Added files missed in previous commit

author Dan Brown <redacted>

Sun, 2 Feb 2020 10:59:03 +0000 (10:59 +0000)

committer Dan Brown <redacted>

Sun, 2 Feb 2020 10:59:03 +0000 (10:59 +0000)
author Dan Brown <redacted>
Sun, 2 Feb 2020 10:59:03 +0000 (10:59 +0000)
committer Dan Brown <redacted>
Sun, 2 Feb 2020 10:59:03 +0000 (10:59 +0000)
diff --git a/.env.example.complete b/.env.example.complete

index e44644f08f5aea122bbf787fa3e4f2ad42d58b3d..bc6b644aaf80d176a31ee0e686377740e125d71c 100644 (file)
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -121,7 +121,7 @@ STORAGE_S3_ENDPOINT=https://my-custom-s3-compatible.service.com:8001
  STORAGE_URL=false
  
  # Authentication method to use
  STORAGE_URL=false
  
  # Authentication method to use
-# Can be 'standard' or 'ldap'
+# Can be 'standard', 'ldap' or 'saml2'
  AUTH_METHOD=standard
  
  # Social authentication configuration
  AUTH_METHOD=standard
  
  # Social authentication configuration
@@ -205,8 +205,6 @@ LDAP_REMOVE_FROM_GROUPS=false
  # SAML authentication configuration
  # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
  SAML2_NAME=SSO
  # SAML authentication configuration
  # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
  SAML2_NAME=SSO
-SAML2_ENABLED=false
-SAML2_AUTO_REGISTER=true
  SAML2_EMAIL_ATTRIBUTE=email
  SAML2_DISPLAY_NAME_ATTRIBUTES=username
  SAML2_EXTERNAL_ID_ATTRIBUTE=null
  SAML2_EMAIL_ATTRIBUTE=email
  SAML2_DISPLAY_NAME_ATTRIBUTES=username
  SAML2_EXTERNAL_ID_ATTRIBUTE=null
diff --git a/app/Auth/Access/Guards/ExternalBaseSessionGuard.php b/app/Auth/Access/Guards/ExternalBaseSessionGuard.php

index 3022b7f8e5c083a8bec06a4d9be5abe06a973651..d1fb0b606a3d04e8820fe73ff54bf3564879ba11 100644 (file)
--- a/app/Auth/Access/Guards/ExternalBaseSessionGuard.php
+++ b/app/Auth/Access/Guards/ExternalBaseSessionGuard.php
@@ -2,6 +2,10 @@
  
  namespace BookStack\Auth\Access\Guards;
  
  
  namespace BookStack\Auth\Access\Guards;
  
+use BookStack\Auth\User;
+use BookStack\Auth\UserRepo;
+use BookStack\Exceptions\LoginAttemptEmailNeededException;
+use BookStack\Exceptions\LoginAttemptException;
  use Illuminate\Auth\GuardHelpers;
  use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
  use Illuminate\Contracts\Auth\StatefulGuard;
  use Illuminate\Auth\GuardHelpers;
  use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
  use Illuminate\Contracts\Auth\StatefulGuard;
@@ -51,21 +55,24 @@ class ExternalBaseSessionGuard implements StatefulGuard
       */
      protected $loggedOut = false;
  
       */
      protected $loggedOut = false;
  
+    /**
+     * Repository to perform user-specific actions.
+     *
+     * @var UserRepo
+     */
+    protected $userRepo;
+
      /**
       * Create a new authentication guard.
       *
      /**
       * Create a new authentication guard.
       *
-     * @param  string  $name
-     * @param  \Illuminate\Contracts\Auth\UserProvider  $provider
-     * @param  \Illuminate\Contracts\Session\Session  $session
       * @return void
       */
       * @return void
       */
-    public function __construct($name,
-        UserProvider $provider,
-        Session $session)
+    public function __construct(string $name, UserProvider $provider, Session $session, UserRepo $userRepo)
      {
          $this->name = $name;
          $this->session = $session;
          $this->provider = $provider;
      {
          $this->name = $name;
          $this->session = $session;
          $this->provider = $provider;
+        $this->userRepo = $userRepo;
      }
  
      /**
      }
  
      /**
diff --git a/app/Auth/Access/Guards/LdapSessionGuard.php b/app/Auth/Access/Guards/LdapSessionGuard.php

index 223088d05c32f361a2058567aeedf9b7fdd74a24..6c416bf301621c31a8c887883b7470b2b0553557 100644 (file)
--- a/app/Auth/Access/Guards/LdapSessionGuard.php
+++ b/app/Auth/Access/Guards/LdapSessionGuard.php
@@ -15,7 +15,6 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
  {
  
      protected $ldapService;
  {
  
      protected $ldapService;
-    protected $userRepo;
  
      /**
       * LdapSessionGuard constructor.
  
      /**
       * LdapSessionGuard constructor.
@@ -28,8 +27,7 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
      )
      {
          $this->ldapService = $ldapService;
      )
      {
          $this->ldapService = $ldapService;
-        $this->userRepo = $userRepo;
-        parent::__construct($name, $provider, $session);
+        parent::__construct($name, $provider, $session, $userRepo);
      }
  
      /**
      }
  
      /**
diff --git a/app/Auth/Access/Guards/Saml2SessionGuard.php b/app/Auth/Access/Guards/Saml2SessionGuard.php

index 1bdb59d516f4c989194880f8ffe3a134f6b26d3b..4023913ed77bb47caac93d5dc0d84a6673be4f90 100644 (file)
--- a/app/Auth/Access/Guards/Saml2SessionGuard.php
+++ b/app/Auth/Access/Guards/Saml2SessionGuard.php
@@ -2,49 +2,27 @@
  
  namespace BookStack\Auth\Access\Guards;
  
  
  namespace BookStack\Auth\Access\Guards;
  
-use BookStack\Auth\Access\LdapService;
-use BookStack\Auth\User;
-use BookStack\Auth\UserRepo;
-use BookStack\Exceptions\LdapException;
-use BookStack\Exceptions\LoginAttemptException;
-use BookStack\Exceptions\LoginAttemptEmailNeededException;
-use Illuminate\Contracts\Auth\UserProvider;
-use Illuminate\Contracts\Session\Session;
-
-class LdapSessionGuard extends ExternalBaseSessionGuard
+/**
+ * Saml2 Session Guard
+ *
+ * The saml2 login process is async in nature meaning it does not fit very well
+ * into the default laravel 'Guard' auth flow. Instead most of the logic is done
+ * via the Saml2 controller & Saml2Service. This class provides a safer, thin
+ * version of SessionGuard.
+ *
+ * @package BookStack\Auth\Access\Guards
+ */
+class Saml2SessionGuard extends ExternalBaseSessionGuard
  {
  {
-
-    protected $ldapService;
-
-    /**
-     * LdapSessionGuard constructor.
-     */
-    public function __construct($name,
-        UserProvider $provider,
-        Session $session,
-        LdapService $ldapService,
-        UserRepo $userRepo
-    )
-    {
-        $this->ldapService = $ldapService;
-        parent::__construct($name, $provider, $session, $userRepo);
-    }
-
      /**
       * Validate a user's credentials.
       *
       * @param array $credentials
       * @return bool
      /**
       * Validate a user's credentials.
       *
       * @param array $credentials
       * @return bool
-     * @throws LdapException
       */
      public function validate(array $credentials = [])
      {
       */
      public function validate(array $credentials = [])
      {
-        $userDetails = $this->ldapService->getUserDetails($credentials['username']);
-        $this->lastAttempted = $this->provider->retrieveByCredentials([
-            'external_auth_id' => $userDetails['uid']
-        ]);
-
-        return $this->ldapService->validateUserCredentials($userDetails, $credentials['username'], $credentials['password']);
+        return false;
      }
  
      /**
      }
  
      /**
@@ -53,51 +31,10 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
       * @param array $credentials
       * @param bool $remember
       * @return bool
       * @param array $credentials
       * @param bool $remember
       * @return bool
-     * @throws LoginAttemptEmailNeededException
-     * @throws LoginAttemptException
-     * @throws LdapException
       */
      public function attempt(array $credentials = [], $remember = false)
      {
       */
      public function attempt(array $credentials = [], $remember = false)
      {
-        $username = $credentials['username'];
-        $userDetails = $this->ldapService->getUserDetails($username);
-        $this->lastAttempted = $user = $this->provider->retrieveByCredentials([
-            'external_auth_id' => $userDetails['uid']
-        ]);
-
-        if (!$this->ldapService->validateUserCredentials($userDetails, $username, $credentials['password'])) {
-            return false;
-        }
-
-        if (is_null($user)) {
-            $user = $this->freshUserInstanceFromLdapUserDetails($userDetails);
-        }
-
-        $this->checkForUserEmail($user, $credentials['email'] ?? '');
-        $this->saveIfNew($user);
-
-        // Sync LDAP groups if required
-        if ($this->ldapService->shouldSyncGroups()) {
-            $this->ldapService->syncGroups($user, $username);
-        }
-
-        $this->login($user, $remember);
-        return true;
-    }
-
-    /**
-     * Create a fresh user instance from details provided by a LDAP lookup.
-     */
-    protected function freshUserInstanceFromLdapUserDetails(array $ldapUserDetails): User
-    {
-        $user = new User();
-
-        $user->name = $ldapUserDetails['name'];
-        $user->external_auth_id = $ldapUserDetails['uid'];
-        $user->email = $ldapUserDetails['email'];
-        $user->email_confirmed = false;
-
-        return $user;
+        return false;
      }
  
