Updated user interfaces for LDAP and added email from LDAP

app/Http/Controllers/Auth/AuthController.php

@@ -118,11 +118,22 @@ class AuthController extends Controller
      */
     protected function authenticated(Request $request, Authenticatable $user)
     {
+        if(!$user->exists && $user->email === null && !$request->has('email')) {
+            $request->flash();
+            session()->flash('request-email', true);
+            return redirect('/login');
+        }
+
+        if(!$user->exists && $user->email === null && $request->has('email')) {
+            $user->email = $request->get('email');
+        }
+
         if(!$user->exists) {
             $user->save();
             $this->userRepo->attachDefaultRole($user);
             auth()->login($user);
         }
+
         return redirect()->intended($this->redirectPath());
     }
 
@@ -183,7 +194,7 @@ class AuthController extends Controller
     }
 
     /**
-     * Show the page to tell the user to check thier email
+     * Show the page to tell the user to check their email
      * and confirm their address.
      */
     public function getRegisterConfirmation()
@@ -243,7 +254,7 @@ class AuthController extends Controller
         ]);
         $user = $this->userRepo->getByEmail($request->get('email'));
         $this->emailConfirmationService->sendConfirmation($user);
-        \Session::flash('success', 'Confirmation email resent, Please check your inbox.');
+        session()->flash('success', 'Confirmation email resent, Please check your inbox.');
         return redirect('/register/confirm');
     }
 

app/Http/Controllers/UserController.php

@@ -46,7 +46,8 @@ class UserController extends Controller
     public function create()
     {
         $this->checkPermission('user-create');
-        return view('users/create');
+        $authMethod = config('auth.method');
+        return view('users/create', ['authMethod' => $authMethod]);
     }
 
     /**
@@ -94,10 +95,12 @@ class UserController extends Controller
             return $this->currentUser->id == $id;
         });
 
+        $authMethod = config('auth.method');
+
         $user = $this->user->findOrFail($id);
         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
         $this->setPageTitle('User Profile');
-        return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers]);
+        return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
     }
 
     /**
@@ -124,17 +127,24 @@ class UserController extends Controller
         ]);
 
         $user = $this->user->findOrFail($id);
-        $user->fill($request->except('password'));
+        $user->fill($request->all());
 
+        // Role updates
         if ($this->currentUser->can('user-update') && $request->has('role')) {
             $user->attachRoleId($request->get('role'));
         }
 
+        // Password updates
         if ($request->has('password') && $request->get('password') != '') {
             $password = $request->get('password');
             $user->password = bcrypt($password);
         }
 
+        // External auth id updates
+        if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {
+            $user->external_auth_id = $request->get('external_auth_id');
+        }
+
         $user->save();
         return redirect('/users');
     }

app/Providers/LdapUserProvider.php

@@ -87,7 +87,6 @@ class LdapUserProvider implements UserProvider
     public function updateRememberToken(Authenticatable $user, $token)
     {
         $user->setRememberToken($token);
-
         $user->save();
     }
 
@@ -113,6 +112,7 @@ class LdapUserProvider implements UserProvider
 
         $model->name = $userDetails['name'];
         $model->external_auth_id = $userDetails['uid'];
+        $model->email = $userDetails['email'];
         return $model;
     }
 

app/Repos/UserRepo.php

@@ -88,7 +88,7 @@ class UserRepo
      */
     public function create(array $data)
     {
-        return $this->user->create([
+        return $this->user->forceCreate([
             'name'     => $data['name'],
             'email'    => $data['email'],
             'password' => bcrypt($data['password'])

app/Services/LdapService.php

@@ -23,7 +23,7 @@ class LdapService
         // Find user
         $userFilter = $this->buildFilter(config('services.ldap.user_filter'), ['user' => $userName]);
         $baseDn = config('services.ldap.base_dn');
-        $ldapSearch = ldap_search($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn']);
+        $ldapSearch = ldap_search($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', 'mail']);
         $users = ldap_get_entries($ldapConnection, $ldapSearch);
         if ($users['count'] === 0) return null;
 
@@ -31,7 +31,8 @@ class LdapService
         return [
             'uid'  => $user['uid'][0],
             'name' => $user['cn'][0],
-            'dn'   => $user['dn']
+            'dn'   => $user['dn'],
+            'email' => (isset($user['mail'])) ? $user['mail'][0] : null
         ];
     }
 

app/Services/SettingService.php

@@ -38,7 +38,7 @@ class SettingService
      */
     public function get($key, $default = false)
     {
-        $value =  $this->getValueFromStore($key, $default);
+        $value = $this->getValueFromStore($key, $default);
         return $this->formatValue($value, $default);
     }
 
@@ -50,13 +50,17 @@ class SettingService
      */
     protected function getValueFromStore($key, $default)
     {
+        $overrideValue = $this->getOverrideValue($key);
+        if ($overrideValue !== null) return $overrideValue;
+
         $cacheKey = $this->cachePrefix . $key;
         if ($this->cache->has($cacheKey)) {
             return $this->cache->get($cacheKey);
         }
 
         $settingObject = $this->getSettingObjectByKey($key);
-        if($settingObject !== null) {
+
+        if ($settingObject !== null) {
             $value = $settingObject->value;
             $this->cache->forever($cacheKey, $value);
             return $value;
@@ -65,6 +69,10 @@ class SettingService
         return $default;
     }
 
