mirror of
https://github.com/Bubka/2FAuth.git
synced 2025-04-23 08:58:58 +02:00
Use GuardHelpers trait & Enhance RemoteUserProvider
This commit is contained in:
Bubka
parent
3e391167c6
commit
03e2decddc
@ -12,24 +12,56 @@
|
|||||||
use Exception;
|
use Exception;
|
||||||
|
|
||||||
class RemoteUserProvider implements UserProvider
|
class RemoteUserProvider implements UserProvider
|
||||||
{
|
|
||||||
/**
|
|
||||||
* @inheritDoc
|
|
||||||
*/
|
|
||||||
public function retrieveById($identifier)
|
|
||||||
{
|
{
|
||||||
// 2FAuth is single user by design and domain data are not coupled to the user model.
|
// 2FAuth is single user by design and domain data are not coupled to the user model.
|
||||||
// So we provide a non-persisted user, dynamically instanciated using data
|
// So the RemoteUserProvider provides a non-persisted user, dynamically instanciated using data
|
||||||
// from the auth proxy.
|
// from the auth proxy.
|
||||||
// This way no matter the user account used at proxy level, 2FAuth will always
|
//
|
||||||
|
// This way no matter the user data set at proxy level, 2FAuth will always
|
||||||
// authenticate a request from the proxy and will return domain data without restriction.
|
// authenticate a request from the proxy and will return domain data without restriction.
|
||||||
//
|
//
|
||||||
// The downside of this approach is that we have to be sure that no change that needs
|
// The downside of this approach is that we have to be sure that no change that needs
|
||||||
// to be persisted will be made to the user instance afterward (i.e through middlewares).
|
// to be persisted will be made to the user instance afterward (i.e through middlewares).
|
||||||
|
|
||||||
$user = new User;
|
|
||||||
|
/**
|
||||||
|
* The currently authenticated user.
|
||||||
|
*
|
||||||
|
* @var \App\Models\User|null
|
||||||
|
*/
|
||||||
|
protected $user;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the In-memory user
|
||||||
|
*
|
||||||
|
* @return \App\Models\User
|
||||||
|
*/
|
||||||
|
protected function getInMemoryUser()
|
||||||
|
{
|
||||||
|
if (is_null($this->user)) {
|
||||||
|
$this->user = new User;
|
||||||
|
$this->user->name = 'Remote User';
|
||||||
|
$this->user->email = 'fake.email@do.not.use';
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->user;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritDoc
|
||||||
|
*/
|
||||||
|
public function retrieveById($identifier)
|
||||||
|
{
|
||||||
|
$user = $this->getInMemoryUser();
|
||||||
|
|
||||||
|
if (Arr::has($identifier, 'user')) {
|
||||||
$user->name = $identifier['user'];
|
$user->name = $identifier['user'];
|
||||||
$user->email = Arr::has($identifier, 'email') ? $identifier['email'] : 'fake.email@do.not.use';
|
}
|
||||||
|
if (Arr::has($identifier, 'email')) {
|
||||||
|
$user->email = $identifier['email'];
|
||||||
|
}
|
||||||
|
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
@ -41,7 +73,7 @@ public function retrieveById($identifier)
|
|||||||
*/
|
*/
|
||||||
public function retrieveByToken($identifier, $token)
|
public function retrieveByToken($identifier, $token)
|
||||||
{
|
{
|
||||||
throw new Exception(sprintf('No implementation for %s', __METHOD__));
|
return $this->retrieveById($identifier);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -61,7 +93,7 @@ public function updateRememberToken(Authenticatable $user, $token)
|
|||||||
*/
|
*/
|
||||||
public function retrieveByCredentials(array $credentials)
|
public function retrieveByCredentials(array $credentials)
|
||||||
{
|
{
|
||||||
throw new Exception(sprintf('No implementation for %s', __METHOD__));
|
return $this->getInMemoryUser();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -71,6 +103,6 @@ public function retrieveByCredentials(array $credentials)
|
|||||||
*/
|
*/
|
||||||
public function validateCredentials(Authenticatable $user, array $credentials)
|
public function validateCredentials(Authenticatable $user, array $credentials)
|
||||||
{
|
{
|
||||||
throw new Exception(sprintf('No implementation for %s', __METHOD__));
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -5,28 +5,22 @@
|
|||||||
|
|
||||||
namespace App\Services\Auth;
|
namespace App\Services\Auth;
|
||||||
|
|
||||||
use Exception;
|
|
||||||
use Illuminate\Contracts\Auth\Authenticatable;
|
|
||||||
use Illuminate\Contracts\Auth\Guard;
|
use Illuminate\Contracts\Auth\Guard;
|
||||||
use Illuminate\Contracts\Auth\UserProvider;
|
use Illuminate\Contracts\Auth\UserProvider;
|
||||||
|
use Illuminate\Auth\GuardHelpers;
|
||||||
use Illuminate\Support\Facades\Log;
|
use Illuminate\Support\Facades\Log;
|
||||||
|
|
||||||
class ReverseProxyGuard implements Guard
|
class ReverseProxyGuard implements Guard
|
||||||
{
|
{
|
||||||
|
use GuardHelpers;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The currently authenticated user.
