Differential D1435 Diff 3853 src/app/Auth/LDAPUserProvider.php

Changeset View

Standalone View

src/app/Auth/LDAPUserProvider.php

<?php		<?php

namespace App\Auth;		namespace App\Auth;

use App\User;		use App\User;
use Illuminate\Auth\EloquentUserProvider;		use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Support\Facades\Hash;		use Illuminate\Support\Facades\Hash;
use Illuminate\Contracts\Auth\Authenticatable;		use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\UserProvider;		use Illuminate\Contracts\Auth\UserProvider;

/**		/**
* A user provider that integrates an LDAP deployment.		* A user provider that integrates an LDAP deployment.
*/		*/
class LDAPUserProvider extends EloquentUserProvider implements UserProvider		class LDAPUserProvider extends EloquentUserProvider implements UserProvider
{		{
/**		/**
* Retrieve the user by its ID.		* Retrieve the user by its credentials (email).
*
* @param string $identifier The unique ID for the user to attempt to retrieve.
*
* @return \Illuminate\Contracts\Auth\Authenticatable\|null
*/
public function retrieveById($identifier)
{
return parent::retrieveById($identifier);
}

/**
* Retrieve the user by its credentials.
*
* Please note that this function also validates the password.
*		*
* @param array $credentials An array containing the email and password.		* @param array $credentials An array containing the email and password.
*		*
* @return User\|null		* @return User\|null
*/		*/
public function retrieveByCredentials(array $credentials)		public function retrieveByCredentials(array $credentials)
{		{
$entries = User::where('email', '=', $credentials['email']);		$entries = User::where('email', '=', $credentials['email'])->get();

$count = $entries->count();		$count = $entries->count();

if ($count == 1) {		if ($count == 1) {
$user = $entries->select(['id', 'email', 'password', 'password_ldap'])->first();		return $entries->first();

if (!$this->validateCredentials($user, $credentials)) {
return null;
}

return $user;
}		}

if ($count > 1) {		if ($count > 1) {
\Log::warning("Multiple entries for {$credentials['email']}");		\Log::warning("Multiple entries for {$credentials['email']}");
} else {		} else {
\Log::warning("No entries for {$credentials['email']}");		\Log::warning("No entries for {$credentials['email']}");
}		}

Show All 39 Lines	public function validateCredentials(Authenticatable $user, array $credentials): bool
$authenticated = true;		$authenticated = true;
}		}
}		}
} else {		} else {
\Log::error("Incomplete credentials for {$user->email}");		\Log::error("Incomplete credentials for {$user->email}");
}		}
}		}

// TODO: update last login time
// TODO: Update password if necessary, examine whether writing to
// user->password is sufficient?
if ($authenticated) {		if ($authenticated) {
\Log::info("Successful authentication for {$user->email}");		\Log::info("Successful authentication for {$user->email}");

		// TODO: update last login time
if (empty($user->password) \|\| empty($user->password_ldap)) {		if (empty($user->password) \|\| empty($user->password_ldap)) {
$user->password = $credentials['password'];		$user->password = $credentials['password'];
$user->save();		$user->save();
}		}
} else {		} else {
// TODO: Try actual LDAP?		// TODO: Try actual LDAP?
\Log::info("Authentication failed for {$user->email}");		\Log::info("Authentication failed for {$user->email}");
}		}

return $authenticated;		return $authenticated;
}		}
}		}