Porting fixes and additions to master

Author: stevebauman

src/AdldapAuthUserProvider.php

@@ -3,6 +3,7 @@
 namespace Adldap\Laravel;
 
 use Adldap\Laravel\Facades\Adldap;
+use Adldap\Laravel\Traits\ImportsUsers;
 use Adldap\Models\User;
 use Illuminate\Auth\EloquentUserProvider;
 use Illuminate\Contracts\Auth\Authenticatable;
@@ -12,6 +13,8 @@
 
 class AdldapAuthUserProvider extends EloquentUserProvider
 {
+    use ImportsUsers;
+
     /**
      * {@inheritdoc}
      */
@@ -345,16 +348,6 @@ protected function getAdldap($provider = null)
         return $ad->getManager()->get($provider);
     }
 
-    /**
-     * Returns the username attribute for discovering LDAP users.
-     *
-     * @return array
-     */
-    protected function getUsernameAttribute()
-    {
-        return Config::get('adldap_auth.username_attribute', ['username' => $this->getSchema()->accountName()]);
-    }
-
     /**
      * Returns the password key to retrieve the
      * password from the user input array.
@@ -366,49 +359,6 @@ protected function getPasswordKey()
         return Config::get('adldap_auth.password_key', 'password');
     }
 
-    /**
-     * Retrieves the Adldap login attribute for authenticating users.
-     *
-     * @return string
-     */
-    protected function getLoginAttribute()
-    {
-        return Config::get('adldap_auth.login_attribute', $this->getSchema()->accountName());
-    }
-
-    /**
-     * Retrieves the Adldap bind user to model config option for binding
-     * the Adldap user model instance to the laravel model.
-     *
-     * @return bool
-     */
-    protected function getBindUserToModel()
-    {
-        return Config::get('adldap_auth.bind_user_to_model', false);
-    }
-
-    /**
-     * Retrieves the Adldap sync attributes for filling the
-     * Laravel user model with active directory fields.
-     *
-     * @return array
-     */
-    protected function getSyncAttributes()
-    {
-        return Config::get('adldap_auth.sync_attributes', ['name' => $this->getSchema()->commonName()]);
-    }
-
-    /**
-     * Retrieves the Aldldap select attributes when performing
-     * queries for authentication and binding for users.
-     *
-     * @return array
-     */
-    protected function getSelectAttributes()
-    {
-        return Config::get('adldap_auth.select_attributes', []);
-    }
-
     /**
      * Retrieves the Adldap login fallback option for falling back
      * to the local database if AD authentication fails.

src/Config/auth.php

@@ -34,6 +34,20 @@
 
     'username_attribute' => ['username' => 'samaccountname'],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Limitation Filter
+    |--------------------------------------------------------------------------
+    |
+    | The limitation filter allows you to enter a raw filter to only allow
+    | specific users / groups / ous to authenticate.
+    |
+    | This should be a standard LDAP filter.
+    |
+    */
+
+    'limitation_filter' => '',
+
     /*
     |--------------------------------------------------------------------------
     | Login Fallback

src/Middleware/WindowsAuthenticate.php

@@ -0,0 +1,124 @@
+<?php
+
+namespace Adldap\Laravel\Middleware;
+
+use Adldap\Laravel\Traits\ImportsUsers;
+use Adldap\Models\User;
+use Adldap\Schemas\ActiveDirectory;
+use Closure;
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Config;
+
+class WindowsAuthenticate
+{
+    use ImportsUsers;
+
+    /**
+     * The authenticator implementation.
+     *
+     * @var \Illuminate\Contracts\Auth\Guard
+     */
+    protected $auth;
+
+    /**
+     * Create a new filter instance.
+     *
+     * @param Guard $auth
+     */
+    public function __construct(Guard $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param Request $request
+     * @param Closure $next
+     *
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        // If the user is already logged in, we don't need to reauthenticate.
+        if (!$this->auth->check()) {
+            // Retrieve the SSO login attribute.
+            $auth = $this->getWindowsAuthAttribute();
+
+            // Retrieve the SSO input key.
+            $key = key($auth);
+
+            // Handle Windows Authentication.
+            if ($account = $request->server($auth[$key])) {
+                // Usernames may be prefixed with their domain,
+                // we just need their account name.
+                $username = explode('\\', $account);
+
+                if (count($username) === 2) {
+                    list($domain, $username) = $username;
+                } else {
+                    $username = $username[key($username)];
+                }
+
+                // Create a new user LDAP user query.
+                $query = $this->newAdldapUserQuery();
+
+                // Filter the query by the username attribute
+                $query->whereEquals($key, $username);
+
+                // Retrieve the first user result
+                $user = $query->first();
+
+                if ($user instanceof User) {
+                    $model = $this->getModelFromAdldap($user, str_random());
+
+                    if ($model instanceof Model) {
+                        // Double check user instance before logging them in.
+                        $this->auth->login($model);
+                    }
+                }
+            }
+        }
+
+        return $this->returnNextRequest($request, $next);
+    }
+
+    /**
+     * Returns the next request.
+     *
+     * This method exists for override ability.
+     *
+     * @param Request $request
+     * @param Closure $next
+     *
+     * @return mixed
+     */
+    public function returnNextRequest(Request $request, Closure $next)
+    {
+        return $next($request);
+    }
+
+    /**
+     * Returns a new auth model instance.
+     *
+     * @return \Illuminate\Database\Eloquent\Model
+     */
+    public function createModel()
+    {
+        $model = $this->auth->getProvider()->getModel();
+
+        return new $model();
+    }
+
+    /**
+     * Returns the windows authentication attribute.
+     *
+     * @return string
+     */
+    protected function getWindowsAuthAttribute()
+    {
+        return Config::get('adldap_auth.windows_auth_attribute', [ActiveDirectory::ACCOUNT_NAME => 'AUTH_USER']);
+    }
+}