Merge pull request #3381 from bpatath/feature/add-single-sign-on

Feature/add single sign on

.env.example

@@ -191,6 +191,7 @@ ADLDAP_AUTH_FIELD=distinguishedname
 
 # Will allow SSO if your server provides an AUTH_USER field.
 # You can set the following variables from a file by appending them with _FILE:
+WINDOWS_SSO_ENABLED=false
 WINDOWS_SSO_DISCOVER=samaccountname
 WINDOWS_SSO_KEY=AUTH_USER
 

app/Http/Controllers/Auth/LoginController.php

@@ -82,14 +82,8 @@ class LoginController extends Controller
         Log::channel('audit')->info(sprintf('User is trying to login using "%s"', $request->get('email')));
         Log::info(sprintf('User is trying to login.'));
         if ('ldap' === config('auth.providers.users.driver')) {
-            /**
-             * Temporary bug fix for something that doesn't seem to work in
-             * AdLdap.
-             */
-            $schema = config('ldap.connections.default.schema');
-
             /** @var Adldap\Connections\Provider $provider */
-            Adldap::getProvider('default')->setSchema(new $schema);
+            Adldap::getProvider('default');
         }
 
         $this->validateLogin($request);

app/Providers/AppServiceProvider.php

@@ -26,6 +26,7 @@ use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
 use Laravel\Passport\Passport;
 use URL;
+use Adldap\Laravel\Middleware\WindowsAuthenticate;
 
 /**
  * @codeCoverageIgnore
@@ -44,6 +45,9 @@ class AppServiceProvider extends ServiceProvider
         if ('heroku' === config('app.env')) {
             URL::forceScheme('https');
         }
+        if (config('ldap_auth.identifiers.windows.enabled', false)) {
+            $this->app['router']->pushMiddlewareToGroup('web', WindowsAuthenticate::class);
+        }
     }
 
     /**

config/ldap.php

@@ -87,29 +87,6 @@ return [
 
             'connection' => Adldap\Connections\Ldap::class,
 
-            /*
-            |--------------------------------------------------------------------------
-            | Schema
-            |--------------------------------------------------------------------------
-            |
-            | The schema class to use for retrieving attributes and generating models.
-            |
-            | You can also set this option to `null` to use the default schema class.
-            |
-            | For OpenLDAP, you must use the schema:
-            |
-            |   Adldap\Schemas\OpenLDAP::class
-            |
-            | For FreeIPA, you must use the schema:
-            |
-            |   Adldap\Schemas\FreeIPA::class
-            |
-            | Custom schema classes must implement Adldap\Schemas\SchemaInterface
-            |
-            */
-
-            'schema' => $schema,
-
             /*
             |--------------------------------------------------------------------------
             | Connection Settings
@@ -123,6 +100,29 @@ return [
 
             'settings' => [
 
+                /*
+                |--------------------------------------------------------------------------
+                | Schema
+                |--------------------------------------------------------------------------
+                |
+                | The schema class to use for retrieving attributes and generating models.
+                |
+                | You can also set this option to `null` to use the default schema class.
+                |
+                | For OpenLDAP, you must use the schema:
+                |
+                |   Adldap\Schemas\OpenLDAP::class
+                |
+                | For FreeIPA, you must use the schema:
+                |
+                |   Adldap\Schemas\FreeIPA::class
+                |
+                | Custom schema classes must implement Adldap\Schemas\SchemaInterface
+                |
+                */
+
+                'schema' => $schema,
+
                 /*
                 |--------------------------------------------------------------------------
                 | Account Prefix

config/ldap_auth.php

@@ -217,10 +217,16 @@ return [
         | Windows Authentication Middleware (SSO)
         |--------------------------------------------------------------------------
         |
-        | Discover:
+        | Enabled:
         |
-        |   The 'discover' value is the users attribute you would
-        |   like to locate LDAP users by in your directory.
+        |   The middleware will be registered only if enabled is set to true.
+        |   If you update this file, beware, this is not a standard
+        |   AdLdap2-Laravel configuration key.
+        |
+        | Locate Users By:
+        |
+        |   This value is the users attribute you would like to locate LDAP
+        |   users by in your directory.
         |
         |   For example, if 'samaccountname' is the value, then your LDAP server is
         |   queried for a user with the 'samaccountname' equal to the value of
@@ -229,9 +235,9 @@ return [
         |   If a user is found, they are imported (if using the DatabaseUserProvider)
         |   into your local database, then logged in.
         |
-        | Key:
+        | Server Key:
         |
-        |    The 'key' value represents the 'key' of the $_SERVER
+        |    This value represents the 'key' of the $_SERVER
         |    array to pull the users account name from.
         |
         |    For example, $_SERVER['AUTH_USER'].
@@ -239,8 +245,9 @@ return [
         */
 
         'windows' => [
-            'discover' => envNonEmpty('WINDOWS_SSO_DISCOVER', 'samaccountname'),
-            'key'      => envNonEmpty('WINDOWS_SSO_KEY', 'AUTH_USER'),
+            'enabled'         => envNonEmpty('WINDOWS_SSO_ENABLED', false),
+            'locate_users_by' => envNonEmpty('WINDOWS_SSO_DISCOVER', 'samaccountname'),
+            'server_key'      => envNonEmpty('WINDOWS_SSO_KEY', 'AUTH_USER'),
         ],
     ],