2FAuth/app/Providers/AuthServiceProvider.php

77 lines
3.0 KiB
PHP
Raw Normal View History

2019-05-20 07:37:41 +02:00
<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
2022-03-15 14:47:07 +01:00
use Illuminate\Support\Facades\Auth;
use App\Services\Auth\ReverseProxyGuard;
2022-03-15 14:47:07 +01:00
use App\Extensions\EloquentTwoFAuthProvider;
use App\Extensions\RemoteUserProvider;
2022-03-15 14:47:07 +01:00
use DarkGhostHunter\Larapass\WebAuthn\WebAuthnAssertValidator;
use Illuminate\Contracts\Hashing\Hasher;
2019-05-20 07:37:41 +02:00
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
*/
// protected $policies = [
// 'App\Models\Model' => 'App\Policies\ModelPolicy',
// ];
2019-05-20 07:37:41 +02:00
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
2022-03-15 14:47:07 +01:00
// We use our own user provider derived from the Larapass user provider.
// The only difference between the 2 providers is that the custom one sets
// the webauthn fallback setting with 2FAuth's 'useWebauthnOnly' option
// value instead of the 'larapass.fallback' config value.
// This way we can offer the user to change this setting from the 2FAuth UI
// rather than from the .env file.
Auth::provider(
'eloquent-2fauth',
static function ($app, $config) {
return new EloquentTwoFAuthProvider(
$app['config'],
$app[WebAuthnAssertValidator::class],
$app[Hasher::class],
$config['model']
);
}
);
2022-03-15 14:47:07 +01:00
// Register a custom provider for reverse-proxy authentication
Auth::provider('remote-user', function ($app, array $config) {
// Return an instance of Illuminate\Contracts\Auth\UserProvider...
return new RemoteUserProvider;
});
// Register a custom driver for reverse-proxy authentication
Auth::extend('reverse-proxy', function ($app, string $name, array $config) {
// Return an instance of Illuminate\Contracts\Auth\Guard...
return new ReverseProxyGuard(Auth::createUserProvider($config['provider']));
});
2022-03-15 14:47:07 +01:00
// Normally we should set the Passport routes here using Passport::routes().
// If so the passport routes would be set for both 'web' and 'api' middlewares without
// possibility to exclude the web middleware (we can only pass additional middlewares to Passport::routes())
//
// The problem is that 2Fauth front-end uses the Laravel FreshApiToken to consum its API as a first party app.
// So we have a laravel_token cookie added to each response to perform the authentication.
2019-05-20 07:37:41 +02:00
//
// Don't know why but when passing through the web middleware the requests to Personal Access Tokens management routes return
// responses with inconsistent cookies that make the next request unauthorized.
// To avoid this the Passport routes for PAT management are set in the /routes/api.php file
2019-05-20 07:37:41 +02:00
}
}