Updated laravel to 5.2 and started ldap implementation

@@ -3,8 +3,11 @@
 namespace BookStack\Exceptions;
 namespace BookStack\Exceptions;
 
 
 use Exception;
 use Exception;
+use Illuminate\Contracts\Validation\ValidationException;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Illuminate\Auth\Access\AuthorizationException;
 
 
 class Handler extends ExceptionHandler
 class Handler extends ExceptionHandler
 {
 {
@@ -14,7 +17,10 @@ class Handler extends ExceptionHandler
      * @var array
      * @var array
      */
      */
     protected $dontReport = [
     protected $dontReport = [
+        AuthorizationException::class,
         HttpException::class,
         HttpException::class,
+        ModelNotFoundException::class,
+        ValidationException::class,
     ];
     ];
 
 
     /**
     /**

+<?php namespace BookStack\Exceptions;
+
+
+use Exception;
+
+class LdapException extends Exception
+{
+
+}
\ No newline at end of file

@@ -29,7 +29,6 @@ class AuthController extends Controller
 
 
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;
 
 
-    protected $loginPath = '/login';
     protected $redirectPath = '/';
     protected $redirectPath = '/';
     protected $redirectAfterLogout = '/login';
     protected $redirectAfterLogout = '/login';
 
 
@@ -232,13 +231,9 @@ class AuthController extends Controller
      */
      */
     public function getLogin()
     public function getLogin()
     {
     {
-
-        if (view()->exists('auth.authenticate')) {
-            return view('auth.authenticate');
-        }
-
         $socialDrivers = $this->socialAuthService->getActiveDrivers();
         $socialDrivers = $this->socialAuthService->getActiveDrivers();
-        return view('auth.login', ['socialDrivers' => $socialDrivers]);
+        $authMethod = 'standard'; // TODO - rewrite to use config.
+        return view('auth/login', ['socialDrivers' => $socialDrivers, 'authMethod' => $authMethod]);
     }
     }
 
 
     /**
     /**
@@ -253,7 +248,7 @@ class AuthController extends Controller
     }
     }
 
 
     /**
     /**
-     * Redirect to the social site for authentication initended to register.
+     * Redirect to the social site for authentication intended to register.
      * @param $socialDriver
      * @param $socialDriver
      * @return mixed
      * @return mixed
      */
      */

@@ -48,7 +48,7 @@ abstract class Controller extends BaseController
      */
      */
     protected function preventAccessForDemoUsers()
     protected function preventAccessForDemoUsers()
     {
     {
-        if (env('APP_ENV', 'production') === 'demo') $this->showPermissionError();
+        if (config('app.env') === 'demo') $this->showPermissionError();
     }
     }
 
 
     /**
     /**

@@ -72,7 +72,7 @@ class UserController extends Controller
         $user->attachRoleId($request->get('role'));
         $user->attachRoleId($request->get('role'));
 
 
         // Get avatar from gravatar and save
         // Get avatar from gravatar and save
-        if (!env('DISABLE_EXTERNAL_SERVICES', false)) {
+        if (!config('services.disable_services')) {
             $avatar = \Images::saveUserGravatar($user);
             $avatar = \Images::saveUserGravatar($user);
             $user->avatar()->associate($avatar);
             $user->avatar()->associate($avatar);
             $user->save();
             $user->save();

 <?php
 <?php
 
 
+Route::get('/test', function() {
+    // TODO - remove this
+    $service = new \BookStack\Services\LdapService();
+    $service->getUserDetails('ssmith');
+});
+
 // Authenticated routes...
 // Authenticated routes...
 Route::group(['middleware' => 'auth'], function () {
 Route::group(['middleware' => 'auth'], function () {
 
 

+<?php
+
+namespace BookStack\Providers;
+
+use Auth;
+use Illuminate\Support\ServiceProvider;
+
+class AuthServiceProvider extends ServiceProvider
+{
+    /**
+     * Bootstrap the application services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        //
+    }
+
+    /**
+     * Register the application services.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        Auth::provider('ldap', function($app, array $config) {
+            return new LdapUserProvider($config['model']);
+        });
+    }
+}

+<?php
+
+namespace BookStack\Providers;
+
+
+use BookStack\User;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Contracts\Auth\UserProvider;
+
+class LdapUserProvider implements UserProvider
+{
+
+    /**
+     * The user model.
+     *
+     * @var string
+     */
+    protected $model;
+
+
+    /**
+     * LdapUserProvider constructor.
+     * @param $model
+     */
+    public function __construct($model)
+    {
+        $this->model = $model;
+    }
+
+    /**
+     * Create a new instance of the model.
+     *
+     * @return \Illuminate\Database\Eloquent\Model
+     */
+    public function createModel()
+    {
+        $class = '\\'.ltrim($this->model, '\\');
+
+        return new $class;
+    }
+
+
+    /**
+     * Retrieve a user by their unique identifier.
+     *
+     * @param  mixed $identifier
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     */
+    public function retrieveById($identifier)
+    {
+        return $this->createModel()->newQuery()->find($identifier);
+    }
+
+    /**
+     * Retrieve a user by their unique identifier and "remember me" token.
+     *
+     * @param  mixed  $identifier
+     * @param  string  $token
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     */
+    public function retrieveByToken($identifier, $token)
+    {
+        $model = $this->createModel();
+
+        return $model->newQuery()
+            ->where($model->getAuthIdentifierName(), $identifier)
+            ->where($model->getRememberTokenName(), $token)
+            ->first();
+    }
+
+
+    /**
+     * Update the "remember me" token for the given user in storage.
+     *
+     * @param  \Illuminate\Contracts\Auth\Authenticatable $user
+     * @param  string                                     $token
+     * @return void
+     */
+    public function updateRememberToken(Authenticatable $user, $token)
+    {
+        $user->setRememberToken($token);
+
+        $user->save();
+    }
+
+    /**
+     * Retrieve a user by the given credentials.
+     *
+     * @param  array $credentials
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     */
+    public function retrieveByCredentials(array $credentials)
+    {
+        // TODO: Implement retrieveByCredentials() method.
+
+        // Get user via LDAP
+
+        // Search current user base by looking up a uid
+
+        // If not exists create a new user instance with attached role
+        // but do not store it in the database yet
+
+        //
+    }
+
+    /**
+     * Validate a user against the given credentials.
+     *
+     * @param  \Illuminate\Contracts\Auth\Authenticatable $user
+     * @param  array                                      $credentials
+     * @return bool
+     */
+    public function validateCredentials(Authenticatable $user, array $credentials)
+    {
+        // TODO: Implement validateCredentials() method.
+    }
+}

@@ -200,7 +200,7 @@ class ImageService
     {
     {
         if ($this->storageInstance !== null) return $this->storageInstance;
         if ($this->storageInstance !== null) return $this->storageInstance;
 
 
-        $storageType = env('STORAGE_TYPE');
+        $storageType = config('filesystems.default');
         $this->storageInstance = $this->fileSystem->disk($storageType);
         $this->storageInstance = $this->fileSystem->disk($storageType);
 
 
         return $this->storageInstance;
         return $this->storageInstance;
@@ -226,10 +226,10 @@ class ImageService
     private function getPublicUrl($filePath)
     private function getPublicUrl($filePath)
     {
     {
         if ($this->storageUrl === null) {
         if ($this->storageUrl === null) {
-            $storageUrl = env('STORAGE_URL');
+            $storageUrl = config('filesystems.url');
 
 
             // Get the standard public s3 url if s3 is set as storage type
             // Get the standard public s3 url if s3 is set as storage type
-            if ($storageUrl == false && env('STORAGE_TYPE') === 's3') {
+            if ($storageUrl == false && config('filesystems.default') === 's3') {
                 $storageDetails = config('filesystems.disks.s3');
                 $storageDetails = config('filesystems.disks.s3');
                 $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];
                 $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];
             }
             }

+<?php namespace BookStack\Services;
+
+
+use BookStack\Exceptions\LdapException;
+
+class LdapService
+{
+
+    public function getUserDetails($userName)
+    {
+
+        if(!function_exists('ldap_connect')) {
+            throw new LdapException('LDAP PHP extension not installed');
+        }
+
+
+        $ldapServer = explode(':', config('services.ldap.server'));
+        $ldapConnection = ldap_connect($ldapServer[0], count($ldapServer) > 1 ? $ldapServer[1] : 389);
+
+        if ($ldapConnection === false) {
+            throw new LdapException('Cannot connect to ldap server, Initial connection failed');
+        }
+
+        // Options
+
+        ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); // TODO - make configurable
+
+        $ldapDn = config('services.ldap.dn');
+        $ldapPass = config('services.ldap.pass');
+        $isAnonymous = ($ldapDn === false || $ldapPass === false);
+        if ($isAnonymous) {
+            $ldapBind = ldap_bind($ldapConnection);
+        } else {
+            $ldapBind = ldap_bind($ldapConnection, $ldapDn, $ldapPass);
+        }
+
+        if (!$ldapBind) throw new LdapException('LDAP access failed using ' . $isAnonymous ? ' anonymous bind.' : ' given dn & pass details');
+
+        // Find user
+        $userFilter = $this->buildFilter(config('services.ldap.user_filter'), ['user' => $userName]);
+        //dd($userFilter);
+        $baseDn = config('services.ldap.base_dn');
+        $ldapSearch = ldap_search($ldapConnection, $baseDn, $userFilter);
+        $users = ldap_get_entries($ldapConnection, $ldapSearch);
+
+        dd($users);
+    }
+
+
+    private function buildFilter($filterString, $attrs)
+    {
+        $newAttrs = [];
+        foreach ($attrs as $key => $attrText) {
+            $newKey = '${'.$key.'}';
+            $newAttrs[$newKey] = $attrText;
+        }
+        return strtr($filterString, $newAttrs);
+    }
+
+}
\ No newline at end of file

@@ -76,9 +76,9 @@ class SocialAuthService
             throw new UserRegistrationException('This ' . $socialDriver . ' account is already in use, Try logging in via the ' . $socialDriver . ' option.', '/login');
             throw new UserRegistrationException('This ' . $socialDriver . ' account is already in use, Try logging in via the ' . $socialDriver . ' option.', '/login');
         }
         }
 
 
-        if($this->userRepo->getByEmail($socialUser->getEmail())) {
+        if ($this->userRepo->getByEmail($socialUser->getEmail())) {
             $email = $socialUser->getEmail();
             $email = $socialUser->getEmail();
-            throw new UserRegistrationException('The email '. $email.' is already in use. If you already have an account you can connect your ' . $socialDriver .' account from your profile settings.', '/login');
+            throw new UserRegistrationException('The email ' . $email . ' is already in use. If you already have an account you can connect your ' . $socialDriver . ' account from your profile settings.', '/login');
         }
         }
 
 
         return $socialUser;
         return $socialUser;
@@ -172,9 +172,10 @@ class SocialAuthService
      */
      */
     private function checkDriverConfigured($driver)
     private function checkDriverConfigured($driver)
     {
     {
-        $upperName = strtoupper($driver);
-        $config = [env($upperName . '_APP_ID', false), env($upperName . '_APP_SECRET', false), env('APP_URL', false)];
-        return (!in_array(false, $config) && !in_array(null, $config));
+        $lowerName = strtolower($driver);
+        $configPrefix = 'services.' . $lowerName . '.';
+        $config = [config($configPrefix . 'client_id'), config($configPrefix . 'client_secret'), config('services.callback_url')];
+        return !in_array(false, $config) && !in_array(null, $config);
     }
     }
 
 
     /**
     /**

@@ -6,7 +6,7 @@
     "type": "project",
     "type": "project",
     "require": {
     "require": {
         "php": ">=5.5.9",
         "php": ">=5.5.9",
-        "laravel/framework": "5.1.*",
+        "laravel/framework": "5.2.*",
         "intervention/image": "^2.3",
         "intervention/image": "^2.3",
         "laravel/socialite": "^2.0",
         "laravel/socialite": "^2.0",
         "barryvdh/laravel-ide-helper": "^2.1",
         "barryvdh/laravel-ide-helper": "^2.1",
@@ -17,7 +17,9 @@
         "fzaninotto/faker": "~1.4",
         "fzaninotto/faker": "~1.4",
         "mockery/mockery": "0.9.*",
         "mockery/mockery": "0.9.*",
         "phpunit/phpunit": "~4.0",
         "phpunit/phpunit": "~4.0",
-        "phpspec/phpspec": "~2.1"
+        "phpspec/phpspec": "~2.1",
+        "symfony/dom-crawler": "~3.0",
+        "symfony/css-selector": "~3.0"
     },
     },
     "autoload": {
     "autoload": {
         "classmap": [
         "classmap": [

@@ -2,6 +2,9 @@
 
 
 return [
 return [
 
 
+
+    'env' => env('APP_ENV', 'production'),
+
     /*
     /*
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
     | Application Debug Mode
     | Application Debug Mode
@@ -113,13 +116,11 @@ return [
         /*
         /*
          * Laravel Framework Service Providers...
          * Laravel Framework Service Providers...
          */
          */
-        Illuminate\Foundation\Providers\ArtisanServiceProvider::class,
         Illuminate\Auth\AuthServiceProvider::class,
         Illuminate\Auth\AuthServiceProvider::class,
         Illuminate\Broadcasting\BroadcastServiceProvider::class,
         Illuminate\Broadcasting\BroadcastServiceProvider::class,
         Illuminate\Bus\BusServiceProvider::class,
         Illuminate\Bus\BusServiceProvider::class,
         Illuminate\Cache\CacheServiceProvider::class,
         Illuminate\Cache\CacheServiceProvider::class,
         Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
         Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
-        Illuminate\Routing\ControllerServiceProvider::class,
         Illuminate\Cookie\CookieServiceProvider::class,
         Illuminate\Cookie\CookieServiceProvider::class,
         Illuminate\Database\DatabaseServiceProvider::class,
         Illuminate\Database\DatabaseServiceProvider::class,
         Illuminate\Encryption\EncryptionServiceProvider::class,
         Illuminate\Encryption\EncryptionServiceProvider::class,
@@ -149,6 +150,7 @@ return [
         /*
         /*
          * Application Service Providers...
          * Application Service Providers...
          */
          */
+        BookStack\Providers\AuthServiceProvider::class,
         BookStack\Providers\AppServiceProvider::class,
         BookStack\Providers\AppServiceProvider::class,
         BookStack\Providers\EventServiceProvider::class,
         BookStack\Providers\EventServiceProvider::class,
         BookStack\Providers\RouteServiceProvider::class,
         BookStack\Providers\RouteServiceProvider::class,

@@ -2,66 +2,109 @@
 
 
 return [
 return [
 
 
+
+    'method' => env('AUTH_METHOD', 'standard'),
+
     /*
     /*
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
-    | Default Authentication Driver
+    | Authentication Defaults
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
     |
     |
-    | This option controls the authentication driver that will be utilized.
-    | This driver manages the retrieval and authentication of the users
-    | attempting to get access to protected areas of your application.
-    |
-    | Supported: "database", "eloquent"
+    | This option controls the default authentication "guard" and password
+    | reset options for your application. You may change these defaults
+    | as required, but they're a perfect start for most applications.
     |
     |
     */
     */
 
 
-    'driver' => 'eloquent',
+    'defaults' => [
+        'guard' => 'web',
+        'passwords' => 'users',
+    ],
 
 
     /*
     /*
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
-    | Authentication Model
+    | Authentication Guards
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
     |
     |
-    | When using the "Eloquent" authentication driver, we need to know which
-    | Eloquent model should be used to retrieve your users. Of course, it
-    | is often just the "User" model but you may use whatever you like.
+    | Next, you may define every authentication guard for your application.
+    | Of course, a great default configuration has been defined for you
+    | here which uses session storage and the Eloquent user provider.
+    |
+    | All authentication drivers have a user provider. This defines how the
+    | users are actually retrieved out of your database or other storage
+    | mechanisms used by this application to persist your user's data.
+    |
+    | Supported: "session", "token"
     |
     |
     */
     */
 
 
-    'model' => BookStack\User::class,
+    'guards' => [
+        'web' => [
+            'driver' => 'session',
+            'provider' => 'users',
+        ],
+
+        'api' => [
+            'driver' => 'token',
+            'provider' => 'users',
+        ],
+    ],
 
 
     /*
     /*
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
-    | Authentication Table
+    | User Providers
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
     |
     |
-    | When using the "Database" authentication driver, we need to know which
-    | table should be used to retrieve your users. We have chosen a basic
-    | default value but you may easily change it to any table you like.
+    | All authentication drivers have a user provider. This defines how the
+    | users are actually retrieved out of your database or other storage
+    | mechanisms used by this application to persist your user's data.
+    |
+    | If you have multiple user tables or models you may configure multiple
+    | sources which represent each model / table. These sources may then
+    | be assigned to any extra authentication guards you have defined.
+    |
+    | Supported: "database", "eloquent"
     |
     |
     */
     */
 
 
-    'table' => 'users',
+    'providers' => [
+        'users' => [
+            'driver' => env('AUTH_METHOD', 'eloquent'),
+            'model' => Bookstack\User::class,
+        ],
+
+        // 'users' => [
+        //     'driver' => 'database',
+        //     'table' => 'users',
+        // ],
+    ],
 
 
     /*
     /*
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
-    | Password Reset Settings
+    | Resetting Passwords
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------
     |
     |
     | Here you may set the options for resetting passwords including the view
     | Here you may set the options for resetting passwords including the view
-    | that is your password reset e-mail. You can also set the name of the
+    | that is your password reset e-mail. You may also set the name of the
     | table that maintains all of the reset tokens for your application.
     | table that maintains all of the reset tokens for your application.
     |
     |
+    | You may specify multiple password reset configurations if you have more
+    | than one user table or model in the application and you want to have
+    | separate password reset settings based on the specific user types.
+    |
     | The expire time is the number of minutes that the reset token should be
     | The expire time is the number of minutes that the reset token should be
     | considered valid. This security feature keeps tokens short-lived so
     | considered valid. This security feature keeps tokens short-lived so
     | they have less time to be guessed. You may change this as needed.
     | they have less time to be guessed. You may change this as needed.
     |
     |
     */
     */
 
 
-    'password' => [
+    'passwords' => [
+        'users' => [
+            'provider' => 'users',
             'email' => 'emails.password',
             'email' => 'emails.password',
             'table' => 'password_resets',
             'table' => 'password_resets',
             'expire' => 60,
             'expire' => 60,
         ],
         ],
+    ],
 
 
 ];
 ];
\ No newline at end of file

@@ -15,7 +15,18 @@ return [
     |
     |
     */
     */
 
 
-    'default' => 'local',
+    'default' => env('STORAGE_TYPE', 'local'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Storage URL
+    |--------------------------------------------------------------------------
+    |
+    | This is the url to where the storage is located for when using an external
+    | file storage service, such as s3, to store publicly accessible assets.
+    |
+    */
+    'url' => env('STORAGE_URL', false),
 
 
     /*
     /*
     |--------------------------------------------------------------------------
     |--------------------------------------------------------------------------

@@ -13,6 +13,8 @@ return [
     | to have a conventional place to find your various credentials.
     | to have a conventional place to find your various credentials.
     |
     |
     */
     */
+    'disable_services' => env('DISABLE_EXTERNAL_SERVICES', false),
+    'callback_url' => env('APP_URL', false),
 
 
     'mailgun'  => [
     'mailgun'  => [
         'domain' => '',
         'domain' => '',
@@ -47,4 +49,12 @@ return [
         'redirect'      => env('APP_URL') . '/login/service/google/callback',
         'redirect'      => env('APP_URL') . '/login/service/google/callback',
     ],
     ],
 
 
+    'ldap' => [
+        'server' => env('LDAP_SERVER', false),
+        'dn' => env('LDAP_DN', false),
+        'pass' => env('LDAP_PASS', false),
+        'base_dn' => env('LDAP_BASE_DN', false),
+        'user_filter' => env('LDAP_USER_FILTER', '(&(uid=${user}))')
+    ]
+
 ];
 ];

+<div class="form-group">
+    <label for="email">Username</label>
+    @include('form/text', ['name' => 'email', 'tabindex' => 1])
+</div>
+
+<div class="form-group">
+    <label for="password">Password</label>
+    @include('form/password', ['name' => 'password', 'tabindex' => 2])
+</div>
\ No newline at end of file

+<div class="form-group">
+    <label for="email">Email</label>
+    @include('form/text', ['name' => 'email', 'tabindex' => 1])
+</div>
+
+<div class="form-group">
+    <label for="password">Password</label>
+    @include('form/password', ['name' => 'password', 'tabindex' => 2])
+    <span class="block small"><a href="/password/email">Forgot Password?</a></span>
+</div>
\ No newline at end of file

@@ -15,16 +15,8 @@
             <form action="/login" method="POST" id="login-form">
             <form action="/login" method="POST" id="login-form">
                 {!! csrf_field() !!}
                 {!! csrf_field() !!}
 
 
-                <div class="form-group">
-                    <label for="email">Email</label>
-                    @include('form/text', ['name' => 'email', 'tabindex' => 1])
-                </div>
 
 
-                <div class="form-group">
-                    <label for="password">Password</label>
-                    @include('form/password', ['name' => 'password', 'tabindex' => 2])
-                    <span class="block small"><a href="/password/email">Forgot Password?</a></span>
-                </div>
+                @include('auth/forms/login/' . $authMethod)
 
 
                 <div class="form-group">
                 <div class="form-group">
                     <label for="remember" class="inline">Remember Me</label>
                     <label for="remember" class="inline">Remember Me</label>
@@ -34,7 +26,7 @@
 
 
 
 
                 <div class="from-group">
                 <div class="from-group">
-                    <button class="button block pos" tabindex="3">Sign In</button>
+                    <button class="button block pos" tabindex="3"><i class="zmdi zmdi-sign-in"></i> Sign In</button>
                 </div>
                 </div>
             </form>
             </form>