  }
      }
  
  }
diff --git a/app/Auth/Access/RegistrationService.php b/app/Auth/Access/RegistrationService.php

index 7e8c7d5f5aea0553a99775a73ec215fdec206f2e..74142301a288d07126e4980c0afa133ab759b15f 100644 (file)
--- a/app/Auth/Access/RegistrationService.php
+++ b/app/Auth/Access/RegistrationService.php
@@ -20,14 +20,15 @@ class RegistrationService
          $this->emailConfirmationService = $emailConfirmationService;
      }
  
          $this->emailConfirmationService = $emailConfirmationService;
      }
  
-
      /**
       * Check whether or not registrations are allowed in the app settings.
       * @throws UserRegistrationException
       */
      public function checkRegistrationAllowed()
      {
      /**
       * Check whether or not registrations are allowed in the app settings.
       * @throws UserRegistrationException
       */
      public function checkRegistrationAllowed()
      {
-        if (!setting('registration-enabled') || config('auth.method') === 'ldap') {
+        $authMethod = config('auth.method');
+        $authMethodsWithRegistration = ['standard'];
+        if (!setting('registration-enabled') || !in_array($authMethod, $authMethodsWithRegistration)) {
              throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login');
          }
      }
              throw new UserRegistrationException(trans('auth.registrations_disabled'), '/login');
          }
      }
diff --git a/app/Auth/Access/Saml2Service.php b/app/Auth/Access/Saml2Service.php

index c1038e7306b5955b24494e3cd385a2778f52ac5b..c52dc3a398aea2cba9ead90f55d0ed40bbbae9d3 100644 (file)
--- a/app/Auth/Access/Saml2Service.php
+++ b/app/Auth/Access/Saml2Service.php
@@ -20,7 +20,6 @@ class Saml2Service extends ExternalAuthService
      protected $config;
      protected $userRepo;
      protected $user;
      protected $config;
      protected $userRepo;
      protected $user;
-    protected $enabled;
  
      /**
       * Saml2Service constructor.
  
      /**
       * Saml2Service constructor.
@@ -30,7 +29,6 @@ class Saml2Service extends ExternalAuthService
          $this->config = config('saml2');
          $this->userRepo = $userRepo;
          $this->user = $user;
          $this->config = config('saml2');
          $this->userRepo = $userRepo;
          $this->user = $user;
-        $this->enabled = config('saml2.enabled') === true;
      }
  
      /**
      }
  
      /**
@@ -204,7 +202,7 @@ class Saml2Service extends ExternalAuthService
       */
      protected function shouldSyncGroups(): bool
      {
       */
      protected function shouldSyncGroups(): bool
      {
-        return $this->enabled && $this->config['user_to_groups'] !== false;
+        return $this->config['user_to_groups'] !== false;
      }
  
      /**
      }
  
      /**
@@ -248,7 +246,7 @@ class Saml2Service extends ExternalAuthService
      /**
       * Extract the details of a user from a SAML response.
       */
      /**
       * Extract the details of a user from a SAML response.
       */
-    public function getUserDetails(string $samlID, $samlAttributes): array
+    protected function getUserDetails(string $samlID, $samlAttributes): array
      {
          $emailAttr = $this->config['email_attribute'];
          $externalId = $this->getExternalId($samlAttributes, $samlID);
      {
          $emailAttr = $this->config['email_attribute'];
          $externalId = $this->getExternalId($samlAttributes, $samlID);
@@ -329,7 +327,7 @@ class Saml2Service extends ExternalAuthService
              throw new SamlException(trans('errors.saml_email_exists', ['email' => $userDetails['email']]));
          }
  
              throw new SamlException(trans('errors.saml_email_exists', ['email' => $userDetails['email']]));
          }
  
-        $user = $this->user->forceCreate($userData);
+        $user = $this->user->newQuery()->forceCreate($userData);
          $this->userRepo->attachDefaultRole($user);
          $this->userRepo->downloadAndAssignUserAvatar($user);
          return $user;
          $this->userRepo->attachDefaultRole($user);
          $this->userRepo->downloadAndAssignUserAvatar($user);
          return $user;
@@ -337,15 +335,15 @@ class Saml2Service extends ExternalAuthService
  
      /**
       * Get the user from the database for the specified details.
  
      /**
       * Get the user from the database for the specified details.
+     * @throws SamlException
       */
      protected function getOrRegisterUser(array $userDetails): ?User
      {
       */
      protected function getOrRegisterUser(array $userDetails): ?User
      {
-        $isRegisterEnabled = $this->config['auto_register'] === true;
-        $user = $this->user
-          ->where('external_auth_id', $userDetails['external_id'])
+        $user = $this->user->newQuery()
+          ->where('external_auth_id', '=', $userDetails['external_id'])
            ->first();
  
            ->first();
  
-        if ($user === null && $isRegisterEnabled) {
+        if (is_null($user)) {
              $user = $this->registerUser($userDetails);
          }
  
              $user = $this->registerUser($userDetails);
          }
  
diff --git a/app/Config/auth.php b/app/Config/auth.php

index 0be5aeee8e09416a8ee444f6125fe8f45a771e9d..2afb10ec2e3151eb69fd35880da05f01021eadef 100644 (file)
--- a/app/Config/auth.php
+++ b/app/Config/auth.php
@@ -34,7 +34,11 @@ return [
          ],
          'ldap' => [
              'driver' => 'ldap-session',
          ],
          'ldap' => [
              'driver' => 'ldap-session',
-            'provider' => 'external'
+            'provider' => 'external',
+        ],
+        'saml2' => [
+            'driver' => 'saml2-session',
+            'provider' => 'external',
          ],
          'api' => [
              'driver' => 'api-token',
          ],
          'api' => [
              'driver' => 'api-token',
diff --git a/app/Config/saml2.php b/app/Config/saml2.php

index 2f2ad14f1d5de4e482b7c98813ea98bf07b2fa5e..5f2c1395b836aacedd36496d153a0ea52f412165 100644 (file)
--- a/app/Config/saml2.php
+++ b/app/Config/saml2.php
@@ -4,10 +4,6 @@ return [
  
      // Display name, shown to users, for SAML2 option
      'name' => env('SAML2_NAME', 'SSO'),
  
      // Display name, shown to users, for SAML2 option
      'name' => env('SAML2_NAME', 'SSO'),
-    // Toggle whether the SAML2 option is active
-    'enabled' => env('SAML2_ENABLED', false),
-    // Enable registration via SAML2 authentication
-    'auto_register' => env('SAML2_AUTO_REGISTER', true),
  
      // Dump user details after a login request for debugging purposes
      'dump_user_details' => env('SAML2_DUMP_USER_DETAILS', false),
  
      // Dump user details after a login request for debugging purposes
      'dump_user_details' => env('SAML2_DUMP_USER_DETAILS', false),
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php

index 2302937cb5e4f6035af8dd9adbfb3f1ccab922e7..8116288ada445149f15a56d11f2f1c07a3cc0a3b 100644 (file)
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -65,7 +65,6 @@ class LoginController extends Controller
      {
          $socialDrivers = $this->socialAuthService->getActiveDrivers();
          $authMethod = config('auth.method');
      {
          $socialDrivers = $this->socialAuthService->getActiveDrivers();
          $authMethod = config('auth.method');
-        $samlEnabled = config('saml2.enabled') === true;
  
          if ($request->has('email')) {
              session()->flashInput([
  
          if ($request->has('email')) {
              session()->flashInput([
@@ -77,7 +76,6 @@ class LoginController extends Controller
          return view('auth.login', [
            'socialDrivers' => $socialDrivers,
            'authMethod' => $authMethod,
          return view('auth.login', [
            'socialDrivers' => $socialDrivers,
            'authMethod' => $authMethod,
-          'samlEnabled' => $samlEnabled,
          ]);
      }
  
          ]);
      }
  
@@ -129,28 +127,16 @@ class LoginController extends Controller
       */
      protected function validateLogin(Request $request)
      {
       */
      protected function validateLogin(Request $request)
      {
-        $rules = [];
+        $rules = ['password' => 'required|string'];
          $authMethod = config('auth.method');
  
          if ($authMethod === 'standard') {
          $authMethod = config('auth.method');
  
          if ($authMethod === 'standard') {
-            $rules = [
-                'email' => 'required|string|email',
-                'password' => 'required|string'
-            ];
+            $rules['email'] = 'required|email';
          }
  
          if ($authMethod === 'ldap') {
          }
  
          if ($authMethod === 'ldap') {
-            $rules = [
-                'username' => 'required|string',
-                'password' => 'required|string',
-                'email' => 'email',
-            ];
-        }
-
-        if ($authMethod === 'saml2') {
-            $rules = [
-                'email' => 'email',
-            ];
+            $rules['username'] = 'required|string';
+            $rules['email'] = 'email';
          }
  
          $request->validate($rules);
          }
  
          $request->validate($rules);
@@ -178,10 +164,6 @@ class LoginController extends Controller
       */
      public function logout(Request $request)
      {
       */
      public function logout(Request $request)
      {
-        if (config('saml2.enabled') && session()->get('last_login_type') === 'saml2') {
-            return redirect('/saml2/logout');
-        }
-
          $this->guard()->logout();
          $request->session()->invalidate();
  
          $this->guard()->logout();
          $request->session()->invalidate();
  
