Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/release' into vatger
Browse files Browse the repository at this point in the history
  • Loading branch information
paulhollmann committed Jan 16, 2024
2 parents 4fb606b + 457adc1 commit d9a9c5e
Show file tree
Hide file tree
Showing 464 changed files with 7,375 additions and 4,532 deletions.
1 change: 1 addition & 0 deletions .env.example.complete
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,7 @@ OIDC_USER_TO_GROUPS=false
OIDC_GROUPS_CLAIM=groups
OIDC_REMOVE_FROM_GROUPS=false
OIDC_EXTERNAL_ID_CLAIM=sub
OIDC_END_SESSION_ENDPOINT=false

# Disable default third-party services such as Gravatar and Draw.IO
# Service-specific options will override this option
Expand Down
17 changes: 16 additions & 1 deletion .github/translators.txt
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ Alexander Predl (Harveyhase68) :: German
Rem (Rem9000) :: Dutch
Michał Stelmach (stelmach-web) :: Polish
arniom :: French
REMOVED_USER :: French; Dutch; Turkish;
REMOVED_USER :: French; Dutch; Portuguese, Brazilian; Portuguese; Turkish;
林祖年 (contagion) :: Chinese Traditional
Siamak Guodarzi (siamakgoudarzi88) :: Persian
Lis Maestrelo (lismtrl) :: Portuguese, Brazilian
Expand Down Expand Up @@ -371,3 +371,18 @@ LameeQS :: Latvian
Sorin T. (trimbitassorin) :: Romanian
poesty :: Chinese Simplified
balmag :: Hungarian
Antti-Jussi Nygård (ajnyga) :: Finnish
Eduard Ereza Martínez (Ereza) :: Catalan
Jabir Lang (amar.almrad) :: Arabic
Jaroslav Koblizek (foretix) :: Czech; French
Wiktor Adamczyk (adamczyk.wiktor) :: Polish
Abdulmajeed Alshuaibi (4Majeed) :: Arabic
NotSmartZakk :: Czech
HyoungMin Lee (ddokkaebi) :: Korean
Dasferco :: Chinese Simplified
Marcus Teräs (mteras) :: Finnish
Serkan Yardim (serkanzz) :: Turkish
Y (cnsr) :: Ukrainian
ZY ZV (vy0b0x) :: Chinese Simplified
diegobenitez :: Spanish
Marc Hagen (MarcHagen) :: Dutch
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,4 @@ webpack-stats.json
phpstan.neon
composer.lock
esbuild-meta.json
.phpactor.json
13 changes: 2 additions & 11 deletions app/Access/Controllers/ForgotPasswordController.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,6 @@

class ForgotPasswordController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest');
Expand All @@ -30,10 +25,6 @@ public function showLinkRequestForm()

/**
* Send a reset link to the given user.
*
* @param \Illuminate\Http\Request $request
*
* @return \Illuminate\Http\RedirectResponse
*/
public function sendResetLinkEmail(Request $request)
{
Expand All @@ -56,13 +47,13 @@ public function sendResetLinkEmail(Request $request)
$message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
$this->showSuccessNotification($message);

return back()->with('status', trans($response));
return redirect('/password/email')->with('status', trans($response));
}

// If an error was returned by the password broker, we will get this message
// translated so we can notify a user of the problem. We'll redirect back
// to where the users came from so they can attempt this process again.
return back()->withErrors(
return redirect('/password/email')->withErrors(
['email' => trans($response)]
);
}
Expand Down
48 changes: 11 additions & 37 deletions app/Access/Controllers/LoginController.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,42 +3,34 @@
namespace BookStack\Access\Controllers;

use BookStack\Access\LoginService;
use BookStack\Access\SocialAuthService;
use BookStack\Access\SocialDriverManager;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\LoginAttemptException;
use BookStack\Facades\Activity;
use BookStack\Http\Controller;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\ValidationException;

class LoginController extends Controller
{
use ThrottlesLogins;

protected SocialAuthService $socialAuthService;
protected LoginService $loginService;

