1 | <?php |
||
2 | /** |
||
3 | * LegacyUserProvider.php |
||
4 | * |
||
5 | * -Description- |
||
6 | * |
||
7 | * This program is free software: you can redistribute it and/or modify |
||
8 | * it under the terms of the GNU General Public License as published by |
||
9 | * the Free Software Foundation, either version 3 of the License, or |
||
10 | * (at your option) any later version. |
||
11 | * |
||
12 | * This program is distributed in the hope that it will be useful, |
||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the |
||
15 | * GNU General Public License for more details. |
||
16 | * |
||
17 | * You should have received a copy of the GNU General Public License |
||
18 | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
||
19 | * |
||
20 | * @link https://www.librenms.org |
||
21 | * |
||
22 | * @copyright 2018 Tony Murray |
||
23 | * @author Tony Murray <[email protected]> |
||
24 | */ |
||
25 | |||
26 | namespace App\Providers; |
||
27 | |||
28 | use App\Models\User; |
||
29 | use DB; |
||
30 | use Illuminate\Contracts\Auth\Authenticatable; |
||
31 | use Illuminate\Contracts\Auth\UserProvider; |
||
32 | use LibreNMS\Authentication\LegacyAuth; |
||
33 | use LibreNMS\Exceptions\AuthenticationException; |
||
34 | use LibreNMS\Util\Debug; |
||
35 | use Log; |
||
36 | use Request; |
||
37 | use Session; |
||
38 | use Toastr; |
||
39 | |||
40 | class LegacyUserProvider implements UserProvider |
||
41 | { |
||
42 | /** |
||
43 | * Retrieve a user by their unique identifier. |
||
44 | * |
||
45 | * @param mixed $identifier |
||
46 | * @return \Illuminate\Contracts\Auth\Authenticatable|null |
||
47 | */ |
||
48 | public function retrieveById($identifier) |
||
49 | { |
||
50 | return User::find($identifier); |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * Retrieve a user by their legacy auth specific identifier. |
||
55 | * |
||
56 | * @param int $identifier |
||
57 | * @return \Illuminate\Contracts\Auth\Authenticatable|null |
||
58 | */ |
||
59 | public function retrieveByLegacyId($identifier) |
||
60 | { |
||
61 | error_reporting(0); |
||
62 | $legacy_user = LegacyAuth::get()->getUser($identifier); |
||
63 | error_reporting(-1); |
||
64 | |||
65 | return $this->retrieveByCredentials(['username' => $legacy_user['username'] ?? null]); |
||
66 | } |
||
67 | |||
68 | /** |
||
69 | * Retrieve a user by their unique identifier and "remember me" token. |
||
70 | * |
||
71 | * @param mixed $identifier |
||
72 | * @param string $token |
||
73 | * @return \Illuminate\Contracts\Auth\Authenticatable|null |
||
74 | */ |
||
75 | public function retrieveByToken($identifier, $token) |
||
76 | { |
||
77 | $user = new User(); |
||
78 | $user = $user->where($user->getAuthIdentifierName(), $identifier)->first(); |
||
79 | |||
80 | if (! $user) { |
||
81 | return null; |
||
82 | } |
||
83 | |||
84 | $rememberToken = $user->getRememberToken(); |
||
85 | if ($rememberToken && hash_equals($rememberToken, $token)) { |
||
86 | if (LegacyAuth::get()->userExists($user->username)) { |
||
87 | return $user; |
||
88 | } |
||
89 | } |
||
90 | |||
91 | return null; |
||
92 | } |
||
93 | |||
94 | /** |
||
95 | * Update the "remember me" token for the given user in storage. |
||
96 | * |
||
97 | * @param \Illuminate\Contracts\Auth\Authenticatable $user |
||
98 | * @param string $token |
||
99 | * @return void |
||
100 | */ |
||
101 | public function updateRememberToken(Authenticatable $user, $token) |
||
102 | { |
||
103 | /** @var User $user */ |
||
104 | $user->setRememberToken($token); |
||
105 | $timestamps = $user->timestamps; |
||
106 | $user->timestamps = false; |
||
107 | $user->save(); |
||
108 | $user->timestamps = $timestamps; |
||
109 | } |
||
110 | |||
111 | /** |
||
112 | * Validate a user against the given credentials. |
||
113 | * |
||
114 | * @param \Illuminate\Contracts\Auth\Authenticatable $user |
||
115 | * @param array $credentials |
||
116 | * @return bool |
||
117 | */ |
||
118 | public function validateCredentials(Authenticatable $user, array $credentials) |
||
119 | { |
||
120 | error_reporting(0); |
||
121 | |||
122 | $authorizer = LegacyAuth::get(); |
||
123 | |||
124 | try { |
||
125 | // try authentication methods |
||
126 | if ($authorizer->authIsExternal()) { |
||
127 | $credentials['username'] = $authorizer->getExternalUsername(); |
||
128 | } |
||
129 | |||
130 | if (empty($credentials['username']) || ! $authorizer->authenticate($credentials)) { |
||
131 | throw new AuthenticationException('Invalid Credentials'); |
||
132 | } |
||
133 | |||
134 | return true; |
||
135 | } catch (AuthenticationException $ae) { |
||
136 | $auth_message = $ae->getMessage(); |
||
137 | if (Debug::isEnabled()) { |
||
138 | $auth_message .= '<br /> ' . $ae->getFile() . ': ' . $ae->getLine(); |
||
139 | } |
||
140 | \Toastr::error($auth_message); |
||
141 | |||
142 | $username = $username ?? Session::get('username', $credentials['username']); |
||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
Loading history...
|
|||
143 | |||
144 | DB::table('authlog')->insert(['user' => $username, 'address' => Request::ip(), 'result' => $auth_message]); |
||
145 | } finally { |
||
146 | error_reporting(-1); |
||
147 | } |
||
148 | |||
149 | return false; |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * Retrieve a user by the given credentials. |
||
154 | * |
||
155 | * @param array $credentials |
||
156 | * @return \Illuminate\Contracts\Auth\Authenticatable|null |
||
157 | */ |
||
158 | public function retrieveByCredentials(array $credentials) |
||
159 | { |
||
160 | error_reporting(0); |
||
161 | |||
162 | $auth = LegacyAuth::get(); |
||
163 | $type = LegacyAuth::getType(); |
||
164 | |||
165 | // ldap based auth we should bind before using, otherwise searches may fail due to anonymous bind |
||
166 | if (method_exists($auth, 'bind')) { |
||
167 | $auth->bind($credentials); |
||
168 | } |
||
169 | |||
170 | $username = $credentials['username'] ?? null; |
||
171 | $auth_id = $auth->getUserid($username); |
||
172 | $new_user = $auth->getUser($auth_id); |
||
173 | |||
174 | error_reporting(-1); |
||
175 | |||
176 | if (empty($new_user)) { |
||
177 | // some legacy auth create users in the authenticate method, if it doesn't exist yet, lets try authenticate (Laravel calls retrieveByCredentials first) |
||
178 | try { |
||
179 | error_reporting(0); |
||
180 | |||
181 | $auth->authenticate($credentials); |
||
182 | $auth_id = $auth->getUserid($username); |
||
183 | $new_user = $auth->getUser($auth_id); |
||
184 | |||
185 | error_reporting(-1); |
||
186 | } catch (AuthenticationException $ae) { |
||
187 | Toastr::error($ae->getMessage()); |
||
188 | } |
||
189 | |||
190 | if (empty($new_user)) { |
||
191 | Log::error("Auth Error ($type): No user ($auth_id) [$username] from " . Request::ip()); |
||
192 | |||
193 | return null; |
||
194 | } |
||
195 | } |
||
196 | |||
197 | unset($new_user['user_id']); |
||
198 | |||
199 | // remove null fields |
||
200 | $new_user = array_filter($new_user, function ($var) { |
||
201 | return ! is_null($var); |
||
202 | }); |
||
203 | |||
204 | // always create an entry in the users table, but separate by type |
||
205 | $user = User::thisAuth()->firstOrNew(['username' => $username], $new_user); |
||
206 | /** @var User $user */ |
||
207 | $user->fill($new_user); // fill all attributes |
||
208 | $user->auth_type = $type; // doing this here in case it was null (legacy) |
||
209 | $user->auth_id = $auth_id; |
||
210 | $user->save(); |
||
211 | |||
212 | return $user; |
||
213 | } |
||
214 | } |
||
215 |