Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- namespace AppHttpControllersAuth;
- use AppUser;
- use Validator;
- use IlluminateSupportFacadesAuth;
- use IlluminateHttpRequest;
- use AppHttpControllersController;
- use IlluminateFoundationAuthThrottlesLogins;
- use IlluminateFoundationAuthAuthenticatesAndRegistersUsers;
- use AdldapContractsAdldapInterface;
- class AuthController extends Controller
- {
- /*
- |--------------------------------------------------------------------------
- | Registration & Login Controller
- |--------------------------------------------------------------------------
- |
- | This controller handles the registration of new users, as well as the
- | authentication of existing users. By default, this controller uses
- | a simple trait to add these behaviors. Why don't you explore it?
- |
- */
- use AuthenticatesAndRegistersUsers, ThrottlesLogins;
- /**
- * Where to redirect users after login / registration.
- *
- * @var string
- */
- protected $redirectTo = '/tickets';
- /**
- * @var Adldap
- */
- protected $adldap;
- /**
- * Create a new authentication controller instance.
- *
- * @return void
- */
- public function __construct(AdldapInterface $adldap)
- {
- $this->middleware($this->guestMiddleware(), ['except' => 'logout']);
- $this->adldap = $adldap;
- }
- /**
- * Get a validator for an incoming registration request.
- *
- * @param array $data
- * @return IlluminateContractsValidationValidator
- */
- protected function validator(array $data)
- {
- return Validator::make($data, [
- 'name' => 'required|max:255',
- 'email' => 'required|email|max:255|unique:users',
- 'password' => 'required|min:6|confirmed',
- ]);
- }
- /**
- * Create a new user instance after a valid registration.
- *
- * @param array $data
- * @return User
- */
- protected function create(array $data)
- {
- return User::create([
- 'name' => $data['name'],
- 'email' => $data['email'],
- 'password' => bcrypt($data['password']),
- ]);
- }
- /**
- * Handle a login request to the application.
- *
- * @param IlluminateHttpRequest $request
- * @return IlluminateHttpResponse
- */
- public function login(Request $request)
- {
- if ($this->adldap->auth()->attempt($request->email, $request->password )) {
- return 'entro';
- // $this->validateLogin($request);
- // // If the class is using the ThrottlesLogins trait, we can automatically throttle
- // // the login attempts for this application. We'll key this by the username and
- // // the IP address of the client making these requests into this application.
- // $throttles = $this->isUsingThrottlesLoginsTrait();
- // if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
- // $this->fireLockoutEvent($request);
- // return $this->sendLockoutResponse($request);
- // }
- // $credentials = $this->getCredentials($request);
- // if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
- // return $this->handleUserWasAuthenticated($request, $throttles);
- // }
- // // If the login attempt was unsuccessful we will increment the number of attempts
- // // to login and redirect the user back to the login form. Of course, when this
- // // user surpasses their maximum number of attempts they will get locked out.
- // if ($throttles && ! $lockedOut) {
- // $this->incrementLoginAttempts($request);
- // }
- // return $this->sendFailedLoginResponse($request);
- }
- }
- }
- /*
- |--------------------------------------------------------------------------
- | Connections
- |--------------------------------------------------------------------------
- |
- | This array stores the connections that are added to Adldap. You can add
- | as many connections as you like.
- |
- | The key is the name of the connection you wish to use and the value is
- | an array of configuration settings.
- |
- */
- 'connections' => [
- 'default' => [
- /*
- |--------------------------------------------------------------------------
- | Auto Connect
- |--------------------------------------------------------------------------
- |
- | If auto connect is true, anytime Adldap is instantiated it will automatically
- | connect to your AD server. If this is set to false, you must connect manually
- | using: Adldap::connect().
- |
- */
- 'auto_connect' => true,
- /*
- |--------------------------------------------------------------------------
- | Connection
- |--------------------------------------------------------------------------
- |
- | The connection class to use to run operations on.
- |
- | You can also set this option to `null` to use the default connection class.
- |
- | Custom connection classes must implement AdldapContractsConnectionsConnectionInterface
- |
- */
- 'connection' => AdldapConnectionsLdap::class,
- /*
- |--------------------------------------------------------------------------
- | Schema
- |--------------------------------------------------------------------------
- |
- | The schema class to use for retrieving attributes and generating models.
- |
- | You can also set this option to `null` to use the default schema class.
- |
- | Custom schema classes must implement AdldapContractsSchemasSchemaInterface
- |
- */
- 'schema' => AdldapSchemasActiveDirectory::class,
- /*
- |--------------------------------------------------------------------------
- | Connection Settings
- |--------------------------------------------------------------------------
- |
- | This connection settings array is directly passed into the Adldap constructor.
- |
- | Feel free to add or remove settings you don't need.
- |
- */
- 'connection_settings' => [
- /*
- |--------------------------------------------------------------------------
- | Account Prefix
- |--------------------------------------------------------------------------
- |
- | The account prefix option is the prefix of your user accounts in AD.
- |
- | For example, if you'd prefer your users to use only their username instead
- | of specifying a domain ('ACMEjdoe'), enter your domain name.
- |
- */
- 'account_prefix' => '',
- /*
- |--------------------------------------------------------------------------
- | Account Suffix
- |--------------------------------------------------------------------------
- |
- | The account suffix option is the suffix of your user accounts in AD.
- |
- | For example, if your domain DN is DC=corp,DC=acme,DC=org, then your
- | account suffix would be @corp.acme.org. This is then appended to
- | then end of your user accounts on authentication.
- |
- */
- 'account_suffix' => '',
- /*
- |--------------------------------------------------------------------------
- | Domain Controllers
- |--------------------------------------------------------------------------
- |
- | The domain controllers option is an array of servers located on your
- | network that serve Active Directory. You can insert as many servers or
- | as little as you'd like depending on your forest (with the
- | minimum of one of course).
- |
- | These can be IP addresses of your server(s), or the host name.
- |
- */
- 'domain_controllers' => ['190.168.124.147'],
- /*
- |--------------------------------------------------------------------------
- | Port
- |--------------------------------------------------------------------------
- |
- | The port option is used for authenticating and binding to your AD server.
- |
- */
- 'port' => 80,
- /*
- |--------------------------------------------------------------------------
- | Timeout
- |--------------------------------------------------------------------------
- |
- | The timeout option allows you to configure the amount of time in
- | seconds that your application waits until a response
- | is received from your LDAP server.
- |
- */
- 'timeout' => 5,
- /*
- |--------------------------------------------------------------------------
- | Base Distinguished Name
- |--------------------------------------------------------------------------
- |
- | The base distinguished name is the base distinguished name you'd like
- | to perform operations on. An example base DN would be DC=corp,DC=acme,DC=org.
- |
- | If one is not defined, then Adldap will try to find it automatically
- | by querying your server. It's recommended to include it to
- | limit queries executed per request.
- |
- */
- 'base_dn' => '',
- /*
- |--------------------------------------------------------------------------
- | Administrator Account Suffix
- |--------------------------------------------------------------------------
- |
- | This option allows you to set a different account suffix for your
- | configured administrator account upon binding.
- |
- | If left empty, your `account_suffix` option will be used.
- |
- */
- 'admin_account_suffix' => '',
- /*
- |--------------------------------------------------------------------------
- | Administrator Username & Password
- |--------------------------------------------------------------------------
- |
- | When connecting to your AD server, a username and password is required
- | to be able to query and run operations on your server(s). You can
- | use any user account that has these permissions. This account
- | does not need to be a domain administrator unless you
- | require changing and resetting user passwords.
- |
- */
- 'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'foosaaa'),
- 'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'kaa@taa'),
- /*
- |--------------------------------------------------------------------------
- | Follow Referrals
- |--------------------------------------------------------------------------
- |
- | The follow referrals option is a boolean to tell active directory
- | to follow a referral to another server on your network if the
- | server queried knows the information your asking for exists,
- | but does not yet contain a copy of it locally.
- |
- | This option is defaulted to false.
- |
- */
- 'follow_referrals' => false,
- /*
- |--------------------------------------------------------------------------
- | SSL & TLS
- |--------------------------------------------------------------------------
- |
- | If you need to be able to change user passwords on your server, then an
- | SSL or TLS connection is required. All other operations are allowed
- | on unsecured protocols. One of these options are definitely recommended
- | if you have the ability to connect to your server securely.
- |
- */
- 'use_ssl' => false,
- 'use_tls' => false,
- public function bind($username, $password, $prefix = null, $suffix = null)
- {
- // We'll allow binding with a null username and password
- // if their empty. This will allow us to anonymously
- // bind to our servers if needed.
- $username = $username ?: null;
- $password = $password ?: null;
- if ($username) {
- // If the username isn't empty, we'll append the configured
- // account prefix and suffix to bind to the LDAP server.
- $prefix = is_null($prefix) ? $this->configuration->getAccountPrefix() : $prefix;
- $suffix = is_null($suffix) ? $this->configuration->getAccountSuffix() : $suffix;
- $username = $prefix.$username.$suffix;
- }
- // We'll mute any exceptions / warnings here. All we need to know
- // is if binding failed and we'll throw our own exception.
- if (!@$this->connection->bind($username, $password)) {
- throw new BindException($this->connection->getLastError(), $this->connection->errNo());
- }
- }
- /*
- |--------------------------------------------------------------------------
- | Authentication Defaults
- |--------------------------------------------------------------------------
- |
- | This option controls the default authentication "guard" and password
- | reset options for your application. You may change these defaults
- | as required, but they're a perfect start for most applications.
- |
- */
- 'defaults' => [
- 'guard' => 'web',
- 'passwords' => 'users',
- ],
- /*
- |--------------------------------------------------------------------------
- | Authentication Guards
- |--------------------------------------------------------------------------
- |
- | Next, you may define every authentication guard for your application.
- | Of course, a great default configuration has been defined for you
- | here which uses session storage and the Eloquent user provider.
- |
- | All authentication drivers have a user provider. This defines how the
- | users are actually retrieved out of your database or other storage
- | mechanisms used by this application to persist your user's data.
- |
- | Supported: "session", "token"
- |
- */
- 'guards' => [
- 'web' => [
- 'driver' => 'session',
- 'provider' => 'users',
- ],
- 'api' => [
- 'driver' => 'token',
- 'provider' => 'users',
- ],
- ],
- /*
- |--------------------------------------------------------------------------
- | User Providers
- |--------------------------------------------------------------------------
- |
- | All authentication drivers have a user provider. This defines how the
- | users are actually retrieved out of your database or other storage
- | mechanisms used by this application to persist your user's data.
- |
- | If you have multiple user tables or models you may configure multiple
- | sources which represent each model / table. These sources may then
- | be assigned to any extra authentication guards you have defined.
- |
- | Supported: "database", "eloquent"
- |
- */
- 'providers' => [
- 'users' => [
- 'driver' => 'adldap',
- 'model' => AppUser::class,
- ],
- // 'users' => [
- // 'driver' => 'database',
- // 'table' => 'users',
- // ],
- ],
- /*
- |--------------------------------------------------------------------------
- | Resetting Passwords
- |--------------------------------------------------------------------------
- |
- | Here you may set the options for resetting passwords including the view
- | that is your password reset e-mail. You may also set the name of the
- | table that maintains all of the reset tokens for your application.
- |
- | You may specify multiple password reset configurations if you have more
- | than one user table or model in the application and you want to have
- | separate password reset settings based on the specific user types.
- |
- | The expire time is the number of minutes that the reset token should be
- | considered valid. This security feature keeps tokens short-lived so
- | they have less time to be guessed. You may change this as needed.
- |
- */
- 'passwords' => [
- 'users' => [
- 'provider' => 'users',
- 'email' => 'auth.emails.password',
- 'table' => 'password_resets',
- 'expire' => 60,
- ],
- ],
- <?php
- namespace App;
- use IlluminateFoundationAuthUser as Authenticatable;
- class User extends Authenticatable
- {
- /**
- * The attributes that are mass assignable.
- *
- * @var array
- */
- protected $fillable = [
- 'name', 'email', 'password','username'
- ];
- /**
- * The attributes that should be hidden for arrays.
- *
- * @var array
- */
- protected $hidden = [
- 'password', 'remember_token',
- ];
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement