1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-24 11:52:34 +01:00

Add error messages, fix LDAP error

This commit is contained in:
Daniel Seiler 2019-08-07 15:31:10 +02:00
parent 03dbe32f99
commit 8e723f10dc
9 changed files with 42 additions and 20 deletions

View File

@ -2,6 +2,7 @@
use BookStack\Auth\Role;
use BookStack\Auth\User;
use Illuminate\Database\Eloquent\Builder;
class ExternalAuthService
{
@ -57,19 +58,19 @@ class ExternalAuthService
/**
* Sync the groups to the user roles for the current user
* @param \BookStack\Auth\User $user
* @param array $samlAttributes
* @param array $userGroups
*/
public function syncWithGroups(User $user, array $userGroups)
{
// Get the ids for the roles from the names
$samlGroupsAsRoles = $this->matchGroupsToSystemsRoles($userSamlGroups);
$groupsAsRoles = $this->matchGroupsToSystemsRoles($userGroups);
// Sync groups
if ($this->config['remove_from_groups']) {
$user->roles()->sync($samlGroupsAsRoles);
$user->roles()->sync($groupsAsRoles);
$this->userRepo->attachDefaultRole($user);
} else {
$user->roles()->syncWithoutDetaching($samlGroupsAsRoles);
$user->roles()->syncWithoutDetaching($groupsAsRoles);
}
}
}

View File

@ -5,7 +5,6 @@ use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\LdapException;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Database\Eloquent\Builder;
/**
* Class LdapService

View File

@ -5,8 +5,6 @@ use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\SamlException;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\Log;
/**
@ -117,6 +115,27 @@ class Saml2Service extends Access\ExternalAuthService
return $userGroups;
}
/**
* For an array of strings, return a default for an empty array,
* a string for an array with one element and the full array for
* more than one element.
*
* @param array $data
* @param $defaultValue
* @return string
*/
protected function simplifyValue(array $data, $defaultValue) {
switch (count($data)) {
case 0:
$data = $defaultValue;
break;
case 1:
$data = $data[0];
break;
}
return $data;
}
/**
* Get a property from an SAML response.
* Handles properties potentially being an array.
@ -128,16 +147,9 @@ class Saml2Service extends Access\ExternalAuthService
protected function getSamlResponseAttribute(array $samlAttributes, string $propertyKey, $defaultValue)
{
if (isset($samlAttributes[$propertyKey])) {
$data = $samlAttributes[$propertyKey];
if (is_array($data)) {
if (count($data) == 0) {
$data = $defaultValue;
} else if (count($data) == 1) {
$data = $data[0];
}
}
$data = $this->simplifyValue($samlAttributes[$propertyKey], $defaultValue);
} else {
$data = $defaultValue;
$data = $defaultValue;
}
return $data;
@ -190,6 +202,7 @@ class Saml2Service extends Access\ExternalAuthService
* they exist, optionally registering them automatically.
* @param string $samlID
* @param array $samlAttributes
* @throws SamlException
*/
public function processLoginCallback($samlID, $samlAttributes)
{
@ -197,12 +210,14 @@ class Saml2Service extends Access\ExternalAuthService
$isLoggedIn = auth()->check();
if ($isLoggedIn) {
logger()->error("Already logged in");
throw new SamlException(trans('errors.saml_already_logged_in'), '/login');
} else {
$user = $this->getOrRegisterUser($userDetails);
if ($user === null) {
logger()->error("User does not exist");
throw new SamlException(trans('errors.saml_user_not_registered', ['name' => $userDetails['uid']]), '/login');
} else {
$groups = $this->getUserGroups($samlAttributes);
$this->syncWithGroups($user, $groups);
auth()->login($user);
}
}

View File

@ -150,12 +150,14 @@ return [
],
'saml' => [
'name' => env('SAML_NAME', 'SSO'),
'enabled' => env('SAML2_ENABLED', false),
'auto_register' => env('SAML_AUTO_REGISTER', false),
'email_attribute' => env('SAML_EMAIL_ATTRIBUTE', 'email'),
'display_name_attribute' => explode('|', env('SAML_DISPLAY_NAME_ATTRIBUTE', 'username')),
'user_name_attribute' => env('SAML_USER_NAME_ATTRIBUTE', null),
'group_attribute' => env('SAML_GROUP_ATTRIBUTE', 'group'),
'remove_from_groups' => env('SAML_REMOVE_FROM_GROUPS',false),
'user_to_groups' => env('SAML_USER_TO_GROUPS', false),
'id_is_user_name' => env('SAML_ID_IS_USER_NAME', true),
]

View File

@ -1,6 +1,6 @@
<?php namespace BookStack\Exceptions;
class SamlException extends PrettyException
class SamlException extends NotifyException
{
}

View File

@ -15,6 +15,8 @@ return [
'ldap_fail_authed' => 'LDAP-Zugriff mit DN und Passwort ist fehlgeschlagen',
'ldap_extension_not_installed' => 'LDAP-PHP-Erweiterung ist nicht installiert.',
'ldap_cannot_connect' => 'Die Verbindung zum LDAP-Server ist fehlgeschlagen. Beim initialen Verbindungsaufbau trat ein Fehler auf.',
'saml_already_logged_in' => 'Sie sind bereits angemeldet',
'saml_user_not_registered' => 'Kein Benutzer mit ID :name registriert und die automatische Registrierung ist deaktiviert',
'social_no_action_defined' => 'Es ist keine Aktion definiert',
'social_login_bad_response' => "Fehler bei der :socialAccount-Anmeldung: \n:error",
'social_account_in_use' => 'Dieses :socialAccount-Konto wird bereits verwendet. Bitte melden Sie sich mit dem :socialAccount-Konto an.',

View File

@ -9,6 +9,7 @@ return [
// Auth
'email_already_confirmed' => 'Die E-Mail-Adresse ist bereits bestätigt. Bitte melde dich an.',
'email_confirmation_invalid' => 'Der Bestätigungslink ist nicht gültig oder wurde bereits verwendet. Bitte registriere dich erneut.',
'saml_already_logged_in' => 'Du bist bereits angemeldet',
'social_account_in_use' => 'Dieses :socialAccount-Konto wird bereits verwendet. Bitte melde dich mit dem :socialAccount-Konto an.',
'social_account_email_in_use' => 'Die E-Mail-Adresse ":email" ist bereits registriert. Wenn Du bereits registriert bist, kannst Du Dein :socialAccount-Konto in Deinen Profil-Einstellungen verknüpfen.',
'social_account_not_used' => 'Dieses :socialAccount-Konto ist bisher keinem Benutzer zugeordnet. Du kannst das in Deinen Profil-Einstellungen tun.',

View File

@ -17,6 +17,8 @@ return [
'ldap_fail_authed' => 'LDAP access failed using given dn & password details',
'ldap_extension_not_installed' => 'LDAP PHP extension not installed',
'ldap_cannot_connect' => 'Cannot connect to ldap server, Initial connection failed',
'saml_already_logged_in' => 'Already logged in',
'saml_user_not_registered' => 'The user :name is not registered and automatic registration is disabled',
'social_no_action_defined' => 'No action defined',
'social_login_bad_response' => "Error received during :socialAccount login: \n:error",
'social_account_in_use' => 'This :socialAccount account is already in use, Try logging in via the :socialAccount option.',

View File

@ -51,7 +51,7 @@
<div>
<a id="saml-login" class="button outline block svg" href="{{ url("/saml2/login") }}">
{{-- @icon('auth/github') --}}
{{ trans('auth.log_in_with', ['socialDriver' => 'SAML']) }}
{{ trans('auth.log_in_with', ['socialDriver' => config('services.saml.name')]) }}
</a>
</div>
@endif