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php

index c9c0c3ec5000f26a2d5cd0404b17b052c52ef394..8fb13d536c63901a3901ec78b8795f7a00996d7f 100644 (file)
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -75,10 +75,8 @@ class RegisterController extends Controller
      {
          $this->registrationService->checkRegistrationAllowed();
          $socialDrivers = $this->socialAuthService->getActiveDrivers();
      {
          $this->registrationService->checkRegistrationAllowed();
          $socialDrivers = $this->socialAuthService->getActiveDrivers();
-        $samlEnabled = (config('saml2.enabled') === true) && (config('saml2.auto_register') === true);
          return view('auth.register', [
              'socialDrivers' => $socialDrivers,
          return view('auth.register', [
              'socialDrivers' => $socialDrivers,
-            'samlEnabled' => $samlEnabled,
          ]);
      }
  
          ]);
      }
  
diff --git a/app/Http/Controllers/Auth/Saml2Controller.php b/app/Http/Controllers/Auth/Saml2Controller.php

index 86389412861a033e6c9bc8170f8799cb3c23988a..72cf0e01970d023b06c05bc8cae07c7e20deb131 100644 (file)
--- a/app/Http/Controllers/Auth/Saml2Controller.php
+++ b/app/Http/Controllers/Auth/Saml2Controller.php
@@ -20,7 +20,8 @@ class Saml2Controller extends Controller
  
          // SAML2 access middleware
          $this->middleware(function ($request, $next) {
  
          // SAML2 access middleware
          $this->middleware(function ($request, $next) {
-            if (!config('saml2.enabled')) {
+
+            if (config('auth.method') !== 'saml2') {
                  $this->showPermissionError();
              }
  
                  $this->showPermissionError();
              }
  
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php

index 0b299551aa5d7e7f1dc643f7581446cada86a21c..a885628f3ac3114b1ff563cfb39625ac3044389b 100644 (file)
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -6,6 +6,7 @@ use Auth;
  use BookStack\Api\ApiTokenGuard;
  use BookStack\Auth\Access\ExternalBaseUserProvider;
  use BookStack\Auth\Access\Guards\LdapSessionGuard;
  use BookStack\Api\ApiTokenGuard;
  use BookStack\Auth\Access\ExternalBaseUserProvider;
  use BookStack\Auth\Access\Guards\LdapSessionGuard;
+use BookStack\Auth\Access\Guards\Saml2SessionGuard;
  use BookStack\Auth\Access\LdapService;
  use BookStack\Auth\UserRepo;
  use Illuminate\Support\ServiceProvider;
  use BookStack\Auth\Access\LdapService;
  use BookStack\Auth\UserRepo;
  use Illuminate\Support\ServiceProvider;
@@ -33,6 +34,16 @@ class AuthServiceProvider extends ServiceProvider
                  $app[UserRepo::class]
              );
          });
                  $app[UserRepo::class]
              );
          });
+
+        Auth::extend('saml2-session', function ($app, $name, array $config) {
+            $provider = Auth::createUserProvider($config['provider']);
+            return new Saml2SessionGuard(
+                $name,
+                $provider,
+                $this->app['session.store'],
+                $app[UserRepo::class]
+            );
+        });
      }
  
      /**
      }
  
      /**
diff --git a/resources/views/auth/forms/login/ldap.blade.php b/resources/views/auth/forms/login/ldap.blade.php

index 2699fda00ac59801e454f748dd339eb8b6c7fac8..12592d492cc93af6fb6a5a3b2cd05ac287b7f167 100644 (file)
--- a/resources/views/auth/forms/login/ldap.blade.php
+++ b/resources/views/auth/forms/login/ldap.blade.php
@@ -1,19 +1,30 @@
-<div class="form-group">
-    <label for="username">{{ trans('auth.username') }}</label>
-    @include('form.text', ['name' => 'username', 'autofocus' => true])
-</div>
+<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
+    {!! csrf_field() !!}
  
  
-@if(session('request-email', false) === true)
-    <div class="form-group">
-        <label for="email">{{ trans('auth.email') }}</label>
-        @include('form.text', ['name' => 'email'])
-        <span class="text-neg">
-            {{ trans('auth.ldap_email_hint') }}
-        </span>
+    <div class="stretch-inputs">
+        <div class="form-group">
+            <label for="username">{{ trans('auth.username') }}</label>
+            @include('form.text', ['name' => 'username', 'autofocus' => true])
+        </div>
+
+        @if(session('request-email', false) === true)
+            <div class="form-group">
+                <label for="email">{{ trans('auth.email') }}</label>
+                @include('form.text', ['name' => 'email'])
+                <span class="text-neg">{{ trans('auth.ldap_email_hint') }}</span>
+            </div>
+        @endif
+
+        <div class="form-group">
+            <label for="password">{{ trans('auth.password') }}</label>
+            @include('form.password', ['name' => 'password'])
+        </div>
+    </div>
+
+    <div class="grid half collapse-xs gap-xl v-center">
+        <div class="text-right">
+            <button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
+        </div>
      </div>
      </div>
-@endif
  
  
-<div class="form-group">
-    <label for="password">{{ trans('auth.password') }}</label>
-    @include('form.password', ['name' => 'password'])
-</div>
-\ No newline at end of file
+</form>
+\ No newline at end of file
diff --git a/resources/views/auth/forms/login/saml2.blade.php b/resources/views/auth/forms/login/saml2.blade.php

index 12592d492cc93af6fb6a5a3b2cd05ac287b7f167..aa1913e3179853c203035dcfcbd64c1ae1c9871c 100644 (file)
--- a/resources/views/auth/forms/login/saml2.blade.php
+++ b/resources/views/auth/forms/login/saml2.blade.php
@@ -1,30 +1,11 @@
-<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
+<form action="{{ url('/saml2/login') }}" method="POST" id="login-form" class="mt-l">
      {!! csrf_field() !!}
  
      {!! csrf_field() !!}
  
-    <div class="stretch-inputs">
-        <div class="form-group">
-            <label for="username">{{ trans('auth.username') }}</label>
-            @include('form.text', ['name' => 'username', 'autofocus' => true])
-        </div>
-
-        @if(session('request-email', false) === true)
-            <div class="form-group">
-                <label for="email">{{ trans('auth.email') }}</label>
-                @include('form.text', ['name' => 'email'])
-                <span class="text-neg">{{ trans('auth.ldap_email_hint') }}</span>
-            </div>
-        @endif
-
-        <div class="form-group">
-            <label for="password">{{ trans('auth.password') }}</label>
-            @include('form.password', ['name' => 'password'])
-        </div>
-    </div>
-
-    <div class="grid half collapse-xs gap-xl v-center">
-        <div class="text-right">
-            <button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
-        </div>
+    <div>
+        <button id="saml-login" class="button outline block svg">
+            @icon('saml2')
+            {{ trans('auth.log_in_with', ['socialDriver' => config('saml2.name')]) }}
+        </button>
      </div>
  
  </form>
 \ No newline at end of file
      </div>
  
  </form>
 \ No newline at end of file
diff --git a/resources/views/auth/forms/login/standard.blade.php b/resources/views/auth/forms/login/standard.blade.php

index 52fae3750ad38dbd9cccacedeea82328d63fd0b1..87603e2cb6dc8fd88a9c41bbb9b3ad0d5d35b992 100644 (file)
--- a/resources/views/auth/forms/login/standard.blade.php
+++ b/resources/views/auth/forms/login/standard.blade.php
@@ -1,12 +1,36 @@
-<div class="form-group">
-    <label for="email">{{ trans('auth.email') }}</label>
-    @include('form.text', ['name' => 'email', 'autofocus' => true])
-</div>
-
-<div class="form-group">
-    <label for="password">{{ trans('auth.password') }}</label>
-    @include('form.password', ['name' => 'password'])
-    <span class="block small mt-s">
-        <a href="{{ url('/password/email') }}">{{ trans('auth.forgot_password') }}</a>
-    </span>
-</div>
+<form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
+    {!! csrf_field() !!}
+
+    <div class="stretch-inputs">
+        <div class="form-group">
+            <label for="email">{{ trans('auth.email') }}</label>
+            @include('form.text', ['name' => 'email', 'autofocus' => true])
+        </div>
+
+        <div class="form-group">
+            <label for="password">{{ trans('auth.password') }}</label>
+            @include('form.password', ['name' => 'password'])
+            <div class="small mt-s">
+                <a href="{{ url('/password/email') }}">{{ trans('auth.forgot_password') }}</a>
+            </div>
+        </div>
+    </div>
+
+    <div class="grid half collapse-xs gap-xl v-center">
+        <div class="text-left ml-xxs">
+            @include('components.custom-checkbox', [
+                'name' => 'remember',
+                'checked' => false,
+                'value' => 'on',
+                'label' => trans('auth.remember_me'),
+            ])
+        </div>
+
+        <div class="text-right">
+            <button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
+        </div>
+    </div>
+
+</form>
+
+
diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php

index 098ce2100d31b9a4193ec345525146103edec0fa..0a21a0f62d421238e97130de5be402505958b946 100644 (file)
--- a/resources/views/auth/login.blade.php
+++ b/resources/views/auth/login.blade.php
@@ -9,29 +9,7 @@
          <div class="card content-wrap auto-height">
              <h1 class="list-heading">{{ Str::title(trans('auth.log_in')) }}</h1>
  
          <div class="card content-wrap auto-height">
              <h1 class="list-heading">{{ Str::title(trans('auth.log_in')) }}</h1>
  
