diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000000..19d4faa7342 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,20 @@ +.git +.github +node_modules +vendor +.env +public/uploads +public/uploads/ +public/uploads/** +storage/framework +storage/framework/ +storage/framework/** +storage/logs +storage/logs/ +storage/logs/** +storage/backups +storage/backups/ +storage/backups/** +bootstrap/cache +bootstrap/cache/ +bootstrap/cache/** \ No newline at end of file diff --git a/.env.docker-dev b/.env.docker-dev new file mode 100644 index 00000000000..fa7ae7e7feb --- /dev/null +++ b/.env.docker-dev @@ -0,0 +1,48 @@ +APP_ENV=local +APP_DEBUG=true +APP_URL=http://localhost:8080 +APP_KEY=base64:changeme + +DEV_PORT=8080 +DEV_MAIL_PORT=8025 +FAKE_OIDC_PORT=9091 + +DB_DATABASE=bookstack-dev +DB_USERNAME=bookstack-test +DB_PASSWORD=bookstack-test +TEST_DB_DATABASE=bookstack-test + +MAIL_DRIVER=smtp +MAIL_HOST=mailhog +MAIL_PORT=1025 +MAIL_FROM_NAME="BookStack Dev" +MAIL_FROM=dev@example.com + +AUTH_METHOD=standard +AUTH_METHODS=standard,oidc +AUTH_PRIMARY_METHOD=oidc +AUTH_AUTO_INITIATE=false + +# Default fake OIDC provider for local mixed-auth testing. +# This lets you test local accounts + OIDC without a real Entra setup. +OIDC_NAME="Fake OIDC" +OIDC_CLIENT_ID=fake-bookstack-client +OIDC_CLIENT_SECRET=fake-bookstack-secret +OIDC_ISSUER=http://fake-oidc:9000 +OIDC_ISSUER_DISCOVER=false +OIDC_PUBLIC_KEY=file:///app/dev/docker/fake-oidc/public.pem +OIDC_PUBLIC_BASE=http://localhost:9091 +OIDC_AUTH_ENDPOINT=http://localhost:9091/authorize +OIDC_TOKEN_ENDPOINT=http://fake-oidc:9000/token +OIDC_USERINFO_ENDPOINT=http://fake-oidc:9000/userinfo +OIDC_END_SESSION_ENDPOINT=http://localhost:9091/logout +OIDC_ADDITIONAL_SCOPES= + +# If you want to test against Entra later, replace the OIDC_* values above. + +# Optional fake user overrides +FAKE_OIDC_EMAIL=fake.user@example.com +FAKE_OIDC_NAME="Fake OIDC User" +FAKE_OIDC_SUB=fake-oidc-user-001 +FAKE_OIDC_USERNAME=fake.user +FAKE_OIDC_GROUPS=bookstack-users diff --git a/.env.example.complete b/.env.example.complete index ebebaf9e3e8..96da206faf7 100644 --- a/.env.example.complete +++ b/.env.example.complete @@ -152,6 +152,14 @@ STORAGE_URL=false # Can be 'standard', 'ldap', 'saml2' or 'oidc' AUTH_METHOD=standard +# Comma-separated list of enabled authentication methods. +# If left empty, AUTH_METHOD will be used as a single-method fallback. +AUTH_METHODS= + +# Primary method to prefer for UI and redirect behavior. +# If left empty, AUTH_METHOD is used, then the first item in AUTH_METHODS. +AUTH_PRIMARY_METHOD= + # Automatically initiate login via external auth system if it's the only auth method. # Works with saml2 or oidc auth methods. AUTH_AUTO_INITIATE=false diff --git a/app/Access/Controllers/LoginController.php b/app/Access/Controllers/LoginController.php index ce872ba88dc..05bceed4e93 100644 --- a/app/Access/Controllers/LoginController.php +++ b/app/Access/Controllers/LoginController.php @@ -31,7 +31,8 @@ public function __construct( public function getLogin(Request $request) { $socialDrivers = $this->socialDriverManager->getActive(); - $authMethod = config('auth.method'); + $authMethods = $this->getEnabledLoginMethods(); + $primaryAuthMethod = auth_primary_method(); $preventInitiation = $request->get('prevent_auto_init') === 'true'; if ($request->has('email')) { @@ -46,13 +47,14 @@ public function getLogin(Request $request) if (!