Added tests to cover ldap group mapping

[bookstack] / app / Http / Controllers / Auth / LoginController.php

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index e7eeb9bc1629d2ed94441458f6435e0b22ff8982..08b1bce679a433191148ac6db1abf878480f9279 100644 (file)
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -5,6 +5,8 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Exceptions\AuthException;
 use BookStack\Http\Controllers\Controller;
 use BookStack\Repos\UserRepo;
+use BookStack\Repos\LdapRepo;
+use BookStack\Services\LdapService;
 use BookStack\Services\SocialAuthService;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
@@ -70,20 +72,21 @@ class LoginController extends Controller
     protected function authenticated(Request $request, Authenticatable $user)
     {
         // Explicitly log them out for now if they do no exist.
-        if (!$user->exists) auth()->logout($user);
+        if (!$user->exists) {
+            auth()->logout($user);
+        }
 
-        if (!$user->exists && $user->email === null && !$request->has('email')) {
+        if (!$user->exists && $user->email === null && !$request->filled('email')) {
             $request->flash();
             session()->flash('request-email', true);
             return redirect('/login');
         }
 
-        if (!$user->exists && $user->email === null && $request->has('email')) {
+        if (!$user->exists && $user->email === null && $request->filled('email')) {
             $user->email = $request->get('email');
         }
 
         if (!$user->exists) {
-
             // Check for users with same email already
             $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
             if ($alreadyUser) {
@@ -95,6 +98,13 @@ class LoginController extends Controller
             auth()->login($user);
         }
 
+        // ldap groups refresh
+        if (config('services.ldap.user_to_groups') !== false && $request->filled('username')) {
+            $ldapRepo = new LdapRepo($this->userRepo, app(LdapService::class));
+            $ldapRepo->syncGroups($user, $request->input('username'));
+        }
+
+
         $path = session()->pull('url.intended', '/');
         $path = baseUrl($path, true);
         return redirect($path);
@@ -102,12 +112,21 @@ class LoginController extends Controller
 
     /**
      * Show the application login form.
+     * @param Request $request
      * @return \Illuminate\Http\Response
      */
-    public function getLogin()
+    public function getLogin(Request $request)
     {
         $socialDrivers = $this->socialAuthService->getActiveDrivers();
         $authMethod = config('auth.method');
+
+        if ($request->has('email')) {
+            session()->flashInput([
+                'email' => $request->get('email'),
+                'password' => (config('app.env') === 'demo') ? $request->get('password', '') : ''
+            ]);
+        }
+
         return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
     }
 
@@ -121,4 +140,4 @@ class LoginController extends Controller
         session()->put('social-callback', 'login');
         return $this->socialAuthService->startLogIn($socialDriver);
     }
-}
\ No newline at end of file
+}