mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-10-21 19:49:54 +00:00
Initial code for LDAP authentication.
This commit is contained in:
James Cole
@@ -58,6 +58,13 @@ class ForgotPasswordController extends Controller
|
||||
*/
|
||||
public function sendResetLinkEmail(Request $request, UserRepositoryInterface $repository)
|
||||
{
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
|
||||
|
||||
return view('error', compact('message'));
|
||||
}
|
||||
|
||||
$this->validateEmail($request);
|
||||
|
||||
// verify if the user is not a demo user. If so, we give him back an error.
|
||||
@@ -90,6 +97,13 @@ class ForgotPasswordController extends Controller
|
||||
*/
|
||||
public function showLinkRequestForm()
|
||||
{
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
|
||||
|
||||
return view('error', compact('message'));
|
||||
}
|
||||
|
||||
// is allowed to?
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
|
||||
@@ -129,8 +129,9 @@ class LoginController extends Controller
|
||||
*/
|
||||
public function showLoginForm(Request $request)
|
||||
{
|
||||
$count = DB::table('users')->count();
|
||||
if (0 === $count) {
|
||||
$count = DB::table('users')->count();
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
if (0 === $count && 'eloquent' === $loginProvider) {
|
||||
return redirect(route('register')); // @codeCoverageIgnore
|
||||
}
|
||||
|
||||
@@ -141,13 +142,20 @@ class LoginController extends Controller
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
$allowRegistration = true;
|
||||
$allowReset = true;
|
||||
if (true === $singleUserMode && $userCount > 0) {
|
||||
$allowRegistration = false;
|
||||
}
|
||||
|
||||
// single user mode is ignored when the user is not using eloquent:
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$allowRegistration = false;
|
||||
$allowReset = false;
|
||||
}
|
||||
|
||||
$email = $request->old('email');
|
||||
$remember = $request->old('remember');
|
||||
|
||||
return view('auth.login', compact('allowRegistration', 'email', 'remember'));
|
||||
return view('auth.login', compact('allowRegistration', 'email', 'remember','allowReset'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -71,9 +71,19 @@ class RegisterController extends Controller
|
||||
public function register(Request $request)
|
||||
{
|
||||
// is allowed to?
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
if (true === $singleUserMode && $userCount > 0) {
|
||||
$allowRegistration = true;
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
if (true === $singleUserMode && $userCount > 0 && 'eloquent' === $loginProvider) {
|
||||
$allowRegistration = false;
|
||||
}
|
||||
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$allowRegistration = false;
|
||||
}
|
||||
|
||||
if (false === $allowRegistration) {
|
||||
$message = 'Registration is currently not available.';
|
||||
|
||||
return view('error', compact('message'));
|
||||
@@ -102,13 +112,25 @@ class RegisterController extends Controller
|
||||
*/
|
||||
public function showRegistrationForm(Request $request)
|
||||
{
|
||||
// is demo site?
|
||||
$isDemoSite = FireflyConfig::get('is_demo_site', config('firefly.configuration.is_demo_site'))->data;
|
||||
$allowRegistration = true;
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
$isDemoSite = FireflyConfig::get('is_demo_site', config('firefly.configuration.is_demo_site'))->data;
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
|
||||
// is allowed to?
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
if (true === $singleUserMode && $userCount > 0) {
|
||||
if (true === $isDemoSite) {
|
||||
$allowRegistration = false;
|
||||
}
|
||||
|
||||
if (true === $singleUserMode && $userCount > 0 && 'eloquent' === $loginProvider) {
|
||||
$allowRegistration = false;
|
||||
}
|
||||
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$allowRegistration = false;
|
||||
}
|
||||
|
||||
if (false === $allowRegistration) {
|
||||
$message = 'Registration is currently not available.';
|
||||
|
||||
return view('error', compact('message'));
|
||||
|
||||
@@ -28,6 +28,7 @@ use FireflyIII\Http\Controllers\Controller;
|
||||
use FireflyIII\User;
|
||||
use Illuminate\Foundation\Auth\ResetsPasswords;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Password;
|
||||
|
||||
/**
|
||||
* Class ResetPasswordController
|
||||
@@ -70,7 +71,15 @@ class ResetPasswordController extends Controller
|
||||
*/
|
||||
public function showResetForm(Request $request, $token = null)
|
||||
{
|
||||
// is allowed to?
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
|
||||
|
||||
return view('error', compact('message'));
|
||||
}
|
||||
|
||||
|
||||
// is allowed to register?
|
||||
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
|
||||
$userCount = User::count();
|
||||
$allowRegistration = true;
|
||||
@@ -83,4 +92,42 @@ class ResetPasswordController extends Controller
|
||||
['token' => $token, 'email' => $request->email, 'allowRegistration' => $allowRegistration]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset the given user's password.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
|
||||
* @throws \Illuminate\Validation\ValidationException
|
||||
*/
|
||||
public function reset(Request $request)
|
||||
{
|
||||
$loginProvider = getenv('LOGIN_PROVIDER');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
|
||||
|
||||
return view('error', compact('message'));
|
||||
}
|
||||
|
||||
$this->validate($request, $this->rules(), $this->validationErrorMessages());
|
||||
|
||||
// Here we will attempt to reset the user's password. If it is successful we
|
||||
// will update the password on an actual user model and persist it to the
|
||||
// database. Otherwise we will parse the error and return the response.
|
||||
$response = $this->broker()->reset(
|
||||
$this->credentials($request), function ($user, $password) {
|
||||
$this->resetPassword($user, $password);
|
||||
}
|
||||
);
|
||||
|
||||
// If the password was successfully reset, we will redirect the user back to
|
||||
// the application's home authenticated view. If there is an error we can
|
||||
// redirect them back to where they came from with their error message.
|
||||
return $response === Password::PASSWORD_RESET
|
||||
? $this->sendResetResponse($request, $response)
|
||||
: $this->sendResetFailedResponse($request, $response);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -41,6 +41,7 @@ use FireflyIII\User;
|
||||
use Google2FA;
|
||||
use Hash;
|
||||
use Illuminate\Contracts\Auth\Guard;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Collection;
|
||||
use Laravel\Passport\ClientRepository;
|
||||
use Log;
|
||||
@@ -71,6 +72,7 @@ class ProfileController extends Controller
|
||||
return $next($request);
|
||||
}
|
||||
);
|
||||
|
||||
$this->middleware(IsDemoUser::class)->except(['index']);
|
||||
$this->middleware(IsSandStormUser::class)->except('index');
|
||||
}
|
||||
@@ -80,8 +82,15 @@ class ProfileController extends Controller
|
||||
*
|
||||
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
*/
|
||||
public function changeEmail()
|
||||
public function changeEmail(Request $request)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
||||
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
|
||||
$title = auth()->user()->email;
|
||||
$email = auth()->user()->email;
|
||||
$subTitle = (string)trans('firefly.change_your_email');
|
||||
@@ -95,8 +104,15 @@ class ProfileController extends Controller
|
||||
*
|
||||
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
*/
|
||||
public function changePassword()
|
||||
public function changePassword(Request $request)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
||||
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
|
||||
$title = auth()->user()->email;
|
||||
$subTitle = (string)trans('firefly.change_your_password');
|
||||
$subTitleIcon = 'fa-key';
|
||||
@@ -132,6 +148,10 @@ class ProfileController extends Controller
|
||||
*/
|
||||
public function confirmEmailChange(UserRepositoryInterface $repository, string $token)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
|
||||
}
|
||||
// find preference with this token value.
|
||||
/** @var Collection $set */
|
||||
$set = app('preferences')->findByName('email_change_confirm_token');
|
||||
@@ -163,8 +183,12 @@ class ProfileController extends Controller
|
||||
*
|
||||
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
*/
|
||||
public function deleteAccount()
|
||||
public function deleteAccount(Request $request)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$request->session()->flash('warning', trans('firefly.delete_local_info_only', ['login_provider' => $loginProvider]));
|
||||
}
|
||||
$title = auth()->user()->email;
|
||||
$subTitle = (string)trans('firefly.delete_account');
|
||||
$subTitleIcon = 'fa-trash';
|
||||
@@ -216,6 +240,7 @@ class ProfileController extends Controller
|
||||
*/
|
||||
public function index()
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
// check if client token thing exists (default one)
|
||||
$count = DB::table('oauth_clients')
|
||||
->where('personal_access_client', 1)
|
||||
@@ -241,7 +266,7 @@ class ProfileController extends Controller
|
||||
$accessToken = app('preferences')->set('access_token', $token);
|
||||
}
|
||||
|
||||
return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA'));
|
||||
return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA', 'loginProvider'));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -254,6 +279,13 @@ class ProfileController extends Controller
|
||||
*/
|
||||
public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
||||
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
|
||||
/** @var User $user */
|
||||
$user = auth()->user();
|
||||
$newEmail = $request->string('email');
|
||||
@@ -299,6 +331,13 @@ class ProfileController extends Controller
|
||||
*/
|
||||
public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
|
||||
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
|
||||
// the request has already validated both new passwords must be equal.
|
||||
$current = $request->get('current_password');
|
||||
$new = $request->get('new_password');
|
||||
@@ -396,6 +435,11 @@ class ProfileController extends Controller
|
||||
*/
|
||||
public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash)
|
||||
{
|
||||
$loginProvider = config('firefly.login_provider');
|
||||
if ('eloquent' !== $loginProvider) {
|
||||
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
|
||||
}
|
||||
|
||||
// find preference with this token value.
|
||||
$set = app('preferences')->findByName('email_change_undo_token');
|
||||
$user = null;
|
||||
|
||||
Reference in New Issue
Block a user