Auth::user()->ldap is null until Laravel session is created #581
Comments
|
Hi @keithbrinks, The session file is what keeps your user authenticated into your application. You can change session drivers in your application to something else if you'd prefer: https://laravel.com/docs/5.6/session This is definitely intended. Adldap2-Laravel does not create the session files itself, Laravel does this behind the scenes upon authenticating any user into your application. |
|
Sorry, think I may have misunderstood a bit of the question? A listener is bound to Laravel's https://github.com/Adldap2/Adldap2-Laravel/blob/master/src/AdldapAuthServiceProvider.php#L93-L97 Just to clarify, right after authentication of an LDAP user, this attribute stays null until the next request? |
|
Hi Steve, Just to make sure I understand correctly as well, I am using the file session driver currently, so when a session is closed (I.e. the web browser is closed), the session file is supposed to go away, correct? So if a user signs in and is immediately redirected to whatever the previous page was after authentication, the LDAP attribute is populated just fine. But, if a user signs in with the “Remember Me” box checked, authenticates, closes the browser, then returns to the app (once the session file is cleared), Laravel remembers the user had chosen to stay logged in, authenticates the user (I suspect against the local database/users table), but the LDAP attribute will be null at this point. If they refresh the page, then LDAP will be populated again until the session is closed. Hopefully that answers your question. Me deleting the session file is just me simulating the session being closed. It seems like maybe the Authenticated event isn’t firing for new sessions? I had turned logging on, but wasn’t getting any output for this scenario. Thanks |
|
Ohh okay let me take a look at this! I understand now. I need to see if the authentication event is being fired from Laravel when authenticating via the “remember me” option. |
|
Has there been any progress on this issue? I'm running into the same thing myself. |
|
Hi @nathan-lochala, this will be patched tonight, I located the issue here in the // If the user is null, but we decrypt a "recaller" cookie we can attempt to
// pull the user data on that cookie which serves as a remember cookie on
// the application. Once we have a user we can return it to the caller.
$recaller = $this->recaller();
if (is_null($this->user) && ! is_null($recaller)) {
$this->user = $this->userFromRecaller($recaller);
if ($this->user) {
$this->updateSession($this->user->getAuthIdentifier());
$this->fireLoginEvent($this->user, true);
}
}When a user is authenticated via the "remember" token, the Adldap2-Laravel/src/AdldapAuthServiceProvider.php Lines 62 to 66 in c6467e0 I just need to attach this listener to the |
|
Can we get this commit available to the composer package? |
|
Hi @shaqaruden, I forgot to close this issue out. The commit is already in the latest version here: Adldap2-Laravel/src/AdldapAuthServiceProvider.php Lines 63 to 68 in 9c58cb3 Are you still experiencing this issue after upgrading to the latest? |
|
when pulling this package in with composer I was still getting an older 4.x.x version. I had to specify ^5.1.0 to get the fix |
|
Oh okay great, thanks for your quick response @shaqaruden! If you encounter any further issues give me a shout. Closing this one out. |
Description:
Hi,
I'm specifically trying to check if a user is in a specified Security Group. I.e.:
Auth::user()->ldap->inGroup($name)However, I am seeing that
Auth::user()->ldapis null until the Laravel session file has been created in./storage/framework/sessions.In other words, for example, say I have
return Auth::user()->ldapin a controller (in my case I have it in a helper function which I'm calling from within a blade template). My user is able to log in just fine, in which case a session file will have been created already.ldapis populated with the ActiveDirectory data and all is well.However, if I then delete the session file for my user that was created and refresh the page,
Auth::user()->ldapis now null. At this point a new session file has already been created, so if I refresh the page a 2nd time, all is well and I have the ldap object again.I'm trying to figure out if this is intended behavior or if I'm missing something? I obviously have a connection to the Active Directory server, I am able to authenticate, everything works fine. Only when this session file is deleted (or expires) the ldap object returns null.
Thoughts?
Thanks
Steps To Reproduce:
See above.
The text was updated successfully, but these errors were encountered: