Merge remote-tracking branch 'origin/master'

# Conflicts:
#	src/Resolvers/UserResolver.php

Author: stevebauman

docs/auth/events.md

@@ -0,0 +1,14 @@
+# Events
+
+There are several events fired during each operation that takes place in Adldap2-Laravel.
+
+| Event                                              | Fired                                                                                                                                                                                                               | Limitations                                      |
+|----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|
+| `Adldap\Laravel\Events\AuthenticatedModelTrashed`    | When the configured authentication rule `Adldap\Laravel\Validation\Rules\DenyTrashed` is used, this event will be fired when a user has passed LDAP authentication, but their Eloquent model has been soft deleted. |                                                  |
+| `Adldap\Laravel\Events\AuthenticatedWithCredentials` | When a user successfully passes LDAP authentication.                                                                                                                                                                |                                                  |
+| `Adldap\Laravel\Events\AuthenticatedWithWindows`     | When a user has authenticated successfully using the `WindowsAuthenticate` middleware.                                                                                                                              |                                                  |
+| `Adldap\Laravel\Events\DiscoveredWithCredentials`    | When a users LDAP record has been successfully been found. Fired before LDAP authentication.                                                                                                                        |                                                  |
+| `Adldap\Laravel\Events\Importing`                    | When an LDAP user is being imported for the first time. Not fired on subsequent logins after being imported. Use the `Synchronized` / `Synchronizing` event for this purpose.                                       | Only fired when using the `DatabaseUserProvider` |
+| `Adldap\Laravel\Events\Synchronizing`                | When an LDAP users attributes are being synchronized. Fired on every authentication attempt after the LDAP user has been located.                                                                                   | Onlyfired when using the `DatabaseUserProvider`  |
+| `Adldap\Laravel\Events\Synchronized`                 | When an LDAP users attributes have been fully synchronized. Fired on every authentication attempt after the LDAP user has been located.                                                                             | Onlyfired when using the `DatabaseUserProvider`  |
+

docs/auth/scopes.md

@@ -66,7 +66,6 @@ Now that we've created our scope (`app/Scopes/AccountingScope.php`), we can inse
 Once you've inserted your scope into the configuration file, you will now only be able
 to authenticate with users that are a member of the `Accounting` group.
 
-All other users will be denied authentication to your app,
-even if their credentials are valid.
+All other users will be denied authentication, even if their credentials are valid.
 
 > **Note**: If you're caching your configuration files, make sure you run `php artisan config:clear`.

docs/auth/syncing.md

@@ -2,7 +2,16 @@
 
 Inside your `config/adldap_auth.php` file there is a configuration option named `sync_attributes`. This
 is an array of attributes where the key is the eloquent `User` model attribute, and the
-value is the active directory users attribute.
+value is the active directory users attribute:
+
+```php
+'sync_attributes' => [
+
+    'email' => 'userprincipalname',
+
+    'name' => 'cn',
+],
+```
 
 By default, the `User` models `email` and `name` attributes are synchronized to
 the LDAP users `userprincipalname` and `cn` attributes.

readme.md

@@ -43,20 +43,12 @@ To use Adldap2-Laravel, your application and server must meet the following requ
 
 ## Installation
 
-Insert Adldap2-Laravel into your `composer.json` file:
-
-```json
-"adldap2/adldap2-laravel": "3.0.*",
-```
-
-Or via command line:
+Run the following command:
 
 ```bash
 composer require adldap2/adldap2-laravel
 ```
 
-Then run `composer update`.
-
 Once finished, insert the service provider in your `config/app.php` file:
 ```php
 Adldap\Laravel\AdldapServiceProvider::class,

src/AdldapAuthServiceProvider.php

@@ -2,14 +2,12 @@
 
 namespace Adldap\Laravel;
 
+use Adldap\AdldapInterface;
 use InvalidArgumentException;
-use Adldap\Laravel\Facades\Adldap;
 use Adldap\Laravel\Resolvers\UserResolver;
 use Adldap\Laravel\Resolvers\ResolverInterface;
 use Adldap\Laravel\Commands\Console\Import;
 use Adldap\Laravel\Auth\DatabaseUserProvider;
-use Adldap\Laravel\Auth\NoDatabaseUserProvider;
-use Adldap\Laravel\Listeners\BindsLdapUserModel;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Config;
@@ -28,7 +26,6 @@ public function boot()
     {
         $config = __DIR__.'/Config/auth.php';
 
-        // Add publishable configuration.
         $this->publishes([
             $config => config_path('adldap_auth.php'),
         ], 'adldap');
@@ -38,16 +35,12 @@ public function boot()
         $auth = Auth::getFacadeRoot();
 
         if (method_exists($auth, 'provider')) {
-            // If the provider method exists, we're running Laravel >= 5.2
-            // Register the adldap auth user provider.
             $auth->provider('adldap', function ($app, array $config) {
-                return $this->newUserProvider($app['hash'], $config);
+                return $this->makeUserProvider($app['hash'], $config);
             });
         } else {
-            // Otherwise we're using 5.0 || 5.1
-            // Extend Laravel authentication with Adldap driver.
             $auth->extend('adldap', function ($app) {
-                return $this->newUserProvider($app['hash'], $app['config']['auth']);
+                return $this->makeUserProvider($app['hash'], $app['config']['auth']);
             });
         }
 
@@ -84,7 +77,9 @@ public function provides()
     protected function registerBindings()
     {
         $this->app->bind(ResolverInterface::class, function () {
-            return $this->newUserResolver();
+            $ad = $this->app->make(AdldapInterface::class);
+
+            return new UserResolver($ad);
         });
     }
 
@@ -95,7 +90,27 @@ protected function registerBindings()
      */
     protected function registerListeners()
     {
-        Event::listen(Authenticated::class, BindsLdapUserModel::class);
+        // Here we will register the event listener that will bind the users LDAP
+        // model to their Eloquent model upon authentication (if configured).
+        // This allows us to utilize their LDAP model right
+        // after authentication has passed.
+        Event::listen(Authenticated::class, Listeners\BindsLdapUserModel::class);
+
+        if ($this->isLogging()) {
+            // If logging is enabled, we will set up our event listeners that
+            // log each event fired throughout the authentication process.
+            Event::listen(Events\Importing::class, Listeners\LogImport::class);
+            Event::listen(Events\Synchronized::class, Listeners\LogSynchronized::class);
+            Event::listen(Events\Synchronizing::class, Listeners\LogSynchronizing::class);
+            Event::listen(Events\Authenticated::class, Listeners\LogAuthenticated::class);
+            Event::listen(Events\Authenticating::class, Listeners\LogAuthentication::class);
+            Event::listen(Events\AuthenticationFailed::class, Listeners\LogAuthenticationFailure::class);
+            Event::listen(Events\AuthenticationRejected::class, Listeners\LogAuthenticationRejection::class);
+            Event::listen(Events\AuthenticationSuccessful::class, Listeners\LogAuthenticationSuccess::class);
+            Event::listen(Events\DiscoveredWithCredentials::class, Listeners\LogDiscovery::class);
+            Event::listen(Events\AuthenticatedWithWindows::class, Listeners\LogWindowsAuth::class);
+            Event::listen(Events\AuthenticatedModelTrashed::class, Listeners\LogTrashedModel::class);
+        }
     }
 
     /**
@@ -104,69 +119,39 @@ protected function registerListeners()
      * @param Hasher $hasher
      * @param array  $config
      *
-     * @return \Illuminate\Contracts\Auth\UserProvider
-     *
      * @throws InvalidArgumentException
+     * 
+     * @return \Illuminate\Contracts\Auth\UserProvider
      */
-    protected function newUserProvider(Hasher $hasher, array $config)
+    protected function makeUserProvider(Hasher $hasher, array $config)
     {
-        $provider = $this->userProvider();
+        $provider = Config::get('adldap_auth.provider', DatabaseUserProvider::class);
 
-        switch ($provider) {
-            case DatabaseUserProvider::class:
-                if (array_key_exists('model', $config)) {