$preventInitiation && $this->loginService->shouldAutoInitiate()) { return view('auth.login-initiate', [ - 'authMethod' => $authMethod, + 'authMethod' => $primaryAuthMethod, ]); } return view('auth.login', [ - 'socialDrivers' => $socialDrivers, - 'authMethod' => $authMethod, + 'socialDrivers' => $socialDrivers, + 'authMethods' => $authMethods, + 'primaryAuthMethod' => $primaryAuthMethod, ]); } @@ -61,8 +63,10 @@ public function getLogin(Request $request) */ public function login(Request $request) { - $this->validateLogin($request); - $username = $request->get($this->username()); + $loginMethod = $this->getRequestedLoginMethod($request); + $this->ensureMethodEnabled($loginMethod); + $this->validateLogin($request, $loginMethod); + $username = $request->get($this->username($loginMethod)); // Check login throttling attempts to see if they've gone over the limit if ($this->hasTooManyLoginAttempts($request)) { @@ -86,7 +90,7 @@ public function login(Request $request) // Throw validation failure for failed login throw ValidationException::withMessages([ - $this->username() => [trans('auth.failed')], + $this->username($loginMethod) => [trans('auth.failed')], ])->redirectTo('/login'); } @@ -101,9 +105,10 @@ public function logout() /** * Get the expected username input based upon the current auth method. */ - protected function username(): string + protected function username(?string $method = null): string { - return config('auth.method') === 'standard' ? 'email' : 'username'; + $method ??= $this->getRequestedLoginMethod(request()); + return $method === 'standard' ? 'email' : 'username'; } /** @@ -131,9 +136,11 @@ protected function sendLoginResponse(Request $request) */ protected function attemptLogin(Request $request): bool { + $loginMethod = $this->getRequestedLoginMethod($request); + return $this->loginService->attempt( $this->credentials($request), - auth()->getDefaultDriver(), + $loginMethod, $request->filled('remember') ); } @@ -143,10 +150,9 @@ protected function attemptLogin(Request $request): bool * Validate the user login request. * @throws ValidationException */ - protected function validateLogin(Request $request): void + protected function validateLogin(Request $request, string $authMethod): void { $rules = ['password' => ['required', 'string']]; - $authMethod = config('auth.method'); if ($authMethod === 'standard') { $rules['email'] = ['required', 'email']; @@ -160,6 +166,43 @@ protected function validateLogin(Request $request): void $request->validate($rules); } + /** + * Get the login methods to display on the login page. + * + * @return array + */ + protected function getEnabledLoginMethods(): array + { + return array_values(array_filter(auth_methods(), fn (string $method) => in_array($method, ['standard', 'ldap', 'saml2', 'oidc']))); + } + + /** + * Get the requested method for a credential-based login post. + */ + protected function getRequestedLoginMethod(Request $request): string + { + $method = $request->string('login_method')->toString(); + if ($method === '' && auth_method_enabled('standard')) { + return 'standard'; + } + + if ($method === '' && auth_method_enabled('ldap')) { + return 'ldap'; + } + + return in_array($method, ['standard', 'ldap']) ? $method : auth_primary_method(); + } + + /** + * Ensure the given method is enabled for login. + */ + protected function ensureMethodEnabled(string $method): void + { + if (!auth_method_enabled($method)) { + $this->showPermissionError('/login'); + } + } + /** * Send a response when a login attempt exception occurs. */ diff --git a/app/Access/Controllers/RegisterController.php b/app/Access/Controllers/RegisterController.php index f0261fba80d..8b627cd13f4 100644 --- a/app/Access/Controllers/RegisterController.php +++ b/app/Access/Controllers/RegisterController.php @@ -52,7 +52,7 @@ public function postRegister(Request $request) try { $user = $this->registrationService->registerUser($userData); - $this->loginService->login($user, auth()->getDefaultDriver()); + $this->loginService->login($user, 'standard'); } catch (UserRegistrationException $exception) { if ($exception->getMessage()) { $this->showErrorNotification($exception->getMessage()); diff --git a/app/Access/Controllers/ResetPasswordController.php b/app/Access/Controllers/ResetPasswordController.php index 3af65d17fb6..8f5f81795ce 100644 --- a/app/Access/Controllers/ResetPasswordController.php +++ b/app/Access/Controllers/ResetPasswordController.php @@ -55,7 +55,7 @@ public function reset(Request $request) $user->setRememberToken(Str::random(60)); $user->save(); - $this->loginService->login($user, auth()->getDefaultDriver()); + $this->loginService->login($user, 'standard'); }); // If the password was successfully reset, we will redirect the user back to diff --git a/app/Access/LdapService.php b/app/Access/LdapService.php index 0f456efc247..e4125d884bc 100644 --- a/app/Access/LdapService.php +++ b/app/Access/LdapService.php @@ -29,7 +29,7 @@ public function __construct( protected GroupSyncService $groupSyncService ) { $this->config = config('services.ldap'); - $this->enabled = config('auth.method') === 'ldap'; + $this->enabled = auth_method_enabled('ldap'); } /** diff --git a/app/Access/LoginService.php b/app/Access/LoginService.php index c81e955722c..9d6d0217f63 100644 --- a/app/Access/LoginService.php +++ b/app/Access/LoginService.php @@ -17,6 +17,7 @@ class LoginService { protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted'; + protected const SESSION_METHOD_KEY = 'auth-login-method'; public function __construct( protected MfaSession $mfaSession, @@ -35,18 +36,24 @@ public function __construct( */ public function login(User $user, string $method, bool $remember = false): void { + $sessionMethod = in_array($method, ['standard', 'ldap', 'saml2', 'oidc']) ? $method : 'standard'; + if ($user->isGuest()) { throw new LoginAttemptInvalidUserException('Login not allowed for guest user'); } if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) { - $this->setLastLoginAttemptedForUser($user, $method, $remember); + $this->setLastLoginAttemptedForUser($user, $sessionMethod, $remember); throw new StoppedAuthenticationException($user, $this); } $this->clearLastLoginAttempted(); - auth()->login($user, $remember); + $this->setSessionLoginMethod($sessionMethod); + auth('standard')->login($user, $remember); + if (in_array($method, ['ldap', 'saml2', 'oidc'])) { + auth($method)->login($user, $remember); + } Activity::add(ActivityType::AUTH_LOGIN, "{$method}; {$user->logDescriptor()}"); Theme::dispatch(ThemeEvents::AUTH_LOGIN, $method, $user); @@ -162,10 +169,10 @@ public function attempt(array $credentials, string $method, bool $remember = fal return false; } - $result = auth()->attempt($credentials, $remember); + $result = auth($method)->attempt($credentials, $remember); if ($result) { - $user = auth()->user(); - auth()->logout(); + $user = auth($method)->user(); + auth($method)->logout(); try { $this->login($user, $method, $remember); } catch (LoginAttemptInvalidUserException $e) { @@ -198,17 +205,18 @@ protected function areCredentialsForGuest(array $credentials): bool */ public function logout(): string { - auth()->logout(); + $logoutMethod = $this->getSessionLoginMethod(); + $this->logoutFromAllGuards(); session()->invalidate(); session()->regenerateToken(); - return $this->shouldAutoInitiate() ? '/login?prevent_auto_init=true' : '/'; + return $this->shouldAutoInitiate($logoutMethod) ? '/login?prevent_auto_init=true' : '/'; } /** * Check if login auto-initiate should be active based upon authentication config. */ - public function shouldAutoInitiate(): bool + public function shouldAutoInitiate(?string $method = null): bool { $autoRedirect = config('auth.auto_initiate'); if (!$autoRedirect) { @@ -216,8 +224,40 @@ public function shouldAutoInitiate(): bool } $socialDrivers = $this->socialDriverManager->getActive(); - $authMethod = config('auth.method'); + $authMethod = $method ?? auth_primary_method(); + $enabledMethods = auth_methods(); + + return count($socialDrivers) === 0 + && count($enabledMethods) === 1 + && in_array($authMethod, ['oidc', 'saml2']); + } + + /** + * Get the login method stored for the current session. + */ + public function getSessionLoginMethod(): string + { + return auth_session_method(); + } + + /** + * Persist the method used for the current session login. + */ + protected function setSessionLoginMethod(string $method): void + { + session()->put(self::SESSION_METHOD_KEY, $method); + } + + /** + * Log the user out of all supported guards to fully clear auth state. + */ + protected function logoutFromAllGuards(): void + { + foreach (['standard', 'ldap', 'saml2', 'oidc'] as $guard) { + auth($guard)->logout(); + } - return count($socialDrivers) === 0 && in_array($authMethod, ['oidc', 'saml2']); + session()->remove(self::SESSION_METHOD_KEY); + $this->clearLastLoginAttempted(); } } diff --git a/app/Access/RegistrationService.php b/app/Access/RegistrationService.php index e47479e7991..c4dc959a3e1 100644 --- a/app/Access/RegistrationService.php +++ b/app/Access/RegistrationService.php @@ -38,10 +38,7 @@ public function ensureRegistrationAllowed() */ protected function registrationAllowed(): bool { - $authMethod = config('auth.method'); - $authMethodsWithRegistration = ['standard']; - - return in_array($authMethod, $authMethodsWithRegistration) && setting('registration-enabled'); + return auth_method_enabled('standard') && setting('registration-enabled'); } /** @@ -78,7 +75,7 @@ public function findOrRegister(string $name, string $email, string $externalId): public function registerUser(array $userData, ?SocialAccount $socialAccount = null, bool $emailConfirmed = false): User { $userEmail = $userData['email']; - $authSystem = $socialAccount ? $socialAccount->driver : auth()->getDefaultDriver(); + $authSystem = $socialAccount ? $socialAccount->driver : 'standard'; // Email restriction $this->ensureEmailDomainAllowed($userEmail); diff --git a/app/Access/SocialAuthService.php b/app/Access/SocialAuthService.php index c3c20587db3..b8788adee65 100644 --- a/app/Access/SocialAuthService.php +++ b/app/Access/SocialAuthService.php @@ -132,7 +132,7 @@ public function handleLoginCallback(string $socialDriver, SocialUser $socialUser // Otherwise let the user know this social account is not used by anyone. $message = trans('errors.social_account_not_used', ['socialAccount' => $titleCaseDriver]); - if (setting('registration-enabled') && config('auth.method') !== 'ldap' && config('auth.method') !== 'saml2') { + if (setting('registration-enabled') && auth_method_enabled('standard')) { $message .= trans('errors.social_account_register_instructions', ['socialAccount' => $titleCaseDriver]); } diff --git a/app/App/helpers.php b/app/App/helpers.php index 8f210ecafd4..80dfbcb1844 100644 --- a/app/App/helpers.php +++ b/app/App/helpers.php @@ -36,6 +36,77 @@ function user(): User return auth()->user() ?: User::getGuest(); } +/** + * Get the enabled authentication methods in configured priority order. + * + * @return array + */ +function auth_methods(): array +{ + $validMethods = ['standard', 'ldap', 'saml2', 'oidc']; + $methodsConfig = config('auth.methods', ''); + $singleMethod = config('auth.method', 'standard'); + + $methods = is_string($methodsConfig) + ? array_map('trim', explode(',', $methodsConfig)) + : (array) $methodsConfig; + + $methods = array_values(array_unique(array_filter($methods, function (mixed $method) use ($validMethods) { + return is_string($method) && in_array($method, $validMethods); + }))); + + if (count($methods) === 0 && in_array($singleMethod, $validMethods)) { + $methods[] = $singleMethod; + } + + return $methods; +} + +/** + * Check if the given authentication method is enabled. + */ +function auth_method_enabled(string $method): bool +{ + return in_array($method, auth_methods()); +} + +/** + * Get the primary configured authentication method. + */ +function auth_primary_method(): string +{ + $primaryMethod = config('auth.primary_method', ''); + if (is_string($primaryMethod) && auth_method_enabled($primaryMethod)) { + return $primaryMethod; + } + + $singleMethod = config('auth.method', 'standard'); + if (is_string($singleMethod) && auth_method_enabled($singleMethod)) { + return $singleMethod; + } + + return auth_methods()[0] ?? 'standard'; +} + +/** + * Get the authentication method used for the current session, where known. + */ +function auth_session_method(): string +{ + $sessionMethod = session()->get('auth-login-method'); + if (is_string($sessionMethod) && auth_method_enabled($sessionMethod)) { + return $sessionMethod; + } + + foreach (['standard', 'ldap', 'oidc', 'saml2'] as $guard) { + if (auth_method_enabled($guard) && auth($guard)->check()) { + return $guard; + } + } + + return auth_primary_method(); +} + /** * Check if the current user has a permission. If an ownable element * is passed in the jointPermissions are checked against that particular item. diff --git a/app/Config/auth.php b/app/Config/auth.php index b1578fdb708..46eb8d2754e 100644 --- a/app/Config/auth.php +++ b/app/Config/auth.php @@ -13,6 +13,14 @@ // Options: standard, ldap, saml2, oidc 'method' => env('AUTH_METHOD', 'standard'), + // Comma-separated list of active authentication methods. + // If empty, AUTH_METHOD will be used as a single-method fallback. + 'methods' => env('AUTH_METHODS', ''), + + // Primary authentication method to prefer for UI/redirect behavior. + // If empty, AUTH_METHOD is used, then the first enabled method. + 'primary_method' => env('AUTH_PRIMARY_METHOD', ''), + // Automatically initiate login via external auth system if it's the sole auth method. // Works with saml2 or oidc auth methods. 'auto_initiate' => env('AUTH_AUTO_INITIATE', false), @@ -21,7 +29,7 @@ // This option controls the default authentication "guard" and password // reset options for your application. 'defaults' => [ - 'guard' => env('AUTH_METHOD', 'standard'), + 'guard' => 'standard', 'passwords' => 'users', ], diff --git a/app/Http/Middleware/CheckGuard.php b/app/Http/Middleware/CheckGuard.php index adc1d1f3ec0..7915bbb2ab5 100644 --- a/app/Http/Middleware/CheckGuard.php +++ b/app/Http/Middleware/CheckGuard.php @@ -17,8 +17,8 @@ class CheckGuard */ public function handle($request, Closure $next, ...$allowedGuards) { - $activeGuard = config('auth.method'); - if (!in_array($activeGuard, $allowedGuards)) { + $enabledAllowedGuards = array_filter($allowedGuards, fn (string $guard) => auth_method_enabled($guard)); + if (count($enabledAllowedGuards) === 0) { session()->flash('error', trans('errors.permission')); return redirect('/'); diff --git a/app/Users/Controllers/UserAccountController.php b/app/Users/Controllers/UserAccountController.php index a8baba5294b..70fa3d32d4b 100644 --- a/app/Users/Controllers/UserAccountController.php +++ b/app/Users/Controllers/UserAccountController.php @@ -171,7 +171,8 @@ public function showAuth(SocialDriverManager $socialDriverManager) return view('users.account.auth', [ 'category' => 'auth', 'mfaMethods' => $mfaMethods, - 'authMethod' => config('auth.method'), + 'authMethods' => auth_methods(), + 'sessionAuthMethod' => auth_session_method(), 'activeSocialDrivers' => $socialDriverManager->getActive(), ]); } @@ -183,7 +184,7 @@ public function updatePassword(Request $request) { $this->preventAccessInDemoMode(); - if (config('auth.method') !