This controller handles authentication for the user, including local database users and LDAP users. More...

Inheritance diagram for App\Http\Controllers\Auth\AuthController:

Public Member Functions
	__construct ()
	Create a new authentication controller instance. More...

	showLoginForm ()

	ldap ($username, $password, $returnUser=false)
	Authenticates a user to LDAP. More...

	createUserFromLdap ($ldapatttibutes)
	Create user from LDAP attributes. More...

	login ()
	Account sign in form processing. More...

	logout ()
	Logout page. More...

Protected Member Functions
	validator (array $data)
	Get a validator for an incoming registration request. More...

Protected Attributes
	$username = 'username'

	$redirectTo = '/'

Detailed Description

This controller handles authentication for the user, including local database users and LDAP users.

Todo:: Move LDAP methods into user model for better separation of concerns.

Author: [A. Gianotto] [snipe.nosp@m.@sni.nosp@m.pe.ne.nosp@m.t]

Version: v1.0

Definition at line 26 of file AuthController.php.

Constructor & Destructor Documentation

App\Http\Controllers\Auth\AuthController::__construct ( )

Create a new authentication controller instance.

Returns: void

Definition at line 46 of file AuthController.php.

     {
         $this->middleware('guest', ['except' => 'logout']);
     }

Member Function Documentation

App\Http\Controllers\Auth\AuthController::createUserFromLdap ( $ldapatttibutes )

Create user from LDAP attributes.

Parameters

$ldapatttibutes

Returns: array|bool

Definition at line 125 of file AuthController.php.

     {
         //Get LDAP attribute config
         $ldap_result_username = Setting::getSettings()->ldap_username_field;
         $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
         $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
         $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
         $ldap_result_email = Setting::getSettings()->ldap_email;
 
         //Get LDAP user data
         $item = array();
         $item["username"] = isset($ldapatttibutes[$ldap_result_username][0]) ? $ldapatttibutes[$ldap_result_username][0] : "";
         $item["employee_number"] = isset($ldapatttibutes[$ldap_result_emp_num][0]) ? $ldapatttibutes[$ldap_result_emp_num][0] : "";
         $item["lastname"] = isset($ldapatttibutes[$ldap_result_last_name][0]) ? $ldapatttibutes[$ldap_result_last_name][0] : "";
         $item["firstname"] = isset($ldapatttibutes[$ldap_result_first_name][0]) ? $ldapatttibutes[$ldap_result_first_name][0] : "";
         $item["email"] = isset($ldapatttibutes[$ldap_result_email][0]) ? $ldapatttibutes[$ldap_result_email][0] : "" ;
 
         //create user
         if (!empty($item["username"])) {
             //$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10);
 
             $newuser = array(
               'first_name' => $item["firstname"],
               'last_name' => $item["lastname"],
               'username' => $item["username"],
               'email' => $item["email"],
               'employee_num' => $item["employee_number"],
               'password' => bcrypt(Input::get("password")), //$pass,
               'activated' => 1,
               'permissions' => ["user" => 1], //'{"user":1}',
               'notes' => 'Imported from LDAP'
             );
             User::save($newuser);
 
         } else {
             throw new Cartalyst\Sentry\Users\UserNotFoundException();
         }
 
         //$item["note"] = "<strong>created</strong>";
         $credentials = array(
             'username' => $item["username"],
             'password' => Input::get("password")//$pass,
         );
         return $credentials;
     }

App\Http\Controllers\Auth\AuthController::ldap	(	$username,
		$password,
		$returnUser = `false`
	)

Authenticates a user to LDAP.

Parameters

	$username
	$password
bool \| false	$returnUser

Returns: bool true if the username and/or password provided are valid false if the username and/or password provided are invalid array of ldap_attributes if $returnUser is true

Definition at line 74 of file AuthController.php.

     {
 
         $ldaphost    = Setting::getSettings()->ldap_server;
         $ldaprdn     = Setting::getSettings()->ldap_uname;
         $ldappass    = \Crypt::decrypt(Setting::getSettings()->ldap_pword);
         $baseDn      = Setting::getSettings()->ldap_basedn;
         $filterQuery = Setting::getSettings()->ldap_auth_filter_query . $username;
         $ldapversion = Setting::getSettings()->ldap_version;
         $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
 
         // If we are ignoring the SSL cert we need to setup the environment variable
         // before we create the connection
         if ($ldap_server_cert_ignore) {
             putenv('LDAPTLS_REQCERT=never');
         }
 
         // Connecting to LDAP
         $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
         // Needed for AD
         ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
         ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldapversion);
 
         try {
             if ($connection) {
               // binding to ldap server
                 $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass);
                 if (($results = @ldap_search($connection, $baseDn, $filterQuery)) != false) {
                     $entry = ldap_first_entry($connection, $results);
                     if (($userDn = @ldap_get_dn($connection, $entry)) != false) {
                         if (($isBound = ldap_bind($connection, $userDn, $password)) == "true") {
                             return $returnUser ?
                             array_change_key_case(ldap_get_attributes($connection, $entry), CASE_LOWER)
                             : true;
                         }
                     }
                 }
             }
         } catch (Exception $e) {
             LOG::error($e->getMessage());
         }
            ldap_close($connection);
             return false;
     }

App\Http\Controllers\Auth\AuthController::login ( )

Account sign in form processing.