-                    return new $provider($hasher, $config['model']);
-                }
+        // The DatabaseUserProvider has some extra dependencies needed,
+        // so we will validate that we have them before
+        // constructing a new instance.
+        if ($provider == DatabaseUserProvider::class) {
+            $model = array_get($config, 'model');
 
+            if (!$model) {
                 throw new InvalidArgumentException(
                     "No model is configured. You must configure a model to use with the {$provider}."
                 );
-            case NoDatabaseUserProvider::class:
-                return new $provider;
-        }
+            }
 
-        throw new InvalidArgumentException(
-            "The configured Adldap provider [{$provider}] is not supported or does not exist."
-        );
-    }
-
-    /**
-     * Returns a new user resolver.
-     *
-     * @return ResolverInterface
-     */
-    protected function newUserResolver()
-    {
-        return new UserResolver($this->ldapProvider());
-    }
-
-    /**
-     * Retrieves a connection provider from the Adldap instance.
-     *
-     * @return \Adldap\Connections\ProviderInterface
-     */
-    protected function ldapProvider()
-    {
-        return Adldap::getProvider($this->connection());
-    }
-
-    /**
-     * Returns the configured user provider class.
-     *
-     * @return string
-     */
-    protected function userProvider()
-    {
-        return Config::get('adldap_auth.provider', DatabaseUserProvider::class);
+            return new $provider($hasher, $model);
+        }
+        
+        return new $provider;
     }
 
     /**
-     * Returns the configured default connection name.
+     * Determines if authentication requests are logged.
      *
-     * @return string
+     * @return bool
      */
-    public function connection()
+    protected function isLogging()
     {
-        return Config::get('adldap_auth.connection', 'default');
+        return Config::get('adldap_auth.logging', false);
     }
 }

src/Auth/DatabaseUserProvider.php

@@ -6,6 +6,8 @@
 use Adldap\Laravel\Facades\Resolver;
 use Adldap\Laravel\Commands\Import;
 use Adldap\Laravel\Commands\SyncPassword;
+use Adldap\Laravel\Events\AuthenticationRejected;
+use Adldap\Laravel\Events\AuthenticationSuccessful;
 use Adldap\Laravel\Events\DiscoveredWithCredentials;
 use Adldap\Laravel\Events\AuthenticatedWithCredentials;
 use Illuminate\Support\Facades\Bus;
@@ -131,15 +133,19 @@ public function validateCredentials(Authenticatable $model, array $credentials)
             // validation rules pass, we will allow the authentication
             // attempt. Otherwise, it is automatically rejected.
             if ($this->passesValidation($this->user, $model)) {
-                // Sync / set the users password since it has been verified.
+                // Here we can now synchronize / set the users password since
+                // they have successfully passed authentication
+                // and our validation rules.
                 Bus::dispatch(new SyncPassword($model, $credentials));
 
-                // All of our validation rules have passed and we can
-                // finally save the model in case of changes.
                 $model->save();
 
+                Event::fire(new AuthenticationSuccessful($this->user));
+
                 return true;
             }
+
+            Event::fire(new AuthenticationRejected($this->user));
         }
 
         if ($this->isFallingBack() && $model->exists) {

src/Auth/NoDatabaseUserProvider.php

@@ -3,6 +3,8 @@
 namespace Adldap\Laravel\Auth;
 
 use Adldap\Laravel\Facades\Resolver;
+use Adldap\Laravel\Events\AuthenticationRejected;
+use Adldap\Laravel\Events\AuthenticationSuccessful;
 use Adldap\Laravel\Events\DiscoveredWithCredentials;
 use Adldap\Laravel\Events\AuthenticatedWithCredentials;
 use Illuminate\Support\Facades\Event;
@@ -57,14 +59,16 @@ public function retrieveByCredentials(array $credentials)
      */
     public function validateCredentials(Authenticatable $user, array $credentials)
     {
-        // Perform LDAP authentication and validate the authenticated model.
-        if (
-            Resolver::authenticate($user, $credentials) &&
-            $this->passesValidation($user)
-        ) {
+        if (Resolver::authenticate($user, $credentials)) {
             Event::fire(new AuthenticatedWithCredentials($user));
 
-            return true;
+            if ($this->passesValidation($user)) {
+                Event::fire(new AuthenticationSuccessful($user));
+
+                return true;
+            }
+
+            Event::fire(new AuthenticationRejected($user));
         }
 
         return false;