BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/LoginController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\LdapService;
   6 use BookStack\Auth\Access\SocialAuthService;
   7 use BookStack\Auth\UserRepo;
   8 use BookStack\Exceptions\AuthException;
   9 use BookStack\Http\Controllers\Controller;
  10 use Illuminate\Contracts\Auth\Authenticatable;
  11 use Illuminate\Foundation\Auth\AuthenticatesUsers;
  12 use Illuminate\Http\Request;
  13
  14 class LoginController extends Controller
  15 {
  16     /*
  17     |--------------------------------------------------------------------------
  18     | Login Controller
  19     |--------------------------------------------------------------------------
  20     |
  21     | This controller handles authenticating users for the application and
  22     | redirecting them to your home screen. The controller uses a trait
  23     | to conveniently provide its functionality to your applications.
  24     |
  25     */
  26
  27     use AuthenticatesUsers;
  28
  29     /**
  30      * Where to redirect users after login.
  31      *
  32      * @var string
  33      */
  34     protected $redirectTo = '/';
  35
  36     protected $redirectPath = '/';
  37     protected $redirectAfterLogout = '/login';
  38
  39     protected $socialAuthService;
  40     protected $ldapService;
  41     protected $userRepo;
  42
  43     /**
  44      * Create a new controller instance.
  45      *
  46      * @param \BookStack\Auth\\BookStack\Auth\Access\SocialAuthService $socialAuthService
  47      * @param LdapService $ldapService
  48      * @param \BookStack\Auth\UserRepo $userRepo
  49      */
  50     public function __construct(SocialAuthService $socialAuthService, LdapService $ldapService, UserRepo $userRepo)
  51     {
  52         $this->middleware('guest', ['only' => ['getLogin', 'postLogin']]);
  53         $this->socialAuthService = $socialAuthService;
  54         $this->ldapService = $ldapService;
  55         $this->userRepo = $userRepo;
  56         $this->redirectPath = url('/');
  57         $this->redirectAfterLogout = url('/login');
  58         parent::__construct();
  59     }
  60
  61     public function username()
  62     {
  63         return config('auth.method') === 'standard' ? 'email' : 'username';
  64     }
  65
  66     /**
  67      * Overrides the action when a user is authenticated.
  68      * If the user authenticated but does not exist in the user table we create them.
  69      * @throws AuthException
  70      * @throws \BookStack\Exceptions\LdapException
  71      */
  72     protected function authenticated(Request $request, Authenticatable $user)
  73     {
  74         // Explicitly log them out for now if they do no exist.
  75         if (!$user->exists) {
  76             auth()->logout($user);
  77         }
  78
  79         if (!$user->exists && $user->email === null && !$request->filled('email')) {
  80             $request->flash();
  81             session()->flash('request-email', true);
  82             return redirect('/login');
  83         }
  84
  85         if (!$user->exists && $user->email === null && $request->filled('email')) {
  86             $user->email = $request->get('email');
  87         }
  88
  89         if (!$user->exists) {
  90             // Check for users with same email already
  91             $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
  92             if ($alreadyUser) {
  93                 throw new AuthException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
  94             }
  95
  96             $user->save();
  97             $this->userRepo->attachDefaultRole($user);
  98             $this->userRepo->downloadAndAssignUserAvatar($user);
  99             auth()->login($user);
 100         }
 101
 102         // Sync LDAP groups if required
 103         if ($this->ldapService->shouldSyncGroups()) {
 104             $this->ldapService->syncGroups($user, $request->get($this->username()));
 105         }
 106
 107         return redirect()->intended('/');
 108     }
 109
 110     /**
 111      * Show the application login form.
 112      */
 113     public function getLogin(Request $request)
 114     {
 115         $socialDrivers = $this->socialAuthService->getActiveDrivers();
 116         $authMethod = config('auth.method');
 117         $samlEnabled = config('saml2.enabled') === true;
 118
 119         if ($request->has('email')) {
 120             session()->flashInput([
 121                 'email' => $request->get('email'),
 122                 'password' => (config('app.env') === 'demo') ? $request->get('password', '') : ''
 123             ]);
 124         }
 125
 126         return view('auth.login', [
 127           'socialDrivers' => $socialDrivers,
 128           'authMethod' => $authMethod,
 129           'samlEnabled' => $samlEnabled,
 130         ]);
 131     }
 132
 133     /**
 134      * Log the user out of the application.
 135      */
 136     public function logout(Request $request)
 137     {
 138         if (config('saml2.enabled') && session()->get('last_login_type') === 'saml2') {
 139             return redirect('/saml2/logout');
 140         }
 141
 142         $this->guard()->logout();
 143         $request->session()->invalidate();
 144
 145         return $this->loggedOut($request) ?: redirect('/');
 146     }
 147 }