-            <form action="{{ url('/login') }}" method="POST" id="login-form" class="mt-l">
-                {!! csrf_field() !!}
-
-                <div class="stretch-inputs">
-                    @include('auth.forms.login.' . $authMethod)
-                </div>
-
-                <div class="grid half collapse-xs gap-xl v-center">
-                    <div class="text-left ml-xxs">
-                        @include('components.custom-checkbox', [
-                            'name' => 'remember',
-                            'checked' => false,
-                            'value' => 'on',
-                            'label' => trans('auth.remember_me'),
-                        ])
-                    </div>
-
-                    <div class="text-right">
-                        <button class="button">{{ Str::title(trans('auth.log_in')) }}</button>
-                    </div>
-                </div>
-
-            </form>
+            @include('auth.forms.login.' . $authMethod)
  
              @if(count($socialDrivers) > 0)
                  <hr class="my-l">
  
              @if(count($socialDrivers) > 0)
                  <hr class="my-l">
@@ -45,17 +23,7 @@
                  @endforeach
              @endif
  
                  @endforeach
              @endif
  
-            @if($samlEnabled)
-                <hr class="my-l">
-                <div>
-                    <a id="saml-login" class="button outline block svg" href="{{ url("/saml2/login") }}">
-                       @icon('saml2')
-                      {{ trans('auth.log_in_with', ['socialDriver' => config('saml2.name')]) }}
-                    </a>
-                </div>
-            @endif
-
-            @if(setting('registration-enabled') && config('auth.method') !== 'ldap')
+            @if(setting('registration-enabled') && config('auth.method') === 'standard')
                  <div class="text-center pb-s">
                      <hr class="my-l">
                      <a href="{{ url('/register') }}">{{ trans('auth.dont_have_account') }}</a>
                  <div class="text-center pb-s">
                      <hr class="my-l">
                      <a href="{{ url('/register') }}">{{ trans('auth.dont_have_account') }}</a>
diff --git a/resources/views/auth/register.blade.php b/resources/views/auth/register.blade.php

index 8dd6592c1e72084f4acba1059a56f226c80102d7..1625ebc4c588afbcf77d18475a6336a4c61439a1 100644 (file)
--- a/resources/views/auth/register.blade.php
+++ b/resources/views/auth/register.blade.php
@@ -50,15 +50,6 @@
                  @endforeach
              @endif
  
                  @endforeach
              @endif
  
-            @if($samlEnabled)
-                <hr class="my-l">
-                <div>
-                    <a id="saml-login" class="button outline block svg" href="{{ url("/saml2/login") }}">
-                        @icon('saml2')
-                        {{ trans('auth.log_in_with', ['socialDriver' => config('saml2.name')]) }}
-                    </a>
-                </div>
-            @endif
          </div>
      </div>
  @stop
          </div>
      </div>
  @stop
diff --git a/resources/views/common/header.blade.php b/resources/views/common/header.blade.php

index b060360315eba00b62bae30193b0ba7f304ae06c..7c837ec29bd90a25f178094a12592976c76ea88b 100644 (file)
--- a/resources/views/common/header.blade.php
+++ b/resources/views/common/header.blade.php
@@ -42,7 +42,7 @@
                      @endif
  
                      @if(!signedInUser())
                      @endif
  
                      @if(!signedInUser())
-                        @if(setting('registration-enabled') && config('auth.method') !== 'ldap')
+                        @if(setting('registration-enabled') && config('auth.method') === 'standard')
                              <a href="{{ url('/register') }}">@icon('new-user') {{ trans('auth.sign_up') }}</a>
                          @endif
                          <a href="{{ url('/login') }}">@icon('login') {{ trans('auth.log_in') }}</a>
                              <a href="{{ url('/register') }}">@icon('new-user') {{ trans('auth.sign_up') }}</a>
                          @endif
                          <a href="{{ url('/login') }}">@icon('login') {{ trans('auth.log_in') }}</a>
@@ -64,7 +64,11 @@
                                  <a href="{{ url("/settings/users/{$currentUser->id}") }}">@icon('edit'){{ trans('common.edit_profile') }}</a>
                              </li>
                              <li>
                                  <a href="{{ url("/settings/users/{$currentUser->id}") }}">@icon('edit'){{ trans('common.edit_profile') }}</a>
                              </li>
                              <li>
-                                <a href="{{ url('/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
+                                @if(config('auth.method') === 'saml2')
+                                    <a href="{{ url('/saml2/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
+                                @else
+                                    <a href="{{ url('/logout') }}">@icon('logout'){{ trans('auth.logout') }}</a>
+                                @endif
                              </li>
                          </ul>
                      </div>
                              </li>
                          </ul>
                      </div>
diff --git a/resources/views/settings/roles/form.blade.php b/resources/views/settings/roles/form.blade.php

index 1fbc80b1fd1be0f0cbcfacb68869ebfc3bfeadac..ed57ad94401feb18417fc72a6b843ea1095c287e 100644 (file)
--- a/resources/views/settings/roles/form.blade.php
+++ b/resources/views/settings/roles/form.blade.php
@@ -19,7 +19,7 @@
                      @include('form.text', ['name' => 'description'])
                  </div>
  
