AuthController.php
Go to the documentation of this file.
1 <?php
2 
3 namespace App\Http\Controllers\Auth;
4 
5 use Validator;
6 use App\Http\Controllers\Controller;
7 use Illuminate\Foundation\Auth\ThrottlesLogins;
8 use App\Models\Setting;
9 use App\Models\User;
10 use Auth;
11 use Config;
12 use Illuminate\Http\Request;
13 use Input;
14 use Redirect;
15 use Log;
16 use View;
17 
26 class AuthController extends Controller
27 {
28 
29  use ThrottlesLogins;
30 
31  // This tells the auth controller to use username instead of email address
32  protected $username = 'username';
33 
39  protected $redirectTo = '/';
40 
46  public function __construct()
47  {
48  $this->middleware('guest', ['except' => 'logout']);
49  }
50 
51 
52  function showLoginForm()
53  {
54  // Is the user logged in?
55  if (Auth::check()) {
56  return redirect()->intended('dashboard');
57  }
58 
59  // Show the page
60  return View::make('auth.login');
61  }
62 
63 
74  function ldap($username, $password, $returnUser = false)
75  {
76 
77  $ldaphost = Setting::getSettings()->ldap_server;
78  $ldaprdn = Setting::getSettings()->ldap_uname;
79  $ldappass = \Crypt::decrypt(Setting::getSettings()->ldap_pword);
80  $baseDn = Setting::getSettings()->ldap_basedn;
81  $filterQuery = Setting::getSettings()->ldap_auth_filter_query . $username;
82  $ldapversion = Setting::getSettings()->ldap_version;
83  $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
84 
85  // If we are ignoring the SSL cert we need to setup the environment variable
86  // before we create the connection
87  if ($ldap_server_cert_ignore) {
88  putenv('LDAPTLS_REQCERT=never');
89  }
90 
91  // Connecting to LDAP
92  $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
93  // Needed for AD
94  ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
95  ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldapversion);
96 
97  try {
98  if ($connection) {
99  // binding to ldap server
100  $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass);
101  if (($results = @ldap_search($connection, $baseDn, $filterQuery)) != false) {
102  $entry = ldap_first_entry($connection, $results);
103  if (($userDn = @ldap_get_dn($connection, $entry)) != false) {
104  if (($isBound = ldap_bind($connection, $userDn, $password)) == "true") {
105  return $returnUser ?
106  array_change_key_case(ldap_get_attributes($connection, $entry), CASE_LOWER)
107  : true;
108  }
109  }
110  }
111  }
112  } catch (Exception $e) {
113  LOG::error($e->getMessage());
114  }
115  ldap_close($connection);
116  return false;
117  }
118 
125  function createUserFromLdap($ldapatttibutes)
126  {
127  //Get LDAP attribute config
128  $ldap_result_username = Setting::getSettings()->ldap_username_field;
129  $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
130  $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
131  $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
132  $ldap_result_email = Setting::getSettings()->ldap_email;
133 
134  //Get LDAP user data
135  $item = array();
136  $item["username"] = isset($ldapatttibutes[$ldap_result_username][0]) ? $ldapatttibutes[$ldap_result_username][0] : "";
137  $item["employee_number"] = isset($ldapatttibutes[$ldap_result_emp_num][0]) ? $ldapatttibutes[$ldap_result_emp_num][0] : "";
138  $item["lastname"] = isset($ldapatttibutes[$ldap_result_last_name][0]) ? $ldapatttibutes[$ldap_result_last_name][0] : "";
139  $item["firstname"] = isset($ldapatttibutes[$ldap_result_first_name][0]) ? $ldapatttibutes[$ldap_result_first_name][0] : "";
140  $item["email"] = isset($ldapatttibutes[$ldap_result_email][0]) ? $ldapatttibutes[$ldap_result_email][0] : "" ;
141 
142  //create user
143  if (!empty($item["username"])) {
144  //$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10);
145 
146  $newuser = array(
147  'first_name' => $item["firstname"],
148  'last_name' => $item["lastname"],
149  'username' => $item["username"],
150  'email' => $item["email"],
151  'employee_num' => $item["employee_number"],
152  'password' => bcrypt(Input::get("password")), //$pass,
153  'activated' => 1,
154  'permissions' => ["user" => 1], //'{"user":1}',
155  'notes' => 'Imported from LDAP'
156  );
157  User::save($newuser);
158 
159  } else {
160  throw new Cartalyst\Sentry\Users\UserNotFoundException();
161  }
162 
163  //$item["note"] = "<strong>created</strong>";
164  $credentials = array(
165  'username' => $item["username"],
166  'password' => Input::get("password")//$pass,
167  );
168  return $credentials;
169  }
170 
171 
177  public function login()
178  {
179  $validator = $this->validator(Input::all());
180 
181  if ($validator->fails()) {
182  return Redirect::back()->withInput()->withErrors($validator);
183  }
184 
185  // Should we even check for LDAP users?