|
* The currently authenticated user.
|
||||||
*
|
*
|
||||||
* @var \Illuminate\Contracts\Auth\Authenticatable
|
* @var \Illuminate\Contracts\Auth\Authenticatable|null
|
||||||
*/
|
*/
|
||||||
protected $user;
|
protected $user;
|
||||||
|
|
||||||
/**
|
|
||||||
* The user provider implementation.
|
|
||||||
*
|
|
||||||
* @var \Illuminate\Contracts\Auth\UserProvider
|
|
||||||
*/
|
|
||||||
protected $provider;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new authentication guard.
|
* Create a new authentication guard.
|
||||||
*
|
*
|
||||||
@ -38,22 +32,6 @@ public function __construct(UserProvider $provider)
|
|||||||
$this->provider = $provider;
|
$this->provider = $provider;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritDoc
|
|
||||||
*/
|
|
||||||
public function check(): bool
|
|
||||||
{
|
|
||||||
return !is_null($this->user());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritDoc
|
|
||||||
*/
|
|
||||||
public function guest(): bool
|
|
||||||
{
|
|
||||||
return !$this->check();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @inheritDoc
|
* @inheritDoc
|
||||||
*/
|
*/
|
||||||
@ -66,8 +44,6 @@ public function user()
|
|||||||
return $this->user;
|
return $this->user;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = null;
|
|
||||||
|
|
||||||
// Get the user identifier from $_SERVER or apache filtered headers
|
// Get the user identifier from $_SERVER or apache filtered headers
|
||||||
$remoteUserHeader = config('auth.auth_proxy_headers.user');
|
$remoteUserHeader = config('auth.auth_proxy_headers.user');
|
||||||
$remoteUserHeader = $remoteUserHeader ?: 'REMOTE_USER';
|
$remoteUserHeader = $remoteUserHeader ?: 'REMOTE_USER';
|
||||||
@ -101,39 +77,19 @@ public function user()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = $this->provider->retrieveById($identifier);
|
return $this->user = $this->provider->retrieveById($identifier);
|
||||||
|
|
||||||
return $this->user = $user;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritDoc
|
|
||||||
*
|
|
||||||
* @codeCoverageIgnore
|
|
||||||
*/
|
|
||||||
public function id()
|
|
||||||
{
|
|
||||||
return $this->user;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validate a user's credentials.
|
* Validate a user's credentials.
|
||||||
*
|
*
|
||||||
* @param array $credentials
|
* @param array $credentials
|
||||||
* @return Exception
|
* @return bool
|
||||||
*
|
*
|
||||||
* @codeCoverageIgnore
|
* @codeCoverageIgnore
|
||||||
*/
|
*/
|
||||||
public function validate(array $credentials = [])
|
public function validate(array $credentials = [])
|
||||||
{
|
{
|
||||||
throw new Exception('No implementation for RemoteUserGuard::validate()');
|
return $this->check();
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritDoc
|
|
||||||
*/
|
|
||||||
public function setUser(Authenticatable $user)
|
|
||||||
{
|
|
||||||
$this->user = $user;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user