+    /**
+     * Clear an item from the cache completely.
+     * @param $key
+     */
     protected function clearFromCache($key)
     {
         $cacheKey = $this->cachePrefix . $key;
@@ -136,9 +144,23 @@ class SettingService
      * @param $key
      * @return mixed
      */
-    private function getSettingObjectByKey($key)
+    protected function getSettingObjectByKey($key)
     {
         return $this->setting->where('setting_key', '=', $key)->first();
     }
 
+
+    /**
+     * Returns an override value for a setting based on certain app conditions.
+     * Used where certain configuration options overrule others.
+     * Returns null if no override value is available.
+     * @param $key
+     * @return bool|null
+     */
+    protected function getOverrideValue($key)
+    {
+        if ($key === 'registration-enabled' && config('auth.method') === 'ldap') return false;
+        return null;
+    }
+
 }

app/User.php

@@ -24,7 +24,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
      *
      * @var array
      */
-    protected $fillable = ['name', 'email', 'password', 'image_id'];
+    protected $fillable = ['name', 'email', 'image_id'];
 
     /**
      * The attributes excluded from the model's JSON form.
@@ -68,7 +68,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
     }
 
     /**
-     * Loads the user's permissions from thier role.
+     * Loads the user's permissions from their role.
      */
     private function loadPermissions()
     {

config/auth.php

@@ -69,7 +69,7 @@ return [
 
     'providers' => [
         'users' => [
-            'driver' => env('AUTH_METHOD', 'eloquent'),
+            'driver' => env('AUTH_METHOD', 'standard') === 'standard' ? 'eloquent' : env('AUTH_METHOD'),
             'model' => BookStack\User::class,
         ],
 

phpunit.xml

@@ -26,6 +26,7 @@
         <env name="QUEUE_DRIVER" value="sync"/>
         <env name="DB_CONNECTION" value="mysql_testing"/>
         <env name="MAIL_PRETEND" value="true"/>
+        <env name="AUTH_METHOD" value="standard"/>
         <env name="DISABLE_EXTERNAL_SERVICES" value="false"/>
     </php>
 </phpunit>

resources/views/auth/forms/login/ldap.blade.php

@@ -3,6 +3,16 @@
     @include('form/text', ['name' => 'username', 'tabindex' => 1])
 </div>
 
+@if(session('request-email', false) === true)
+    <div class="form-group">
+        <label for="email">Email</label>
+        @include('form/text', ['name' => 'email', 'tabindex' => 1])
+        <span class="text-neg">
+            Please enter an email to use for this account.
+        </span>
+    </div>
+@endif
+
 <div class="form-group">
     <label for="password">Password</label>
     @include('form/password', ['name' => 'password', 'tabindex' => 2])

resources/views/users/create.blade.php

@@ -8,7 +8,7 @@
 
         <form action="/users/create" method="post">
             {!! csrf_field() !!}
-            @include('users/form')
+            @include('users.forms.' . $authMethod)
         </form>
     </div>
 

resources/views/users/edit.blade.php

@@ -25,7 +25,7 @@
                 <h1>Edit {{ $user->id === $currentUser->id ? 'Profile' : 'User' }}</h1>
                 {!! csrf_field() !!}
                 <input type="hidden" name="_method" value="put">
-                @include('users/form', ['model' => $user])
+                @include('users.forms.' . $authMethod, ['model' => $user])
 
             </div>
             <div class="col-md-6">

resources/views/users/forms/ldap.blade.php

@@ -0,0 +1,30 @@
+<div class="form-group">
+    <label for="name">Name</label>
+    @include('form.text', ['name' => 'name'])
+</div>
+
+@if($currentUser->can('user-update'))
+<div class="form-group">
+    <label for="email">Email</label>
+    @include('form.text', ['name' => 'email'])
+</div>
+@endif
+
+@if($currentUser->can('user-update'))
+    <div class="form-group">
+        <label for="role">User Role</label>
+        @include('form.role-select', ['name' => 'role', 'options' => \BookStack\Role::all(), 'displayKey' => 'display_name'])
+    </div>
+@endif
+
+@if($currentUser->can('user-update'))
+    <div class="form-group">
+        <label for="external_auth_id">External Authentication ID</label>
+        @include('form.text', ['name' => 'external_auth_id'])
+    </div>
+@endif
+
+<div class="form-group">
+    <a href="/users" class="button muted">Cancel</a>
+    <button class="button pos" type="submit">Save</button>
+</div>

resources/views/users/forms/standard.blade.php

@@ -1,11 +1,11 @@
 <div class="form-group">
     <label for="name">Name</label>
-    @include('form/text', ['name' => 'name'])
+    @include('form.text', ['name' => 'name'])
 </div>
 
 <div class="form-group">
     <label for="email">Email</label>
-    @include('form/text', ['name' => 'email'])
+    @include('form.text', ['name' => 'email'])
 </div>
 
 @if($currentUser->can('user-update'))
@@ -25,12 +25,12 @@
 
 <div class="form-group">
     <label for="password">Password</label>
-    @include('form/password', ['name' => 'password'])
+    @include('form.password', ['name' => 'password'])
 </div>
 
 <div class="form-group">
     <label for="password-confirm">Confirm Password</label>
-    @include('form/password', ['name' => 'password-confirm'])
+    @include('form.password', ['name' => 'password-confirm'])
 </div>
 
 <div class="form-group">