                      @include('form.text', ['name' => 'description'])
                  </div>
  
-                @if(config('auth.method') === 'ldap' || config('saml2.enabled') === true)
+                @if(config('auth.method') === 'ldap' || config('auth.method') === 'saml2')
                      <div class="form-group">
                          <label for="name">{{ trans('settings.role_external_auth_id') }}</label>
                          @include('form.text', ['name' => 'external_auth_id'])
                      <div class="form-group">
                          <label for="name">{{ trans('settings.role_external_auth_id') }}</label>
                          @include('form.text', ['name' => 'external_auth_id'])
diff --git a/resources/views/users/form.blade.php b/resources/views/users/form.blade.php

index 6eafd43bcfd98e1bb28af610d9683b6c4bb7225f..df3d06c2f34f232b17fe033472d4078f293285cb 100644 (file)
--- a/resources/views/users/form.blade.php
+++ b/resources/views/users/form.blade.php
@@ -25,7 +25,7 @@
      </div>
  </div>
  
      </div>
  </div>
  
-@if(($authMethod === 'ldap' || config('saml2.enabled') === true) && userCan('users-manage'))
+@if(($authMethod === 'ldap' || $authMethod === 'saml2') && userCan('users-manage'))
      <div class="grid half gap-xl v-center">
          <div>
              <label class="setting-list-label">{{ trans('settings.users_external_auth_id') }}</label>
      <div class="grid half gap-xl v-center">
          <div>
              <label class="setting-list-label">{{ trans('settings.users_external_auth_id') }}</label>
diff --git a/routes/web.php b/routes/web.php

index eafad6489ed81d2ae4412ee4b0a22611fac1a3d8..3aa95dd6868d441e4b57ae53affc16847dd5a921 100644 (file)
--- a/routes/web.php
+++ b/routes/web.php
@@ -225,7 +225,7 @@ Route::get('/register/confirm/{token}', 'Auth\ConfirmEmailController@confirm');
  Route::post('/register', 'Auth\RegisterController@postRegister');
  
  // SAML routes
  Route::post('/register', 'Auth\RegisterController@postRegister');
  
  // SAML routes
-Route::get('/saml2/login', 'Auth\Saml2Controller@login');
+Route::post('/saml2/login', 'Auth\Saml2Controller@login');
  Route::get('/saml2/logout', 'Auth\Saml2Controller@logout');
  Route::get('/saml2/metadata', 'Auth\Saml2Controller@metadata');
  Route::get('/saml2/sls', 'Auth\Saml2Controller@sls');
  Route::get('/saml2/logout', 'Auth\Saml2Controller@logout');
  Route::get('/saml2/metadata', 'Auth\Saml2Controller@metadata');
  Route::get('/saml2/sls', 'Auth\Saml2Controller@sls');
author	Dan Brown <redacted>
	Sun, 2 Feb 2020 10:59:03 +0000 (10:59 +0000)
committer	Dan Brown <redacted>
	Sun, 2 Feb 2020 10:59:03 +0000 (10:59 +0000)
.env.example.complete		patch \| blob \| history
app/Auth/Access/Guards/ExternalBaseSessionGuard.php		patch \| blob \| history
app/Auth/Access/Guards/LdapSessionGuard.php		patch \| blob \| history
app/Auth/Access/Guards/Saml2SessionGuard.php		patch \| blob \| history
app/Auth/Access/RegistrationService.php		patch \| blob \| history
app/Auth/Access/Saml2Service.php		patch \| blob \| history
app/Config/auth.php		patch \| blob \| history
app/Config/saml2.php		patch \| blob \| history
app/Http/Controllers/Auth/LoginController.php		patch \| blob \| history
app/Http/Controllers/Auth/RegisterController.php		patch \| blob \| history
app/Http/Controllers/Auth/Saml2Controller.php		patch \| blob \| history
app/Providers/AuthServiceProvider.php		patch \| blob \| history
resources/views/auth/forms/login/ldap.blade.php		patch \| blob \| history
resources/views/auth/forms/login/saml2.blade.php		patch \| blob \| history
resources/views/auth/forms/login/standard.blade.php		patch \| blob \| history
resources/views/auth/login.blade.php		patch \| blob \| history
resources/views/auth/register.blade.php		patch \| blob \| history
resources/views/common/header.blade.php		patch \| blob \| history
resources/views/settings/roles/form.blade.php		patch \| blob \| history
resources/views/users/form.blade.php		patch \| blob \| history
routes/web.php		patch \| blob \| history