186  if (Setting::getSettings()->ldap_enabled=='1') {
187 
188  LOG::debug("LDAP is enabled.");
189  // Check if the user exists in the database
190  $user = User::where('username', '=', Input::get('username'))->whereNull('deleted_at')->first();
191  LOG::debug("Auth lookup complete");
192 
193 
194  // The user does not exist in the database. Try to get them from LDAP.
195  // If user does not exist and authenticates sucessfully with LDAP we
196  // will create it on the fly and sign in with default permissions
197  if (!$user) {
198  LOG::debug("Local user ".Input::get('username')." does not exist");
199  if ($userattr = $this->ldap(Input::get('username'), Input::get('password'), true)) {
200  LOG::debug("Creating local user from authenticated LDAP user.");
201  $credentials = $this->createUserFromLdap($userattr);
202  } else {
203  LOG::debug("User did not authenticate correctly against LDAP. No local user was created.");
204  }
205 
206  // If the user exists and they were imported from LDAP already
207  } else {
208 
209  LOG::debug("Local user ".Input::get('username')." exists in database. Authenticating existing user against LDAP.");
210 
211  if ($this->ldap(Input::get('username'), Input::get('password'))) {
212  LOG::debug("Valid LDAP login. Updating the local data.");
213  $user = User::find($user->id); //need the Sentry object, not the Eloquent object, to access critical password hashing functions
214  $user->password = bcrypt(Input::get('password'));
215  $user->ldap_import = 1;
216  $user->save();
217 
218  } else {
219  LOG::debug("User did not authenticate correctly against LDAP. Local user was not updated.");
220  }// End LDAP auth
221 
222  } // End if(!user)
223 
224  // NO LDAP enabled - just try to login the user normally
225  }
226 
227  LOG::debug("Authenticating user against database.");
228  // Try to log the user in
229  if (!Auth::attempt(Input::only('username', 'password'), Input::get('remember-me', 0))) {
230  LOG::debug("Local authentication failed.");
231  // throw new Cartalyst\Sentry\Users\UserNotFoundException();
232  return Redirect::back()->withInput()->with('error', trans('auth/message.account_not_found'));
233  }
234 
235  // Get the page we were before
236  $redirect = \Session::get('loginRedirect', 'home');
237 
238  // Unset the page we were before from the session
239  \Session::forget('loginRedirect');
240 
241  // Redirect to the users page
242  return Redirect::to($redirect)->with('success', trans('auth/message.signin.success'));
243 
244  // Ooops.. something went wrong
245  return Redirect::back()->withInput()->withErrors($this->messageBag);
246  }
247 
253  public function logout()
254  {
255  // Log the user out
256  Auth::logout();
257 
258  // Redirect to the users page
259  return Redirect::route('home')->with('success', 'You have successfully logged out!');
260  }
261 
262 
269  protected function validator(array $data)
270  {
271  return Validator::make($data, [
272  'username' => 'required',
273  'password' => 'required',
274  ]);
275  }
276 }
App\Http\Controllers\Auth\AuthController\validator
validator(array $data)
Get a validator for an incoming registration request.
Definition: AuthController.php:269
App\Http\Controllers\Auth\AuthController\createUserFromLdap
createUserFromLdap($ldapatttibutes)
Create user from LDAP attributes.
Definition: AuthController.php:125
App\Http\Controllers\Auth\AuthController
This controller handles authentication for the user, including local database users and LDAP users...
Definition: AuthController.php:26
App\Models\Setting\getSettings
static getSettings()
Definition: Setting.php:33
App\Http\Controllers\Auth\AuthController\__construct
__construct()
Create a new authentication controller instance.
Definition: AuthController.php:46
App\Http\Controllers\Auth\AuthController\login
login()
Account sign in form processing.
Definition: AuthController.php:177
App\Http\Controllers\Auth\AuthController\ldap
ldap($username, $password, $returnUser=false)
Authenticates a user to LDAP.
Definition: AuthController.php:74