Initial code for LDAP authentication.

This commit is contained in:
James Cole
2018-10-13 15:06:56 +02:00
parent a5a012738e
commit 0d36d43eda
16 changed files with 905 additions and 37 deletions

View File

@@ -58,6 +58,13 @@ class ForgotPasswordController extends Controller
*/
public function sendResetLinkEmail(Request $request, UserRepositoryInterface $repository)
{
$loginProvider = getenv('LOGIN_PROVIDER');
if ('eloquent' !== $loginProvider) {
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
return view('error', compact('message'));
}
$this->validateEmail($request);
// verify if the user is not a demo user. If so, we give him back an error.
@@ -90,6 +97,13 @@ class ForgotPasswordController extends Controller
*/
public function showLinkRequestForm()
{
$loginProvider = getenv('LOGIN_PROVIDER');
if ('eloquent' !== $loginProvider) {
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
return view('error', compact('message'));
}
// is allowed to?
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();

View File

@@ -129,8 +129,9 @@ class LoginController extends Controller
*/
public function showLoginForm(Request $request)
{
$count = DB::table('users')->count();
if (0 === $count) {
$count = DB::table('users')->count();
$loginProvider = getenv('LOGIN_PROVIDER');
if (0 === $count && 'eloquent' === $loginProvider) {
return redirect(route('register')); // @codeCoverageIgnore
}
@@ -141,13 +142,20 @@ class LoginController extends Controller
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();
$allowRegistration = true;
$allowReset = true;
if (true === $singleUserMode && $userCount > 0) {
$allowRegistration = false;
}
// single user mode is ignored when the user is not using eloquent:
if ('eloquent' !== $loginProvider) {
$allowRegistration = false;
$allowReset = false;
}
$email = $request->old('email');
$remember = $request->old('remember');
return view('auth.login', compact('allowRegistration', 'email', 'remember'));
return view('auth.login', compact('allowRegistration', 'email', 'remember','allowReset'));
}
}

View File

@@ -71,9 +71,19 @@ class RegisterController extends Controller
public function register(Request $request)
{
// is allowed to?
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();
if (true === $singleUserMode && $userCount > 0) {
$allowRegistration = true;
$loginProvider = getenv('LOGIN_PROVIDER');
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();
if (true === $singleUserMode && $userCount > 0 && 'eloquent' === $loginProvider) {
$allowRegistration = false;
}
if ('eloquent' !== $loginProvider) {
$allowRegistration = false;
}
if (false === $allowRegistration) {
$message = 'Registration is currently not available.';
return view('error', compact('message'));
@@ -102,13 +112,25 @@ class RegisterController extends Controller
*/
public function showRegistrationForm(Request $request)
{
// is demo site?
$isDemoSite = FireflyConfig::get('is_demo_site', config('firefly.configuration.is_demo_site'))->data;
$allowRegistration = true;
$loginProvider = getenv('LOGIN_PROVIDER');
$isDemoSite = FireflyConfig::get('is_demo_site', config('firefly.configuration.is_demo_site'))->data;
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();
// is allowed to?
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();
if (true === $singleUserMode && $userCount > 0) {
if (true === $isDemoSite) {
$allowRegistration = false;
}
if (true === $singleUserMode && $userCount > 0 && 'eloquent' === $loginProvider) {
$allowRegistration = false;
}
if ('eloquent' !== $loginProvider) {
$allowRegistration = false;
}
if (false === $allowRegistration) {
$message = 'Registration is currently not available.';
return view('error', compact('message'));

View File

@@ -28,6 +28,7 @@ use FireflyIII\Http\Controllers\Controller;
use FireflyIII\User;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
/**
* Class ResetPasswordController
@@ -70,7 +71,15 @@ class ResetPasswordController extends Controller
*/
public function showResetForm(Request $request, $token = null)
{
// is allowed to?
$loginProvider = getenv('LOGIN_PROVIDER');
if ('eloquent' !== $loginProvider) {
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
return view('error', compact('message'));
}
// is allowed to register?
$singleUserMode = FireflyConfig::get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$userCount = User::count();
$allowRegistration = true;
@@ -83,4 +92,42 @@ class ResetPasswordController extends Controller
['token' => $token, 'email' => $request->email, 'allowRegistration' => $allowRegistration]
);
}
/**
* Reset the given user's password.
*
* @param \Illuminate\Http\Request $request
*
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
* @throws \Illuminate\Validation\ValidationException
*/
public function reset(Request $request)
{
$loginProvider = getenv('LOGIN_PROVIDER');
if ('eloquent' !== $loginProvider) {
$message = sprintf('Cannot reset password when authenticating over "%s".', $loginProvider);
return view('error', compact('message'));
}
$this->validate($request, $this->rules(), $this->validationErrorMessages());
// Here we will attempt to reset the user's password. If it is successful we
// will update the password on an actual user model and persist it to the
// database. Otherwise we will parse the error and return the response.
$response = $this->broker()->reset(
$this->credentials($request), function ($user, $password) {
$this->resetPassword($user, $password);
}
);
// If the password was successfully reset, we will redirect the user back to
// the application's home authenticated view. If there is an error we can
// redirect them back to where they came from with their error message.
return $response === Password::PASSWORD_RESET
? $this->sendResetResponse($request, $response)
: $this->sendResetFailedResponse($request, $response);
}
}

View File

@@ -41,6 +41,7 @@ use FireflyIII\User;
use Google2FA;
use Hash;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\Request;
use Illuminate\Support\Collection;
use Laravel\Passport\ClientRepository;
use Log;
@@ -71,6 +72,7 @@ class ProfileController extends Controller
return $next($request);
}
);
$this->middleware(IsDemoUser::class)->except(['index']);
$this->middleware(IsSandStormUser::class)->except('index');
}
@@ -80,8 +82,15 @@ class ProfileController extends Controller
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function changeEmail()
public function changeEmail(Request $request)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
return redirect(route('profile.index'));
}
$title = auth()->user()->email;
$email = auth()->user()->email;
$subTitle = (string)trans('firefly.change_your_email');
@@ -95,8 +104,15 @@ class ProfileController extends Controller
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function changePassword()
public function changePassword(Request $request)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
return redirect(route('profile.index'));
}
$title = auth()->user()->email;
$subTitle = (string)trans('firefly.change_your_password');
$subTitleIcon = 'fa-key';
@@ -132,6 +148,10 @@ class ProfileController extends Controller
*/
public function confirmEmailChange(UserRepositoryInterface $repository, string $token)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
}
// find preference with this token value.
/** @var Collection $set */
$set = app('preferences')->findByName('email_change_confirm_token');
@@ -163,8 +183,12 @@ class ProfileController extends Controller
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function deleteAccount()
public function deleteAccount(Request $request)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
$request->session()->flash('warning', trans('firefly.delete_local_info_only', ['login_provider' => $loginProvider]));
}
$title = auth()->user()->email;
$subTitle = (string)trans('firefly.delete_account');
$subTitleIcon = 'fa-trash';
@@ -216,6 +240,7 @@ class ProfileController extends Controller
*/
public function index()
{
$loginProvider = config('firefly.login_provider');
// check if client token thing exists (default one)
$count = DB::table('oauth_clients')
->where('personal_access_client', 1)
@@ -241,7 +266,7 @@ class ProfileController extends Controller
$accessToken = app('preferences')->set('access_token', $token);
}
return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA'));
return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA', 'loginProvider'));
}
/**
@@ -254,6 +279,13 @@ class ProfileController extends Controller
*/
public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
return redirect(route('profile.index'));
}
/** @var User $user */
$user = auth()->user();
$newEmail = $request->string('email');
@@ -299,6 +331,13 @@ class ProfileController extends Controller
*/
public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => $loginProvider]));
return redirect(route('profile.index'));
}
// the request has already validated both new passwords must be equal.
$current = $request->get('current_password');
$new = $request->get('new_password');
@@ -396,6 +435,11 @@ class ProfileController extends Controller
*/
public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
}
// find preference with this token value.
$set = app('preferences')->findByName('email_change_undo_token');
$user = null;