Returns: Redirect

Definition at line 177 of file AuthController.php.

     {
         $validator = $this->validator(Input::all());
 
         if ($validator->fails()) {
             return Redirect::back()->withInput()->withErrors($validator);
         }
 
         // Should we even check for LDAP users?
         if (Setting::getSettings()->ldap_enabled=='1') {
 
             LOG::debug("LDAP is enabled.");
           // Check if the user exists in the database
             $user = User::where('username', '=', Input::get('username'))->whereNull('deleted_at')->first();
             LOG::debug("Auth lookup complete");
 
 
           // The user does not exist in the database. Try to get them from LDAP.
           // If user does not exist and authenticates sucessfully with LDAP we
           // will create it on the fly and sign in with default permissions
             if (!$user) {
                 LOG::debug("Local user ".Input::get('username')." does not exist");
                 if ($userattr = $this->ldap(Input::get('username'), Input::get('password'), true)) {
                     LOG::debug("Creating local user from authenticated LDAP user.");
                     $credentials = $this->createUserFromLdap($userattr);
                 } else {
                     LOG::debug("User did not authenticate correctly against LDAP. No local user was created.");
                 }
 
             // If the user exists and they were imported from LDAP already
             } else {
 
                 LOG::debug("Local user ".Input::get('username')." exists in database. Authenticating existing user against LDAP.");
 
                 if ($this->ldap(Input::get('username'), Input::get('password'))) {
                     LOG::debug("Valid LDAP login. Updating the local data.");
                     $user = User::find($user->id); //need the Sentry object, not the Eloquent object, to access critical password hashing functions
                     $user->password = bcrypt(Input::get('password'));
                     $user->ldap_import = 1;
                     $user->save();
 
                 } else {
                     LOG::debug("User did not authenticate correctly against LDAP. Local user was not updated.");
                 }// End LDAP auth
 
             } // End if(!user)
 
         // NO LDAP enabled - just try to login the user normally
         }
 
         LOG::debug("Authenticating user against database.");
         // Try to log the user in
         if (!Auth::attempt(Input::only('username', 'password'), Input::get('remember-me', 0))) {
             LOG::debug("Local authentication failed.");
           // throw new Cartalyst\Sentry\Users\UserNotFoundException();
             return Redirect::back()->withInput()->with('error', trans('auth/message.account_not_found'));
         }
 
         // Get the page we were before
         $redirect = \Session::get('loginRedirect', 'home');
 
         // Unset the page we were before from the session
         \Session::forget('loginRedirect');
 
         // Redirect to the users page
         return Redirect::to($redirect)->with('success', trans('auth/message.signin.success'));
 
         // Ooops.. something went wrong
         return Redirect::back()->withInput()->withErrors($this->messageBag);
     }

App\Http\Controllers\Auth\AuthController::logout ( )

Logout page.

Returns: Redirect

Definition at line 253 of file AuthController.php.

     {
         // Log the user out
         Auth::logout();
 
         // Redirect to the users page
         return Redirect::route('home')->with('success', 'You have successfully logged out!');
     }

App\Http\Controllers\Auth\AuthController::showLoginForm ( )

Definition at line 52 of file AuthController.php.

     {
       // Is the user logged in?
         if (Auth::check()) {
             return redirect()->intended('dashboard');
         }
 
       // Show the page
         return View::make('auth.login');
     }

App\Http\Controllers\Auth\AuthController::validator ( array $data )

protected

Get a validator for an incoming registration request.

Parameters

array $data

Returns

Definition at line 269 of file AuthController.php.

     {
         return Validator::make($data, [
             'username' => 'required',
             'password' => 'required',
         ]);
     }

Member Data Documentation

App\Http\Controllers\Auth\AuthController::$redirectTo = '/'

protected

Definition at line 39 of file AuthController.php.

App\Http\Controllers\Auth\AuthController::$username = 'username'

protected

Definition at line 32 of file AuthController.php.

The documentation for this class was generated from the following file:

AuthController.php

Public Member Functions

Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation