IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3381 from bpatath/feature/add-single-sign-on

Browse Source 
Feature/add single sign on
This commit is contained in:
James Cole 2020-05-22 04:27:39 +00:00 committed by GitHub
commit e6e8200912
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 43 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -191,6 +191,7 @@ ADLDAP_AUTH_FIELD=distinguishedname
# Will allow SSO if your server provides an AUTH_USER field. # Will allow SSO if your server provides an AUTH_USER field.
# You can set the following variables from a file by appending them with _FILE: # You can set the following variables from a file by appending them with _FILE:
WINDOWS_SSO_ENABLED=false
WINDOWS_SSO_DISCOVER=samaccountname WINDOWS_SSO_DISCOVER=samaccountname
WINDOWS_SSO_KEY=AUTH_USER WINDOWS_SSO_KEY=AUTH_USER

8
app/Http/Controllers/Auth/LoginController.php
View File

@ -82,14 +82,8 @@ class LoginController extends Controller
Log::channel('audit')->info(sprintf('User is trying to login using "%s"', $request->get('email'))); Log::channel('audit')->info(sprintf('User is trying to login using "%s"', $request->get('email')));
Log::info(sprintf('User is trying to login.')); Log::info(sprintf('User is trying to login.'));
if ('ldap' === config('auth.providers.users.driver')) { if ('ldap' === config('auth.providers.users.driver')) {
/**
* Temporary bug fix for something that doesn't seem to work in
* AdLdap.
*/
$schema = config('ldap.connections.default.schema');
/** @var Adldap\Connections\Provider $provider */ /** @var Adldap\Connections\Provider $provider */
Adldap::getProvider('default')->setSchema(new $schema); Adldap::getProvider('default');
} }
$this->validateLogin($request); $this->validateLogin($request);

4
app/Providers/AppServiceProvider.php
View File

@ -26,6 +26,7 @@ use Illuminate\Support\Facades\Schema;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
use Laravel\Passport\Passport; use Laravel\Passport\Passport;
use URL; use URL;
use Adldap\Laravel\Middleware\WindowsAuthenticate;
/** /**
* @codeCoverageIgnore * @codeCoverageIgnore
@ -44,6 +45,9 @@ class AppServiceProvider extends ServiceProvider
if ('heroku' === config('app.env')) { if ('heroku' === config('app.env')) {
URL::forceScheme('https'); URL::forceScheme('https');
} }
if (config('ldap_auth.identifiers.windows.enabled', false)) {
$this->app['router']->pushMiddlewareToGroup('web', WindowsAuthenticate::class);
}
} }
/** /**

26
config/ldap.php
View File

@ -87,6 +87,19 @@ return [
'connection' => Adldap\Connections\Ldap::class, 'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'settings' => [
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Schema | Schema
@ -110,19 +123,6 @@ return [
'schema' => $schema, 'schema' => $schema,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'settings' => [
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Account Prefix | Account Prefix

21
config/ldap_auth.php
View File

@ -217,10 +217,16 @@ return [
| Windows Authentication Middleware (SSO) | Windows Authentication Middleware (SSO)
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Discover: | Enabled:
| |
| The 'discover' value is the users attribute you would | The middleware will be registered only if enabled is set to true.
| like to locate LDAP users by in your directory. | If you update this file, beware, this is not a standard
| AdLdap2-Laravel configuration key.
|
| Locate Users By:
|
| This value is the users attribute you would like to locate LDAP
| users by in your directory.
| |
| For example, if 'samaccountname' is the value, then your LDAP server is | For example, if 'samaccountname' is the value, then your LDAP server is
| queried for a user with the 'samaccountname' equal to the value of | queried for a user with the 'samaccountname' equal to the value of
@ -229,9 +235,9 @@ return [
| If a user is found, they are imported (if using the DatabaseUserProvider) | If a user is found, they are imported (if using the DatabaseUserProvider)
| into your local database, then logged in. | into your local database, then logged in.
| |
| Key: | Server Key:
| |
| The 'key' value represents the 'key' of the $_SERVER | This value represents the 'key' of the $_SERVER
| array to pull the users account name from. | array to pull the users account name from.
| |
| For example, $_SERVER['AUTH_USER']. | For example, $_SERVER['AUTH_USER'].
@ -239,8 +245,9 @@ return [
*/ */
'windows' => [ 'windows' => [
'discover' => envNonEmpty('WINDOWS_SSO_DISCOVER', 'samaccountname'), 'enabled' => envNonEmpty('WINDOWS_SSO_ENABLED', false),
'key' => envNonEmpty('WINDOWS_SSO_KEY', 'AUTH_USER'), 'locate_users_by' => envNonEmpty('WINDOWS_SSO_DISCOVER', 'samaccountname'),
'server_key' => envNonEmpty('WINDOWS_SSO_KEY', 'AUTH_USER'),
], ],
], ],