diff --git a/app/Auth/Access/Guards/Saml2SessionGuard.php b/app/Auth/Access/Guards/Saml2SessionGuard.php new file mode 100644 index 000000000..1bdb59d51 --- /dev/null +++ b/app/Auth/Access/Guards/Saml2SessionGuard.php @@ -0,0 +1,103 @@ +ldapService = $ldapService; + parent::__construct($name, $provider, $session, $userRepo); + } + + /** + * Validate a user's credentials. + * + * @param array $credentials + * @return bool + * @throws LdapException + */ + public function validate(array $credentials = []) + { + $userDetails = $this->ldapService->getUserDetails($credentials['username']); + $this->lastAttempted = $this->provider->retrieveByCredentials([ + 'external_auth_id' => $userDetails['uid'] + ]); + + return $this->ldapService->validateUserCredentials($userDetails, $credentials['username'], $credentials['password']); + } + + /** + * Attempt to authenticate a user using the given credentials. + * + * @param array $credentials + * @param bool $remember + * @return bool + * @throws LoginAttemptEmailNeededException + * @throws LoginAttemptException + * @throws LdapException + */ + public function attempt(array $credentials = [], $remember = false) + { + $username = $credentials['username']; + $userDetails = $this->ldapService->getUserDetails($username); + $this->lastAttempted = $user = $this->provider->retrieveByCredentials([ + 'external_auth_id' => $userDetails['uid'] + ]); + + if (!$this->ldapService->validateUserCredentials($userDetails, $username, $credentials['password'])) { + return false; + } + + if (is_null($user)) { + $user = $this->freshUserInstanceFromLdapUserDetails($userDetails); + } + + $this->checkForUserEmail($user, $credentials['email'] ?? ''); + $this->saveIfNew($user); + + // Sync LDAP groups if required + if ($this->ldapService->shouldSyncGroups()) { + $this->ldapService->syncGroups($user, $username); + } + + $this->login($user, $remember); + return true; + } + + /** + * Create a fresh user instance from details provided by a LDAP lookup. + */ + protected function freshUserInstanceFromLdapUserDetails(array $ldapUserDetails): User + { + $user = new User(); + + $user->name = $ldapUserDetails['name']; + $user->external_auth_id = $ldapUserDetails['uid']; + $user->email = $ldapUserDetails['email']; + $user->email_confirmed = false; + + return $user; + } + +} diff --git a/resources/views/auth/forms/login/saml2.blade.php b/resources/views/auth/forms/login/saml2.blade.php new file mode 100644 index 000000000..12592d492 --- /dev/null +++ b/resources/views/auth/forms/login/saml2.blade.php @@ -0,0 +1,30 @@ +
\ No newline at end of file