Added ability turn off password synchronization.

stevebauman · stevebauman · commit a8bdb4e0ce51 · 2016-05-11T15:54:56.000-04:00
- Closes #99.
diff --git a/src/Config/auth.php b/src/Config/auth.php
@@ -84,6 +84,29 @@
 
     'password_key' => env('ADLDAP_PASSWORD_KEY', 'password'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Password Sync
+    |--------------------------------------------------------------------------
+    |
+    | The password sync option allows you to automatically synchronize
+    | users AD passwords to your local database. These passwords are
+    | hashed natively by laravel.
+    |
+    | Enabling this option would also allow users to login to their
+    | accounts using the password last used when an AD connection
+    | was present.
+    |
+    | If this option is disabled, the local user account is applied
+    | a random 16 character hashed password, and will lose access
+    | to this account upon loss of AD connectivity.
+    |
+    | This option must be true or false.
+    |
+    */
+
+    'password_sync' => env('ADLDAP_PASSWORD_SYNC', true),
+
     /*
     |--------------------------------------------------------------------------
     | Login Attribute
diff --git a/src/Traits/ImportsUsers.php b/src/Traits/ImportsUsers.php
@@ -120,17 +120,15 @@ protected function syncModelFromAdldap(User $user, Authenticatable $model)
      */
     protected function syncModelPassword(Authenticatable $model, $password)
     {
-        if ($model instanceof Model && $model->hasSetMutator('password')) {
-            // If the model has a set mutator for the password then
-            // we'll assume that the dev is using their
-            // own encryption method for passwords.
-            $model->password = $password;
+        // If the developer doesn't want to synchronize AD passwords,
+        // we'll set the password to a random 16 character string.
+        $password = ($this->getPasswordSync() ? $password : str_random());
 
-            return $model;
-        }
-
-        // Always encrypt the model password by default.
-        $model->password = bcrypt($password);
+        // If the model has a set mutator for the password then
+        // we'll assume that the dev is using their own
+        // encryption method for passwords. Otherwise
+        // we'll bcrypt it normally.
+        $model->password = ($model->hasSetMutator('password') ? $password : bcrypt($password));
 
         return $model;
     }
@@ -246,7 +244,7 @@ protected function getAdldap($provider = null)
     }
 
     /**
-     * Retrieves the Aldldap select attributes when performing
+     * Returns the configured select attributes when performing
      * queries for authentication and binding for users.
      *
      * @return array
@@ -257,7 +255,7 @@ protected function getSelectAttributes()
     }
 
     /**
-     * Returns the username attribute for discovering LDAP users.
+     * Returns the configured username attribute for discovering LDAP users.
      *
      * @return array
      */
@@ -267,7 +265,7 @@ protected function getUsernameAttribute()
     }
 
     /**
-     * Retrieves the Adldap bind user to model config option for binding
+     * Returns the configured bind user to model option for binding
      * the Adldap user model instance to the laravel model.
      *
      * @return bool
@@ -278,7 +276,7 @@ protected function getBindUserToModel()
     }
 
     /**
-     * Retrieves the Adldap login attribute for authenticating users.
+     * Returns the configured login attribute for authenticating users.
      *
      * @return string
      */
@@ -288,7 +286,7 @@ protected function getLoginAttribute()
     }
 
     /**
-     * Retrieves the Adldap sync attributes for filling the
+     * Returns the configured sync attributes for filling the
      * Laravel user model with active directory fields.
      *
      * @return array
@@ -298,6 +296,16 @@ protected function getSyncAttributes()
         return Config::get('adldap_auth.sync_attributes', ['name' => $this->getSchema()->commonName()]);
     }
 
+    /**
+     * Returns the configured password sync configuration option.
+     *
+     * @return bool
+     */
+    protected function getPasswordSync()
+    {
+        return Config::get('adldap_auth.password_sync', true);
+    }
+
     /**
      * Returns the configured login limitation filter.
      *
@@ -309,7 +317,7 @@ protected function getLimitationFilter()
     }
 
     /**
-     * Retrieves the default connection name from the configuration.
+     * Returns the configured default connection name.
      *
      * @return mixed
      */

Original file line number	Diff line number	Diff line change
`@@ -120,17 +120,15 @@ protected function syncModelFromAdldap(User $user, Authenticatable $model)`
`120`	`120`	`*/`
`121`	`121`	`protected function syncModelPassword(Authenticatable $model, $password)`
`122`	`122`	`{`
`123`		`- if ($model instanceof Model && $model->hasSetMutator('password')) {`
`124`		`- // If the model has a set mutator for the password then`
`125`		`- // we'll assume that the dev is using their`
`126`		`- // own encryption method for passwords.`
`127`		`- $model->password = $password;`
	`123`	`+ // If the developer doesn't want to synchronize AD passwords,`
	`124`	`+ // we'll set the password to a random 16 character string.`
	`125`	`+ $password = ($this->getPasswordSync() ? $password : str_random());`
`128`	`126`
`129`		`- return $model;`
`130`		`- }`
`131`		`-`
`132`		`- // Always encrypt the model password by default.`
`133`		`- $model->password = bcrypt($password);`
	`127`	`+ // If the model has a set mutator for the password then`
	`128`	`+ // we'll assume that the dev is using their own`
	`129`	`+ // encryption method for passwords. Otherwise`
	`130`	`+ // we'll bcrypt it normally.`
	`131`	`+ $model->password = ($model->hasSetMutator('password') ? $password : bcrypt($password));`
`134`	`132`
`135`	`133`	`return $model;`
`136`	`134`	`}`
`@@ -246,7 +244,7 @@ protected function getAdldap($provider = null)`
`246`	`244`	`}`
`247`	`245`
`248`	`246`	`/**`
`249`		`- * Retrieves the Aldldap select attributes when performing`
	`247`	`+ * Returns the configured select attributes when performing`
`250`	`248`	`* queries for authentication and binding for users.`
`251`	`249`	`*`
`252`	`250`	`* @return array`
`@@ -257,7 +255,7 @@ protected function getSelectAttributes()`
`257`	`255`	`}`
`258`	`256`
`259`	`257`	`/**`
`260`		`- * Returns the username attribute for discovering LDAP users.`
	`258`	`+ * Returns the configured username attribute for discovering LDAP users.`
`261`	`259`	`*`
`262`	`260`	`* @return array`
`263`	`261`	`*/`
`@@ -267,7 +265,7 @@ protected function getUsernameAttribute()`
`267`	`265`	`}`
`268`	`266`
`269`	`267`	`/**`
`270`		`- * Retrieves the Adldap bind user to model config option for binding`
	`268`	`+ * Returns the configured bind user to model option for binding`
`271`	`269`	`* the Adldap user model instance to the laravel model.`
`272`	`270`	`*`
`273`	`271`	`* @return bool`
`@@ -278,7 +276,7 @@ protected function getBindUserToModel()`
`278`	`276`	`}`
`279`	`277`
`280`	`278`	`/**`
`281`		`- * Retrieves the Adldap login attribute for authenticating users.`
	`279`	`+ * Returns the configured login attribute for authenticating users.`
`282`	`280`	`*`
`283`	`281`	`* @return string`
`284`	`282`	`*/`
`@@ -288,7 +286,7 @@ protected function getLoginAttribute()`
`288`	`286`	`}`
`289`	`287`
`290`	`288`	`/**`
`291`		`- * Retrieves the Adldap sync attributes for filling the`
	`289`	`+ * Returns the configured sync attributes for filling the`
`292`	`290`	`* Laravel user model with active directory fields.`
`293`	`291`	`*`
`294`	`292`	`* @return array`
`@@ -298,6 +296,16 @@ protected function getSyncAttributes()`
`298`	`296`	`return Config::get('adldap_auth.sync_attributes', ['name' => $this->getSchema()->commonName()]);`
`299`	`297`	`}`
`300`	`298`
	`299`	`+ /**`
	`300`	`+ * Returns the configured password sync configuration option.`
	`301`	`+ *`
	`302`	`+ * @return bool`
	`303`	`+ */`
	`304`	`+ protected function getPasswordSync()`
	`305`	`+ {`
	`306`	`+ return Config::get('adldap_auth.password_sync', true);`
	`307`	`+ }`
	`308`	`+`
`301`	`309`	`/**`
`302`	`310`	`* Returns the configured login limitation filter.`
`303`	`311`	`*`
`@@ -309,7 +317,7 @@ protected function getLimitationFilter()`
`309`	`317`	`}`
`310`	`318`
`311`	`319`	`/**`
`312`		`- * Retrieves the default connection name from the configuration.`
	`320`	`+ * Returns the configured default connection name.`
`313`	`321`	`*`
`314`	`322`	`* @return mixed`
`315`	`323`	`*/`