Authenticated admins on all guards upon login

For #2031
2025-04-13 08:21:47 +00:00 · 2020-04-25 18:19:22 +01:00 · 2020-04-25 18:19:22 +01:00 · 519283e643
commit 519283e643
parent 79a949836b
2 changed files with 41 additions and 4 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -125,6 +125,26 @@ class LoginController extends Controller
        return $this->sendFailedLoginResponse($request);
    }

+    /**
+     * The user has been authenticated.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  mixed  $user
+     * @return mixed
+     */
+    protected function authenticated(Request $request, $user)
+    {
+        // Authenticate on all session guards if a likely admin
+        if ($user->can('users-manage') && $user->can('user-roles-manage')) {
+            $guards = ['standard', 'ldap', 'saml2'];
+            foreach ($guards as $guard) {
+                auth($guard)->login($user);
+            }
+        }
+
+        return redirect()->intended($this->redirectPath());
+    }
+
    /**
     * Validate the user login request.
     *
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@ -381,13 +381,30 @@ class AuthTest extends BrowserKitTest
            ->seePageUrlIs($page->getUrl());
    }

+    public function test_login_authenticates_admins_on_all_guards()
+    {
+        $this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
+        $this->assertTrue(auth()->check());
+        $this->assertTrue(auth('ldap')->check());
+        $this->assertTrue(auth('saml2')->check());
+    }
+
+    public function test_login_authenticates_nonadmins_on_default_guard_only()
+    {
+        $editor = $this->getEditor();
+        $editor->password = bcrypt('password');
+        $editor->save();
+
+        $this->post('/login', ['email' => $editor->email, 'password' => 'password']);
+        $this->assertTrue(auth()->check());
+        $this->assertFalse(auth('ldap')->check());
+        $this->assertFalse(auth('saml2')->check());
+    }
+
    /**
     * Perform a login
-     * @param string $email
-     * @param string $password
-     * @return $this
     */
-    protected function login($email, $password)
+    protected function login(string $email, string $password): AuthTest
    {
        return $this->visit('/login')
            ->type($email, '#email')