Commit af81109a authored by Jacob Priddy's avatar Jacob Priddy 👌

get admin authentication and redirection going also add intended route

redirection for the saml login
parent 7da5feae
......@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Api;
use Illuminate\Http\Request;
use Illuminate\Cookie\CookieJar;
use Illuminate\Http\JsonResponse;
use Illuminate\Routing\Redirector;
use Source\Authorization\Authorizer;
use Illuminate\Http\RedirectResponse;
use Source\Exceptions\AuthenticationException;
......@@ -88,12 +89,19 @@ class AuthController extends ApiController
*
* This route redirects the user to the running SAML authentication instance to start authentication with SAML
*
* @urlParam intended The url to redirect back to once authentication is successful.
*
* @param \Illuminate\Routing\Redirector $redirector
* @param \Source\UseCases\Users\Authenticate\AuthenticateUseCase $authenticateUseCase
* @return \Illuminate\Http\RedirectResponse
*/
public function samlLogin(AuthenticateUseCase $authenticateUseCase): RedirectResponse
public function samlLogin(Redirector $redirector, AuthenticateUseCase $authenticateUseCase): RedirectResponse
{
return redirect()->to($authenticateUseCase->handToSaml());
if ($this->request->has('intended')) {
$redirector->setIntendedUrl($this->request->input('intended'));
}
return $redirector->to($authenticateUseCase->handToSaml());
}
/**
......
......@@ -5,10 +5,47 @@ namespace App\Http\Controllers\Web\Admin;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\RedirectResponse;
use Source\Exceptions\AuthenticationException;
use Source\Exceptions\EntityNotFoundException;
use Illuminate\Validation\ValidationException;
use Source\UseCases\Users\Authenticate\WebPresenter;
use Source\UseCases\Users\Authenticate\AuthenticateUseCase;
class LoginController extends Controller
{
use AuthenticatesUsers;
/**
* @param \Source\UseCases\Users\Authenticate\AuthenticateUseCase $authenticateUseCase
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Validation\ValidationException
*/
public function login(AuthenticateUseCase $authenticateUseCase): RedirectResponse
{
$this->validate($this->request, [
'email' => 'required|string|email',
'password' => 'required|string',
]);
$presenter = new WebPresenter();
try {
$authenticateUseCase->attempt($presenter, $this->request->all());
} catch (AuthenticationException $e) {
throw ValidationException::withMessages([
'email' => [trans('auth.failed')],
]);
} catch (EntityNotFoundException $e) {
throw ValidationException::withMessages([
'email' => [$e->getMessage()],
]);
}
return redirect(route('web.admin.home'))->withCookie(
cookie(
'api_token',
$presenter->getViewModel()['value'],
$presenter->getViewModel()['minutes']
)
);
}
}
......@@ -19,7 +19,7 @@ class Authenticate extends Middleware
return route('web.admin.login');
}
return route('saml.login');
return route('saml.login', ['intended' => $request->fullUrl()]);
}
return null;
......
......@@ -9,6 +9,7 @@ use Illuminate\Support\Facades\Gate;
use Source\Authorization\Authorizer;
use Source\Authorization\Permissions;
use Illuminate\Contracts\Auth\Authenticatable;
use Source\Exceptions\EntityNotFoundException;
use Source\UseCases\Token\Authenticate\AuthenticateUseCase;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Source\UseCases\Door\Authenticate\AuthenticateUseCase as DoorAuthenticateUseCase;
......@@ -25,6 +26,22 @@ class AuthServiceProvider extends ServiceProvider
$this->registerGuards();
$this->registerGateMapping($authorizer);
Gate::define('view-admin-page', static function (Authenticatable $user) use ($authorizer) {
$authorizer->setCurrentUserId($user->getAuthIdentifier());
try {
return $authorizer->allowsOne([
Permissions::ADMIN,
Permissions::MANAGE_USERS,
Permissions::MANAGE_DOORS,
Permissions::MANAGE_GROUPS,
Permissions::LOGS_READ,
]);
} catch (EntityNotFoundException $e) {
return false;
}
});
}
/**
......@@ -62,7 +79,11 @@ class AuthServiceProvider extends ServiceProvider
Gate::define($permission, static function (Authenticatable $user) use ($permission, $authorizer): bool {
$authorizer->setCurrentUserId($user->getAuthIdentifier());
return $authorizer->allows($permission);
try {
return $authorizer->allows($permission);
} catch (EntityNotFoundException $e) {
return false;
}
});
}
}
......
......@@ -26,8 +26,8 @@
</div>
@endif
<form method="POST" action="{{ route('login') }}" class="user">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<form method="POST" action="{{ route('web.admin.login') }}" class="user">
@csrf
<div class="form-group">
<input type="email" class="form-control form-control-user" name="email" placeholder="{{ __('E-Mail Address') }}" value="{{ old('email') }}" required autofocus>
......@@ -46,8 +46,8 @@
<hr>
<div class="form-group">
<a href="{{ route('saml.login') }}" role="button" class="btn btn-github btn-user btn-block">
<i class="fab fa-github fa-fw"></i> Login with WWU
<a href="{{ route('saml.login', ['intended' => route('web.admin.home')]) }}" role="button" class="btn btn-secondary btn-user btn-block">
<i class="fas fa-university fa-fw"></i> Login with WWU
</a>
</div>
</form>
......
......@@ -20,11 +20,9 @@ use App\Http\Controllers\Web\Admin\LoginController;
Route::view('/admin/login', 'admin.auth.login')->name('web.admin.login_page')->middleware('guest:api');
Route::post('/admin/login', [LoginController::class, 'login'])->name('web.admin.login');
Route::group([
'middleware' => ['auth:api'],
], static function () {
Route::view('/', 'home')->name('web.index');
Route::view('/door-code', 'doorcode')->name('web.doorcode');
Route::name('web.')->middleware(['auth:api'])->group(static function () {
Route::view('/', 'home')->name('index');
Route::view('/door-code', 'doorcode')->name('doorcode');
Route::post('/door-code', [MeController::class, 'doorcodeUpdate'])->name('web.doorcode.change');
Route::view('/password', 'password')->name('web.password');
Route::post('/password', [MeController::class, 'passwordUpdate'])->name('web.password.change');
......@@ -32,10 +30,13 @@ Route::group([
Route::get('/tokens', [MeController::class, 'tokens'])->name('web.tokens');
Route::view('/about', 'about')->name('web.about');
Route::group([
'prefix' => 'admin',
], static function () {
Route::name('admin.')
->prefix('admin')
->middleware('can:view-admin-page')
->group(static function () {
Route::get('home', static function () {
return 'hi';
})->name('home');
});
});
<?php
namespace Source\UseCases\Users\Authenticate;
use Carbon\Carbon;
use Source\UseCases\BasePresenter;
class WebPresenter extends BasePresenter implements Presenter
{
protected array $token = [];
/** @inheritDoc */
public function present(ResponseModel $responseModel): void
{
$token = $responseModel->getToken();
$expires = $token->getExpiresAt();
if (!$expires) {
$expires = 0;
} else {
$expires = $expires->diffInMinutes(Carbon::now());
}
$this->token = [
'value' => $responseModel->getRawToken(),
'expires_at' => $this->formatDateTime($token->getExpiresAt()),
'minutes' => $expires,
];
}
/** @inheritDoc */
public function getViewModel(): array
{
return $this->token;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment