BookStack/app/App/Providers/AuthServiceProvider.php

<?php

namespace BookStack\App\Providers;

use BookStack\Access\ExternalBaseUserProvider;
use BookStack\Access\Guards\AsyncExternalBaseSessionGuard;
use BookStack\Access\Guards\LdapSessionGuard;
use BookStack\Access\LdapService;
use BookStack\Access\LoginService;
use BookStack\Access\RegistrationService;
use BookStack\Api\ApiTokenGuard;
use BookStack\Users\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\ServiceProvider;
use Illuminate\Validation\Rules\Password;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap the application services.
     */
    public function boot(): void
    {
        // Password Configuration
        // Changes here must be reflected in ApiDocsGenerate@getValidationAsString.
        Password::defaults(fn () => Password::min(8));

        // Custom guards
        Auth::extend('api-token', function ($app, $name, array $config) {
            return new ApiTokenGuard($app['request'], $app->make(LoginService::class));
        });

        Auth::extend('ldap-session', function ($app, $name, array $config) {
            $provider = Auth::createUserProvider($config['provider']);

            return new LdapSessionGuard(
                $name,
                $provider,
                $app['session.store'],
                $app[LdapService::class],
                $app[RegistrationService::class]
            );
        });

        Auth::extend('async-external-session', function ($app, $name, array $config) {
            $provider = Auth::createUserProvider($config['provider']);

            return new AsyncExternalBaseSessionGuard(
                $name,
                $provider,
                $app['session.store'],
                $app[RegistrationService::class]
            );
        });
    }

    /**
     * Register the application services.
     */
    public function register(): void
    {
        Auth::provider('external-users', function ($app, array $config) {
            return new ExternalBaseUserProvider($config['model']);
        });

        // Bind and provide the default system user as a singleton to the app instance when needed.
        // This effectively "caches" fetching the user at an app-instance level.
        $this->app->singleton('users.default', function () {
            return User::query()->where('system_name', '=', 'public')->first();
        });
    }
}
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`<?php`

Played around with a new app structure 2023-05-18 00:56:55 +08:00			`namespace BookStack\App\Providers;`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00
Played around with a new app structure 2023-05-18 00:56:55 +08:00			`use BookStack\Access\ExternalBaseUserProvider;`
			`use BookStack\Access\Guards\AsyncExternalBaseSessionGuard;`
			`use BookStack\Access\Guards\LdapSessionGuard;`
			`use BookStack\Access\LdapService;`
			`use BookStack\Access\LoginService;`
			`use BookStack\Access\RegistrationService;`
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 22:51:28 +08:00			`use BookStack\Api\ApiTokenGuard;`
Guest control: Cleaned methods involved in fetching/handling - Moves guest user caching from User class to app container for simplicity. - Updates test to use simpler $this->users->guest() method for consistency. - Streamlined helpers to avoid function overlap for simplicity. - Extracted user profile dropdown while doing changes. 2023-09-16 20:18:35 +08:00			`use BookStack\Users\Models\User;`
Applied styleci changes 2021-09-26 22:48:22 +08:00			`use Illuminate\Support\Facades\Auth;`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`use Illuminate\Support\ServiceProvider;`
Aligned password length requirements Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237 2021-12-19 00:31:48 +08:00			`use Illuminate\Validation\Rules\Password;`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00
			`class AuthServiceProvider extends ServiceProvider`
			`{`
			`/**`
			`* Bootstrap the application services.`
			`*/`
Framework: Upgrade from Laravel 9 to 10 Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made. 2024-03-16 23:12:14 +08:00			`public function boot(): void`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`{`
Aligned password length requirements Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237 2021-12-19 00:31:48 +08:00			`// Password Configuration`
Added user-update API endpoint - Required changing the docs generator to handle more complex object-style rules. Bit of a hack for some types (password). - Extracted core update logic to repo for sharing with API. - Moved user update language string to align with activity/logging system. - Added tests to cover. 2022-02-04 00:52:28 +08:00			`// Changes here must be reflected in ApiDocsGenerate@getValidationAsString.`
Refactored app service providers Removed old pagination provider as url handling now achieved in a better way. Removed unused broadcast service provider. Moved view-based tweaks into specific provider. Reorganised provider config list. 2022-09-27 09:48:05 +08:00			`Password::defaults(fn () => Password::min(8));`
Aligned password length requirements Updated all password validation to use central password defaults system while updating length requirements to now all match at 8 characters minimum. Some language text was technically correct (More than 7 characters) but this has been updated for clarity and to prompt other translations to be updated. Closes #2237 2021-12-19 00:31:48 +08:00
			`// Custom guards`
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 22:51:28 +08:00			`Auth::extend('api-token', function ($app, $name, array $config) {`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-06 05:07:08 +08:00			`return new ApiTokenGuard($app['request'], $app->make(LoginService::class));`
Extracted API auth into guard Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings. 2019-12-30 22:51:28 +08:00			`});`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 19:42:22 +08:00
			`Auth::extend('ldap-session', function ($app, $name, array $config) {`
			`$provider = Auth::createUserProvider($config['provider']);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 19:42:22 +08:00			`return new LdapSessionGuard(`
			`$name,`
			`$provider,`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-06 05:07:08 +08:00			`$app['session.store'],`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 19:42:22 +08:00			`$app[LdapService::class],`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-03 01:31:00 +08:00			`$app[RegistrationService::class]`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 19:42:22 +08:00			`);`
			`});`
Added files missed in previous commit 2020-02-02 18:59:03 +08:00
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-07 06:05:26 +08:00			`Auth::extend('async-external-session', function ($app, $name, array $config) {`
Added files missed in previous commit 2020-02-02 18:59:03 +08:00			`$provider = Auth::createUserProvider($config['provider']);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Continued review of #2169 - Removed uneeded custom refresh or logout actions for OIDC. - Restructured how the services and guards are setup for external auth systems. SAML2 and OIDC now directly share a lot more logic. - Renamed any OpenId references to OIDC or OpenIdConnect - Removed non-required CSRF excemption for OIDC Not tested, Come to roadblock due to lack of PHP8 support in upstream dependancies. Certificate was deemed to be non-valid on every test attempt due to changes in PHP8. 2021-10-07 06:05:26 +08:00			`return new AsyncExternalBaseSessionGuard(`
Added files missed in previous commit 2020-02-02 18:59:03 +08:00			`$name,`
			`$provider,`
Updated API auth handling of email confirmations Email confirmations are now done within the guard during auth checking instead of at the middleware layer. 2021-08-06 05:07:08 +08:00			`$app['session.store'],`
Checked over and aligned registration option behavior across all auth options - Added tests to cover 2020-02-03 01:31:00 +08:00			`$app[RegistrationService::class]`
Added files missed in previous commit 2020-02-02 18:59:03 +08:00			`);`
			`});`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`}`

			`/**`
			`* Register the application services.`
			`*/`
Framework: Upgrade from Laravel 9 to 10 Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made. 2024-03-16 23:12:14 +08:00			`public function register(): void`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`{`
Started alignment of auth services - Removed LDAP specific logic from login controller, placed in Guard. - Created safer base user provider for ldap login, to be used for SAML soon. - Moved LDAP auth work from user provider to guard. 2020-02-01 19:42:22 +08:00			`Auth::provider('external-users', function ($app, array $config) {`
			`return new ExternalBaseUserProvider($config['model']);`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`});`
Guest control: Cleaned methods involved in fetching/handling - Moves guest user caching from User class to app container for simplicity. - Updates test to use simpler $this->users->guest() method for consistency. - Streamlined helpers to avoid function overlap for simplicity. - Extracted user profile dropdown while doing changes. 2023-09-16 20:18:35 +08:00
			`// Bind and provide the default system user as a singleton to the app instance when needed.`
			`// This effectively "caches" fetching the user at an app-instance level.`
			`$this->app->singleton('users.default', function () {`
			`return User::query()->where('system_name', '=', 'public')->first();`
			`});`
Updated laravel to 5.2 and started ldap implementation 2016-01-10 03:23:35 +08:00			`}`
			`}`