Refactored out the LDAP repo

app/Http/Controllers/Auth/LoginController.php

@@ -5,7 +5,6 @@
 use BookStack\Exceptions\AuthException;
 use BookStack\Http\Controllers\Controller;
 use BookStack\Repos\UserRepo;
-use BookStack\Repos\LdapRepo;
 use BookStack\Services\LdapService;
 use BookStack\Services\SocialAuthService;
 use Illuminate\Contracts\Auth\Authenticatable;
@@ -38,18 +37,21 @@ class LoginController extends Controller
     protected $redirectAfterLogout = '/login';
 
     protected $socialAuthService;
+    protected $ldapService;
     protected $userRepo;
 
     /**
      * Create a new controller instance.
      *
      * @param SocialAuthService $socialAuthService
+     * @param LdapService $ldapService
      * @param UserRepo $userRepo
      */
-    public function __construct(SocialAuthService $socialAuthService, UserRepo $userRepo)
+    public function __construct(SocialAuthService $socialAuthService, LdapService $ldapService, UserRepo $userRepo)
     {
         $this->middleware('guest', ['only' => ['getLogin', 'postLogin']]);
         $this->socialAuthService = $socialAuthService;
+        $this->ldapService = $ldapService;
         $this->userRepo = $userRepo;
         $this->redirectPath = baseUrl('/');
         $this->redirectAfterLogout = baseUrl('/login');
@@ -98,13 +100,11 @@ protected function authenticated(Request $request, Authenticatable $user)
             auth()->login($user);
         }
 
-        // ldap groups refresh
-        if (config('services.ldap.user_to_groups') !== false && $request->filled('username')) {
-            $ldapRepo = new LdapRepo($this->userRepo, app(LdapService::class));
-            $ldapRepo->syncGroups($user, $request->input('username'));
+        // Sync LDAP groups if required
+        if ($this->ldapService->shouldSyncGroups()) {
+            $this->ldapService->syncGroups($user);
         }
 
-
         $path = session()->pull('url.intended', '/');
         $path = baseUrl($path, true);
         return redirect($path);
@@ -134,6 +134,7 @@ public function getLogin(Request $request)
      * Redirect to the relevant social site.
      * @param $socialDriver
      * @return \Symfony\Component\HttpFoundation\RedirectResponse
+     * @throws \BookStack\Exceptions\SocialDriverNotConfigured
      */
     public function getSocialLogin($socialDriver)
     {

app/Services/LdapService.php

@@ -1,6 +1,9 @@
 <?php namespace BookStack\Services;
 
 use BookStack\Exceptions\LdapException;
+use BookStack\Repos\UserRepo;
+use BookStack\Role;
+use BookStack\User;
 use Illuminate\Contracts\Auth\Authenticatable;
 
 /**
@@ -14,15 +17,29 @@ class LdapService
     protected $ldap;
     protected $ldapConnection;
     protected $config;
+    protected $userRepo;
+    protected $enabled;
 
     /**
      * LdapService constructor.
      * @param Ldap $ldap
+     * @param UserRepo $userRepo
      */
-    public function __construct(Ldap $ldap)
+    public function __construct(Ldap $ldap, UserRepo $userRepo)
     {
         $this->ldap = $ldap;
         $this->config = config('services.ldap');
+        $this->userRepo = $userRepo;
+        $this->enabled = config('auth.method') === 'ldap';
+    }
+
+    /**
+     * Check if groups should be synced.
+     * @return bool
+     */
+    public function shouldSyncGroups()
+    {
+        return $this->enabled && $this->config['user_to_groups'] !== false;
     }
 
     /**
@@ -185,6 +202,7 @@ protected function buildFilter($filterString, array $attrs)
      * Get the groups a user is a part of on ldap
      * @param string $userName
      * @return array|null
+     * @throws LdapException
      */
     public function getUserGroups($userName)
     {
@@ -205,6 +223,7 @@ public function getUserGroups($userName)
      * @param array $groupsArray
      * @param array $checked
      * @return array
+     * @throws LdapException
      */
     private function getGroupsRecursive($groupsArray, $checked)
     {
@@ -231,6 +250,7 @@ private function getGroupsRecursive($groupsArray, $checked)
      * Get the parent groups of a single group
      * @param string $groupName
      * @return array
+     * @throws LdapException
      */
     private function getGroupGroups($groupName)
     {
@@ -274,4 +294,48 @@ protected function groupFilter($ldapSearchReturn)
         }
         return $ldapGroups;
     }
+
+    /**
+     * Sync the LDAP groups to the user roles for the current user
+     * @param \BookStack\User $user
+     * @throws LdapException
+     * @throws \BookStack\Exceptions\NotFoundException
+     */
+    public function syncGroups(User $user)
+    {
+        $userLdapGroups = $this->getUserGroups($user->external_auth_id);
+        $userLdapGroups = $this->groupNameFilter($userLdapGroups);
+
+        // Get the ids for the roles from the names
+        $ldapGroupsAsRoles = Role::query()->whereIn('name', $userLdapGroups)->pluck('id');
+
+        // Sync groups
+        if ($this->config['remove_from_groups']) {
+            $user->roles()->sync($ldapGroupsAsRoles);
+            $this->userRepo->attachDefaultRole($user);
+        } else {
+            $user->roles()->syncWithoutDetaching($ldapGroupsAsRoles);
+        }
+
+        // make the user an admin?
+        // TODO - Remove
+        if (in_array($this->config['admin'], $userLdapGroups)) {
+            $this->userRepo->attachSystemRole($user, 'admin');
+        }
+    }
+
+    /**
+     * Filter to convert the groups from ldap to the format of the roles name on BookStack
+     * Spaces replaced with -, all lowercase letters
+     * @param array $groups
+     * @return array
+     */
+    private function groupNameFilter(array $groups)
+    {
+        $return = [];
+        foreach ($groups as $groupName) {
+            $return[] = str_replace(' ', '-', strtolower($groupName));
+        }
+        return $return;
+    }
 }