Changeset View
Changeset View
Standalone View
Standalone View
src/app/Auth/LDAPUserProvider.php
<?php | <?php | ||||
namespace App\Auth; | namespace App\Auth; | ||||
use App\User; | use App\User; | ||||
use Illuminate\Auth\EloquentUserProvider; | use Illuminate\Auth\EloquentUserProvider; | ||||
use Illuminate\Support\Facades\Hash; | use Illuminate\Support\Facades\Hash; | ||||
use Illuminate\Contracts\Auth\Authenticatable; | use Illuminate\Contracts\Auth\Authenticatable; | ||||
use Illuminate\Contracts\Auth\UserProvider; | use Illuminate\Contracts\Auth\UserProvider; | ||||
/** | /** | ||||
* A user provider that integrates an LDAP deployment. | * A user provider that integrates an LDAP deployment. | ||||
*/ | */ | ||||
class LDAPUserProvider extends EloquentUserProvider implements UserProvider | class LDAPUserProvider extends EloquentUserProvider implements UserProvider | ||||
{ | { | ||||
/** | /** | ||||
* Retrieve the user by its ID. | * Retrieve the user by its credentials (email). | ||||
* | |||||
* @param string $identifier The unique ID for the user to attempt to retrieve. | |||||
* | |||||
* @return \Illuminate\Contracts\Auth\Authenticatable|null | |||||
*/ | |||||
public function retrieveById($identifier) | |||||
{ | |||||
return parent::retrieveById($identifier); | |||||
} | |||||
/** | |||||
* Retrieve the user by its credentials. | |||||
* | |||||
* Please note that this function also validates the password. | |||||
* | * | ||||
* @param array $credentials An array containing the email and password. | * @param array $credentials An array containing the email and password. | ||||
* | * | ||||
* @return User|null | * @return User|null | ||||
*/ | */ | ||||
public function retrieveByCredentials(array $credentials) | public function retrieveByCredentials(array $credentials) | ||||
{ | { | ||||
$entries = User::where('email', '=', $credentials['email']); | $entries = User::where('email', '=', $credentials['email'])->get(); | ||||
$count = $entries->count(); | $count = $entries->count(); | ||||
if ($count == 1) { | if ($count == 1) { | ||||
$user = $entries->select(['id', 'email', 'password', 'password_ldap'])->first(); | return $entries->first(); | ||||
if (!$this->validateCredentials($user, $credentials)) { | |||||
return null; | |||||
} | |||||
return $user; | |||||
} | } | ||||
if ($count > 1) { | if ($count > 1) { | ||||
\Log::warning("Multiple entries for {$credentials['email']}"); | \Log::warning("Multiple entries for {$credentials['email']}"); | ||||
} else { | } else { | ||||
\Log::warning("No entries for {$credentials['email']}"); | \Log::warning("No entries for {$credentials['email']}"); | ||||
} | } | ||||
Show All 39 Lines | public function validateCredentials(Authenticatable $user, array $credentials): bool | ||||
$authenticated = true; | $authenticated = true; | ||||
} | } | ||||
} | } | ||||
} else { | } else { | ||||
\Log::error("Incomplete credentials for {$user->email}"); | \Log::error("Incomplete credentials for {$user->email}"); | ||||
} | } | ||||
} | } | ||||
// TODO: update last login time | |||||
// TODO: Update password if necessary, examine whether writing to | |||||
// user->password is sufficient? | |||||
if ($authenticated) { | if ($authenticated) { | ||||
\Log::info("Successful authentication for {$user->email}"); | \Log::info("Successful authentication for {$user->email}"); | ||||
// TODO: update last login time | |||||
if (empty($user->password) || empty($user->password_ldap)) { | if (empty($user->password) || empty($user->password_ldap)) { | ||||
$user->password = $credentials['password']; | $user->password = $credentials['password']; | ||||
$user->save(); | $user->save(); | ||||
} | } | ||||
} else { | } else { | ||||
// TODO: Try actual LDAP? | // TODO: Try actual LDAP? | ||||
\Log::info("Authentication failed for {$user->email}"); | \Log::info("Authentication failed for {$user->email}"); | ||||
} | } | ||||
return $authenticated; | return $authenticated; | ||||
} | } | ||||
} | } |