers,
  91           'authMethod' => $authMethod,
  92         ]);
  93     }
  94
  95     /**
  96      * Handle a login request to the application.
  97      *
  98      * @param  \Illuminate\Http\Request  $request
  99      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
 100      *
 101      * @throws \Illuminate\Validation\ValidationException
 102      */
 103     public function login(Request $request)
 104     {
 105         $this->validateLogin($request);
 106         $username = $request->get($this->username());
 107
 108         // If the class is using the ThrottlesLogins trait, we can automatically throttle
 109         // the login attempts for this application. We'll key this by the username and
 110         // the IP address of the client making these requests into this application.
 111         if (method_exists($this, 'hasTooManyLoginAttempts') &&
 112             $this->hasTooManyLoginAttempts($request)) {
 113             $this->fireLockoutEvent($request);
 114
 115             Activity::logFailedLogin($username);
 116             return $this->sendLockoutResponse($request);
 117         }
 118
 119         try {
 120             if ($this->attemptLogin($request)) {
 121                 return $this->sendLoginResponse($request);
 122             }
 123         } catch (LoginAttemptException $exception) {
 124             Activity::logFailedLogin($username);
 125             return $this->sendLoginAttemptExceptionResponse($exception, $request);
 126         }
 127
 128         // If the login attempt was unsuccessful we will increment the number of attempts
 129         // to login and redirect the user back to the login form. Of course, when this
 130         // user surpasses their maximum number of attempts they will get locked out.
 131         $this->incrementLoginAttempts($request);
 132
 133         Activity::logFailedLogin($username);
 134         return $this->sendFailedLoginResponse($request);
 135     }
 136
 137     /**
 138      * The user has been authenticated.
 139      *
 140      * @param  \Illuminate\Http\Request  $request
 141      * @param  mixed  $user
 142      * @return mixed
 143      */
 144     protected function authenticated(Request $request, $user)
 145     {
 146         // Authenticate on all session guards if a likely admin
 147         if ($user->can('users-manage') && $user->can('user-roles-manage')) {
 148             $guards = ['standard', 'ldap', 'saml2'];
 149             foreach ($guards as $guard) {
 150                 auth($guard)->login($user);
 151             }
 152         }
 153
 154         $this->logActivity(ActivityType::AUTH_LOGIN, $user);
 155         return redirect()->intended($this->redirectPath());
 156     }
 157
 158     /**
 159      * Validate the user login request.
 160      *
 161      * @param  \Illuminate\Http\Request  $request
 162      * @return void
 163      *
 164      * @throws \Illuminate\Validation\ValidationException
 165      */
 166     protected function validateLogin(Request $request)
 167     {
 168         $rules = ['password' => 'required|string'];
 169         $authMethod = config('auth.method');
 170
 171         if ($authMethod === 'standard') {
 172             $rules['email'] = 'required|email';
 173         }
 174
 175         if ($authMethod === 'ldap') {
 176             $rules['username'] = 'required|string';
 177             $rules['email'] = 'email';
 178         }
 179
 180         $request->validate($rules);
 181     }
 182
 183     /**
 184      * Send a response when a login attempt exception occurs.
 185      */
 186     protected function sendLoginAttemptExceptionResponse(LoginAttemptException $exception, Request $request)
 187     {
 188         if ($exception instanceof LoginAttemptEmailNeededException) {
 189             $request->flash();
 190             session()->flash('request-email', true);
 191         }
 192
 193         if ($message = $exception->getMessage()) {
 194             $this->showWarningNotification($message);
 195         }
 196
 197         return redirect('/login');
 198     }
 199
 200 }