BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Auth/LoginController.php

index 8116288ada445149f15a56d11f2f1c07a3cc0a3b..1252e6217a8b66f1bda3b405af28085a177308de 100644 (file)

--- a/app/Http/Controllers/Auth/LoginController.php

+++ b/app/Http/Controllers/Auth/LoginController.php

@@ -2,6 +2,8 @@

namespace BookStack\Http\Controllers\Auth;

+use Activity;

+use BookStack\Actions\ActivityType;

use BookStack\Auth\Access\SocialAuthService;

use BookStack\Exceptions\LoginAttemptEmailNeededException;

use BookStack\Exceptions\LoginAttemptException;

@@ -38,11 +40,12 @@ class LoginController extends Controller

public function __construct(SocialAuthService $socialAuthService)

{

- $this->middleware('guest', ['only' => ['getLogin', 'postLogin']]);

+ $this->middleware('guest', ['only' => ['getLogin', 'login']]);

+ $this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]);

$this->socialAuthService = $socialAuthService;

$this->redirectPath = url('/');

$this->redirectAfterLogout = url('/login');

- parent::__construct();

}

public function username()

@@ -73,6 +76,15 @@ class LoginController extends Controller

]);

}

+ // Store the previous location for redirect after login

+ $previous = url()->previous('');

+ if ($previous && $previous !== url('/login') && setting('app-public')) {

+ $isPreviousFromInstance = (strpos($previous, url('/')) === 0);

+ if ($isPreviousFromInstance) {

+ redirect()->setIntendedUrl($previous);

+ }

return view('auth.login', [

'socialDrivers' => $socialDrivers,

'authMethod' => $authMethod,

@@ -90,6 +102,7 @@ class LoginController extends Controller

public function login(Request $request)

{

$this->validateLogin($request);

+ $username = $request->get($this->username());

// If the class is using the ThrottlesLogins trait, we can automatically throttle

// the login attempts for this application. We'll key this by the username and

@@ -98,6 +111,7 @@ class LoginController extends Controller

$this->hasTooManyLoginAttempts($request)) {

$this->fireLockoutEvent($request);

+ Activity::logFailedLogin($username);

return $this->sendLockoutResponse($request);

}

@@ -106,6 +120,7 @@ class LoginController extends Controller

return $this->sendLoginResponse($request);

}

} catch (LoginAttemptException $exception) {

+ Activity::logFailedLogin($username);

return $this->sendLoginAttemptExceptionResponse($exception, $request);

}

@@ -114,9 +129,31 @@ class LoginController extends Controller

// user surpasses their maximum number of attempts they will get locked out.

$this->incrementLoginAttempts($request);

+ Activity::logFailedLogin($username);

return $this->sendFailedLoginResponse($request);

}

+ /**

+ * The user has been authenticated.

+ *

+ * @param \Illuminate\Http\Request $request

+ * @param mixed $user

+ * @return mixed

+ */

+ protected function authenticated(Request $request, $user)

+ {

+ // Authenticate on all session guards if a likely admin

+ if ($user->can('users-manage') && $user->can('user-roles-manage')) {

+ $guards = ['standard', 'ldap', 'saml2'];

+ foreach ($guards as $guard) {

+ auth($guard)->login($user);

+ }

+ $this->logActivity(ActivityType::AUTH_LOGIN, $user);

+ return redirect()->intended($this->redirectPath());

+ }

/**

* Validate the user login request.

@@ -159,14 +196,4 @@ class LoginController extends Controller

return redirect('/login');

}

- /**

- * Log the user out of the application.

- */

- public function logout(Request $request)

- {

- $this->guard()->logout();

- $request->session()->invalidate();

- return $this->loggedOut($request) ?: redirect('/');

- }

}