archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-24 04:33:06 +00:00
Code Issues Projects Releases Wiki Activity

Authenticated admins on all guards upon login

Browse source 
For
This commit is contained in:
Dan Brown 2020-04-25 18:19:22 +01:00
parent 79a949836b
commit 519283e643
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 41 additions and 4 deletions
app/Http/Controllers/Auth
LoginController.php
tests/Auth
AuthTest.php

20
app/Http/Controllers/Auth/LoginController.php
View file

@ -125,6 +125,26 @@ class LoginController extends Controller
return $this->sendFailedLoginResponse($request); return $this->sendFailedLoginResponse($request);
} }
/**
* The user has been authenticated.
*
* @param \Illuminate\Http\Request $request
* @param mixed $user
* @return mixed
*/
protected function authenticated(Request $request, $user)
{
// Authenticate on all session guards if a likely admin
if ($user->can('users-manage') && $user->can('user-roles-manage')) {
$guards = ['standard', 'ldap', 'saml2'];
foreach ($guards as $guard) {
auth($guard)->login($user);
}
}
return redirect()->intended($this->redirectPath());
}
/** /**
* Validate the user login request. * Validate the user login request.
* *

25
tests/Auth/AuthTest.php
View file

@ -381,13 +381,30 @@ class AuthTest extends BrowserKitTest
->seePageUrlIs($page->getUrl()); ->seePageUrlIs($page->getUrl());
} }
public function test_login_authenticates_admins_on_all_guards()
{
$this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
$this->assertTrue(auth()->check());
$this->assertTrue(auth('ldap')->check());
$this->assertTrue(auth('saml2')->check());
}
public function test_login_authenticates_nonadmins_on_default_guard_only()
{
$editor = $this->getEditor();
$editor->password = bcrypt('password');
$editor->save();
$this->post('/login', ['email' => $editor->email, 'password' => 'password']);
$this->assertTrue(auth()->check());
$this->assertFalse(auth('ldap')->check());
$this->assertFalse(auth('saml2')->check());
}
/** /**
* Perform a login * Perform a login
* @param string $email
* @param string $password
* @return $this
*/ */
protected function login($email, $password) protected function login(string $email, string $password): AuthTest
{ {
return $this->visit('/login') return $this->visit('/login')
->type($email, '#email') ->type($email, '#email')