$user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
}
- $providedEmail = ($credentials['email'] ?? false);
+ $this->checkForUserEmail($user, $credentials['email'] ?? '');
+ $this->saveIfNew($user);
- // Request email if missing from LDAP and model and missing from request
- if (is_null($user->email) && !$providedEmail) {
- throw new LoginAttemptEmailNeededException();
+ // Sync LDAP groups if required
+ if ($this->ldapService->shouldSyncGroups()) {
+ $this->ldapService->syncGroups($user, $username);
}
- // Add email to model if non-existing and email provided in request
- if (!$user->exists && $user->email === null && $providedEmail) {
- $user->email = $providedEmail;
- }
+ $this->login($user, $remember);
+ return true;
+ }
- if (!$user->exists) {
- // Check for existing users with same email
- $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
- if ($alreadyUser) {
- throw new LoginAttemptException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
- }
+ /**
+ * Save the give user if they don't yet existing in the system.
+ * @throws LoginAttemptException
+ */
+ protected function saveIfNew(User $user)
+ {
+ if ($user->exists) {
+ return;
+ }
- $user->save();
- $this->userRepo->attachDefaultRole($user);
- $this->userRepo->downloadAndAssignUserAvatar($user);
+ // Check for existing users with same email
+ $alreadyUser = $user->newQuery()->where('email', '=', $user->email)->count() > 0;
+ if ($alreadyUser) {
+ throw new LoginAttemptException(trans('errors.error_user_exists_different_creds', ['email' => $user->email]));
}
- // Sync LDAP groups if required
- if ($this->ldapService->shouldSyncGroups()) {
- $this->ldapService->syncGroups($user, $username);
+ $user->save();
+ $this->userRepo->attachDefaultRole($user);
+ $this->userRepo->downloadAndAssignUserAvatar($user);
+ }
+
+ /**
+ * Ensure the given user has an email.
+ * Takes the provided email in the request if a value is provided
+ * and the user does not have an existing email.
+ * @throws LoginAttemptEmailNeededException
+ */
+ protected function checkForUserEmail(User $user, string $providedEmail)
+ {
+ // Request email if missing from user and missing from request
+ if (is_null($user->email) && !$providedEmail) {
+ throw new LoginAttemptEmailNeededException();
}
- $this->login($user, $remember);
- return true;
+ // Add email to model if non-existing and email provided in request
+ if (!$user->exists && is_null($user->email) && $providedEmail) {
+ $user->email = $providedEmail;
+ }
}
/**
return $this->sendFailedLoginResponse($request);
}
+ /**
+ * Validate the user login request.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @return void
+ *
+ * @throws \Illuminate\Validation\ValidationException
+ */
+ protected function validateLogin(Request $request)
+ {
+ $rules = [];
+ $authMethod = config('auth.method');
+
+ if ($authMethod === 'standard') {
+ $rules = [
+ 'email' => 'required|string|email',
+ 'password' => 'required|string'
+ ];
+ }
+
+ if ($authMethod === 'ldap') {
+ $rules = [
+ 'username' => 'required|string',
+ 'password' => 'required|string',
+ 'email' => 'email',
+ ];
+ }
+
+ if ($authMethod === 'saml2') {
+ $rules = [
+ 'email' => 'email',
+ ];
+ }
+
+ $request->validate($rules);
+ }
+
/**
* Send a response when a login attempt exception occurs.
*/
projects / bookstack / commitdiff