get admin authentication and redirection going also add intended route

redirection for the saml login

get admin authentication and redirection going also add intended route
redirection for the saml login
af81109a · Jacob Priddy · 7da5feae · af81109a · af81109a · af81109a
Commit af81109a authored Jul 05, 2020 by Jacob Priddy 👌
7 changed files
--- a/src/backend/app/Http/Controllers/Api/AuthController.php
+++ b/src/backend/app/Http/Controllers/Api/AuthController.php
@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Api;
 use Illuminate\Http\Request;
 use Illuminate\Cookie\CookieJar;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Routing\Redirector;
 use Source\Authorization\Authorizer;
 use Illuminate\Http\RedirectResponse;
 use Source\Exceptions\AuthenticationException;
@@ -88,12 +89,19 @@ class AuthController extends ApiController
     *
     * This route redirects the user to the running SAML authentication instance to start authentication with SAML
     *
+     * @urlParam intended The url to redirect back to once authentication is successful.
+     *
+     * @param \Illuminate\Routing\Redirector                          $redirector
     * @param \Source\UseCases\Users\Authenticate\AuthenticateUseCase $authenticateUseCase
     * @return \Illuminate\Http\RedirectResponse
     */
-    public function samlLogin(AuthenticateUseCase $authenticateUseCase): RedirectResponse
+    public function samlLogin(Redirector $redirector, AuthenticateUseCase $authenticateUseCase): RedirectResponse
    {
-        return redirect()->to($authenticateUseCase->handToSaml());
+        if ($this->request->has('intended')) {
+            $redirector->setIntendedUrl($this->request->input('intended'));
+        }
+
+        return $redirector->to($authenticateUseCase->handToSaml());
    }

    /**

--- a/src/backend/app/Http/Controllers/Web/Admin/LoginController.php
+++ b/src/backend/app/Http/Controllers/Web/Admin/LoginController.php
@@ -5,10 +5,47 @@ namespace App\Http\Controllers\Web\Admin;


 use App\Http\Controllers\Controller;
-use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Http\RedirectResponse;
+use Source\Exceptions\AuthenticationException;
+use Source\Exceptions\EntityNotFoundException;
+use Illuminate\Validation\ValidationException;
+use Source\UseCases\Users\Authenticate\WebPresenter;
+use Source\UseCases\Users\Authenticate\AuthenticateUseCase;

 class LoginController extends Controller
 {
-    use AuthenticatesUsers;
+    /**
+     * @param \Source\UseCases\Users\Authenticate\AuthenticateUseCase $authenticateUseCase
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Validation\ValidationException
+     */
+    public function login(AuthenticateUseCase $authenticateUseCase): RedirectResponse
+    {
+        $this->validate($this->request, [
+            'email' => 'required|string|email',
+            'password' => 'required|string',
+        ]);

+        $presenter = new WebPresenter();
+
+        try {
+            $authenticateUseCase->attempt($presenter, $this->request->all());
+        } catch (AuthenticationException $e) {
+            throw ValidationException::withMessages([
+                'email' => [trans('auth.failed')],
+            ]);
+        } catch (EntityNotFoundException $e) {
+            throw ValidationException::withMessages([
+                'email' => [$e->getMessage()],
+            ]);
+        }
+
+        return redirect(route('web.admin.home'))->withCookie(
+            cookie(
+                'api_token',
+                $presenter->getViewModel()['value'],
+                $presenter->getViewModel()['minutes']
+            )
+        );
+    }
 }
--- a/src/backend/app/Http/Middleware/Authenticate.php
+++ b/src/backend/app/Http/Middleware/Authenticate.php
@@ -19,7 +19,7 @@ class Authenticate extends Middleware
                return route('web.admin.login');
            }

-            return route('saml.login');
+            return route('saml.login', ['intended' => $request->fullUrl()]);
        }

        return null;

--- a/src/backend/app/Providers/AuthServiceProvider.php
+++ b/src/backend/app/Providers/AuthServiceProvider.php
@@ -9,6 +9,7 @@ use Illuminate\Support\Facades\Gate;
 use Source\Authorization\Authorizer;
 use Source\Authorization\Permissions;
 use Illuminate\Contracts\Auth\Authenticatable;
+use Source\Exceptions\EntityNotFoundException;
 use Source\UseCases\Token\Authenticate\AuthenticateUseCase;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Source\UseCases\Door\Authenticate\AuthenticateUseCase as DoorAuthenticateUseCase;
@@ -25,6 +26,22 @@ class AuthServiceProvider extends ServiceProvider
        $this->registerGuards();

        $this->registerGateMapping($authorizer);
+
+        Gate::define('view-admin-page', static function (Authenticatable $user) use ($authorizer) {
+            $authorizer->setCurrentUserId($user->getAuthIdentifier());
+
+            try {
+                return $authorizer->allowsOne([
+                    Permissions::ADMIN,
+                    Permissions::MANAGE_USERS,
+                    Permissions::MANAGE_DOORS,
+                    Permissions::MANAGE_GROUPS,
+                    Permissions::LOGS_READ,
+                ]);
+            } catch (EntityNotFoundException $e) {
+                return false;
+            }
+        });
    }

    /**
@@ -62,7 +79,11 @@ class AuthServiceProvider extends ServiceProvider
            Gate::define($permission, static function (Authenticatable $user) use ($permission, $authorizer): bool {
                $authorizer->setCurrentUserId($user->getAuthIdentifier());

-                return $authorizer->allows($permission);
+                try {
+                    return $authorizer->allows($permission);
+                } catch (EntityNotFoundException $e) {
+                    return false;
+                }
            });
        }
    }

--- a/src/backend/resources/views/admin/auth/login.blade.php
+++ b/src/backend/resources/views/admin/auth/login.blade.php
@@ -26,8 +26,8 @@
                                    </div>
                                @endif

-                                <form method="POST" action="{{ route('login') }}" class="user">
-                                    <input type="hidden" name="_token" value="{{ csrf_token() }}">
+                                <form method="POST" action="{{ route('web.admin.login') }}" class="user">
+                                    @csrf

                                    <div class="form-group">
                                        <input type="email" class="form-control form-control-user" name="email" placeholder="{{ __('E-Mail Address') }}" value="{{ old('email') }}" required autofocus>
@@ -46,8 +46,8 @@
                                    <hr>

                                    <div class="form-group">
-                                        <a href="{{ route('saml.login') }}" role="button" class="btn btn-github btn-user btn-block">
-                                            <i class="fab fa-github fa-fw"></i> Login with WWU
+                                        <a href="{{ route('saml.login', ['intended' => route('web.admin.home')]) }}" role="button" class="btn btn-secondary btn-user btn-block">
+                                            <i class="fas fa-university fa-fw"></i> Login with WWU
                                        </a>
                                    </div>
                                </form>

--- a/src/backend/routes/frontend.php
+++ b/src/backend/routes/frontend.php
@@ -20,11 +20,9 @@ use App\Http\Controllers\Web\Admin\LoginController;
 Route::view('/admin/login', 'admin.auth.login')->name('web.admin.login_page')->middleware('guest:api');
 Route::post('/admin/login', [LoginController::class, 'login'])->name('web.admin.login');

-Route::group([
-    'middleware' => ['auth:api'],
-], static function () {
-    Route::view('/', 'home')->name('web.index');
-    Route::view('/door-code', 'doorcode')->name('web.doorcode');
+Route::name('web.')->middleware(['auth:api'])->group(static function () {
+    Route::view('/', 'home')->name('index');
+    Route::view('/door-code', 'doorcode')->name('doorcode');
    Route::post('/door-code', [MeController::class, 'doorcodeUpdate'])->name('web.doorcode.change');
    Route::view('/password', 'password')->name('web.password');
    Route::post('/password', [MeController::class, 'passwordUpdate'])->name('web.password.change');
@@ -32,10 +30,13 @@ Route::group([
    Route::get('/tokens', [MeController::class, 'tokens'])->name('web.tokens');
    Route::view('/about', 'about')->name('web.about');

-    Route::group([
-        'prefix' => 'admin',
-    ], static function () {
-
+    Route::name('admin.')
+        ->prefix('admin')
+        ->middleware('can:view-admin-page')
+        ->group(static function () {
+        Route::get('home', static function () {
+            return 'hi';
+        })->name('home');
    });
 });

--- a/src/backend/src/UseCases/Users/Authenticate/WebPresenter.php
+++ b/src/backend/src/UseCases/Users/Authenticate/WebPresenter.php
+<?php
+
+namespace Source\UseCases\Users\Authenticate;
+
+use Carbon\Carbon;
+use Source\UseCases\BasePresenter;
+
+class WebPresenter extends BasePresenter implements Presenter
+{
+    protected array $token = [];
+
+    /** @inheritDoc */
+    public function present(ResponseModel $responseModel): void
+    {
+        $token = $responseModel->getToken();
+        $expires = $token->getExpiresAt();
+
+        if (!$expires) {
+            $expires = 0;
+        } else {
+            $expires = $expires->diffInMinutes(Carbon::now());
+        }
+
+        $this->token = [
+            'value' => $responseModel->getRawToken(),
+            'expires_at' => $this->formatDateTime($token->getExpiresAt()),
+            'minutes' => $expires,
+        ];
+    }
+
+    /** @inheritDoc */
+    public function getViewModel(): array
+    {
+        return $this->token;
+    }
+}