/**
* Create a new controller instance.
*/
public function __construct(SocialAuthService $socialAuthService, LoginService $loginService)
{
public function __construct(
protected SocialDriverManager $socialDriverManager,
protected LoginService $loginService,
) {
$this->middleware('guest', ['only' => ['getLogin', 'login']]);
$this->middleware('guard:standard,ldap', ['only' => ['login']]);
$this->middleware('guard:standard,ldap,oidc', ['only' => ['logout']]);

$this->socialAuthService = $socialAuthService;
$this->loginService = $loginService;
}

/**
* Show the application login form.
*/
public function getLogin(Request $request)
{
$socialDrivers = $this->socialAuthService->getActiveDrivers();
$socialDrivers = $this->socialDriverManager->getActive();
$authMethod = config('auth.method');
$preventInitiation = $request->get('prevent_auto_init') === 'true';

Expand All @@ -52,7 +44,7 @@ public function getLogin(Request $request)
// Store the previous location for redirect after login
$this->updateIntendedFromPrevious();

if (!$preventInitiation && $this->shouldAutoInitiate()) {
if (!$preventInitiation && $this->loginService->shouldAutoInitiate()) {
return view('auth.login-initiate', [
'authMethod' => $authMethod,
]);
Expand Down Expand Up @@ -101,15 +93,9 @@ public function login(Request $request)
/**
* Logout user and perform subsequent redirect.
*/
public function logout(Request $request)
public function logout()
{
Auth::guard()->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();

$redirectUri = $this->shouldAutoInitiate() ? '/login?prevent_auto_init=true' : '/';

return redirect($redirectUri);
return redirect($this->loginService->logout());
}

/**
Expand Down Expand Up @@ -200,7 +186,7 @@ protected function updateIntendedFromPrevious(): void
{
// Store the previous location for redirect after login
$previous = url()->previous('');
$isPreviousFromInstance = (strpos($previous, url('/')) === 0);
$isPreviousFromInstance = str_starts_with($previous, url('/'));
if (!$previous || !setting('app-public') || !$isPreviousFromInstance) {
return;
}
Expand All @@ -211,23 +197,11 @@ protected function updateIntendedFromPrevious(): void
];

foreach ($ignorePrefixList as $ignorePrefix) {
if (strpos($previous, url($ignorePrefix)) === 0) {
if (str_starts_with($previous, url($ignorePrefix))) {
return;
}
}

redirect()->setIntendedUrl($previous);
}

/**
* Check if login auto-initiate should be valid based upon authentication config.
*/
protected function shouldAutoInitiate(): bool
{
$socialDrivers = $this->socialAuthService->getActiveDrivers();
$authMethod = config('auth.method');
$autoRedirect = config('auth.auto_initiate');

return $autoRedirect && count($socialDrivers) === 0 && in_array($authMethod, ['oidc', 'saml2']);
}
}
11 changes: 8 additions & 3 deletions app/Access/Controllers/OidcController.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@ class OidcController extends Controller
{
protected OidcService $oidcService;

/**
* OpenIdController constructor.
*/
public function __construct(OidcService $oidcService)
{
$this->oidcService = $oidcService;
Expand Down Expand Up @@ -63,4 +60,12 @@ public function callback(Request $request)

return redirect()->intended();
}

/**
* Log the user out then start the OIDC RP-initiated logout process.
*/
public function logout()
{
return redirect($this->oidcService->logout());
}
}
10 changes: 5 additions & 5 deletions app/Access/Controllers/RegisterController.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

use BookStack\Access\LoginService;
use BookStack\Access\RegistrationService;
use BookStack\Access\SocialAuthService;
use BookStack\Access\SocialDriverManager;
use BookStack\Exceptions\StoppedAuthenticationException;
use BookStack\Exceptions\UserRegistrationException;
use BookStack\Http\Controller;
Expand All @@ -15,22 +15,22 @@

class RegisterController extends Controller
{
protected SocialAuthService $socialAuthService;
protected SocialDriverManager $socialDriverManager;
protected RegistrationService $registrationService;
protected LoginService $loginService;

/**
* Create a new controller instance.
*/
public function __construct(
SocialAuthService $socialAuthService,
SocialDriverManager $socialDriverManager,
RegistrationService $registrationService,
LoginService $loginService
) {
$this->middleware('guest');
$this->middleware('guard:standard');

$this->socialAuthService = $socialAuthService;
$this->socialDriverManager = $socialDriverManager;
$this->registrationService = $registrationService;
$this->loginService = $loginService;
}
Expand All @@ -43,7 +43,7 @@ public function __construct(
public function getRegister()
{
$this->registrationService->ensureRegistrationAllowed();
$socialDrivers = $this->socialAuthService->getActiveDrivers();
$socialDrivers = $this->socialDriverManager->getActive();

return view('auth.register', [
'socialDrivers' => $socialDrivers,
Expand Down
6 changes: 3 additions & 3 deletions app/Access/Controllers/ResetPasswordController.php
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ public function reset(Request $request)
// redirect them back to where they came from with their error message.
return $response === Password::PASSWORD_RESET
? $this->sendResetResponse()
: $this->sendResetFailedResponse($request, $response);
: $this->sendResetFailedResponse($request, $response, $request->get('token'));
}

/**
Expand All @@ -83,15 +83,15 @@ protected function sendResetResponse(): RedirectResponse
/**
* Get the response for a failed password reset.
*/
protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse
protected function sendResetFailedResponse(Request $request, string $response, string $token): RedirectResponse
{
// We show invalid users as invalid tokens as to not leak what
// users may exist in the system.
if ($response === Password::INVALID_USER) {
$response = Password::INVALID_TOKEN;
}

return redirect()->back()
return redirect("/password/reset/{$token}")
->withInput($request->only('email'))
->withErrors(['email' => trans($response)]);
}
Expand Down
20 changes: 10 additions & 10 deletions app/Access/Controllers/Saml2Controller.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,9 @@

class Saml2Controller extends Controller
{
protected Saml2Service $samlService;

/**
* Saml2Controller constructor.
*/
public function __construct(Saml2Service $samlService)
{
$this->samlService = $samlService;
public function __construct(
protected Saml2Service $samlService
) {
$this->middleware('guard:saml2');
}

Expand All @@ -36,7 +31,12 @@ public function login()
*/
public function logout()
{
$logoutDetails = $this->samlService->logout(auth()->user());
$user = user();
if ($user->isGuest()) {
return redirect('/login');
}

$logoutDetails = $this->samlService->logout($user);

if ($logoutDetails['id']) {
session()->flash('saml2_logout_request_id', $logoutDetails['id']);
Expand Down Expand Up @@ -64,7 +64,7 @@ public function metadata()
public function sls()
{
$requestId = session()->pull('saml2_logout_request_id', null);
$redirect = $this->samlService->processSlsResponse($requestId) ?? '/';
$redirect = $this->samlService->processSlsResponse($requestId);

return redirect($redirect);
}
Expand Down
6 changes: 3 additions & 3 deletions app/Access/Controllers/SocialController.php
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ public function callback(Request $request, string $socialDriver)
try {
return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser);
} catch (SocialSignInAccountNotUsed $exception) {
if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) {
if ($this->socialAuthService->drivers()->isAutoRegisterEnabled($socialDriver)) {
return $this->socialRegisterCallback($socialDriver, $socialUser);
}

Expand All @@ -91,7 +91,7 @@ public function callback(Request $request, string $socialDriver)
return $this->socialRegisterCallback($socialDriver, $socialUser);
}

return redirect()->back();
return redirect('/');
}

/**
Expand All @@ -114,7 +114,7 @@ protected function socialRegisterCallback(string $socialDriver, SocialUser $soci
{
$socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser);
$socialAccount = $this->socialAuthService->newSocialAccount($socialDriver, $socialUser);
$emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver);
$emailVerified = $this->socialAuthService->drivers()->isAutoConfirmEmailEnabled($socialDriver);

// Create an array of the user data to create a new user instance
$userData = [
Expand Down
Loading

0 comments on commit d9a9c5e

Please sign in to comment.