== 'standard') { + if (!auth_method_enabled('standard') || auth_session_method() !== 'standard') { $this->showPermissionError(); } diff --git a/app/Users/Controllers/UserController.php b/app/Users/Controllers/UserController.php index 494221b143e..fc00f006ad0 100644 --- a/app/Users/Controllers/UserController.php +++ b/app/Users/Controllers/UserController.php @@ -60,11 +60,14 @@ public function index(Request $request) public function create() { $this->checkPermission(Permission::UsersManage); - $authMethod = config('auth.method'); $roles = Role::query()->orderBy('display_name', 'asc')->get(); $this->setPageTitle(trans('settings.users_add_new')); - return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]); + return view('users.create', [ + 'authMethod' => auth_primary_method(), + 'authMethods' => auth_methods(), + 'roles' => $roles, + ]); } /** @@ -76,10 +79,10 @@ public function store(Request $request) { $this->checkPermission(Permission::UsersManage); - $authMethod = config('auth.method'); $sendInvite = ($request->get('send_invite', 'false') === 'true'); - $externalAuth = $authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'oidc'; - $passwordRequired = ($authMethod === 'standard' && !$sendInvite); + $externalAuth = array_intersect(auth_methods(), ['ldap', 'saml2', 'oidc']) !== []; + $externalAuthRequired = $externalAuth && !auth_method_enabled('standard'); + $passwordRequired = (auth_method_enabled('standard') && !$sendInvite); $validationRules = [ 'name' => ['required', 'max:100'], @@ -89,7 +92,7 @@ public function store(Request $request) 'roles.*' => ['integer'], 'password' => $passwordRequired ? ['required', Password::default()] : null, 'password-confirm' => $passwordRequired ? ['required', 'same:password'] : null, - 'external_auth_id' => $externalAuth ? ['required'] : null, + 'external_auth_id' => $externalAuth ? ($externalAuthRequired ? ['required'] : ['nullable', 'string']) : null, ]; $validated = $this->validate($request, array_filter($validationRules)); @@ -116,7 +119,7 @@ public function edit(int $id, SocialDriverManager $socialDriverManager) $user = $this->userRepo->getById($id); $user->load(['apiTokens', 'mfaValues']); - $authMethod = ($user->system_name) ? 'system' : config('auth.method'); + $authMethod = $user->system_name ? 'system' : auth_primary_method(); $activeSocialDrivers = $socialDriverManager->getActive(); $mfaMethods = $user->mfaValues->groupBy('method'); @@ -128,6 +131,7 @@ public function edit(int $id, SocialDriverManager $socialDriverManager) 'activeSocialDrivers' => $activeSocialDrivers, 'mfaMethods' => $mfaMethods, 'authMethod' => $authMethod, + 'authMethods' => auth_methods(), 'roles' => $roles, ]); } diff --git a/composer.json b/composer.json index 6040881669d..be9b2e9efcf 100644 --- a/composer.json +++ b/composer.json @@ -88,6 +88,7 @@ "@php artisan key:generate --ansi" ], "pre-install-cmd": [ + "@php -r \"!file_exists('bootstrap/cache/packages.php') || @unlink('bootstrap/cache/packages.php');\"", "@php -r \"!file_exists('bootstrap/cache/services.php') || @unlink('bootstrap/cache/services.php');\"" ], "post-install-cmd": [ diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php index 6278adcd7a8..0c760a806e3 100644 --- a/resources/views/auth/login.blade.php +++ b/resources/views/auth/login.blade.php @@ -11,7 +11,13 @@ @include('auth.parts.login-message') - @include('auth.parts.login-form-' . $authMethod) + @foreach($authMethods as $authMethod) + @if(!$loop->first) +
+ @endif + + @include('auth.parts.login-form-' . $authMethod, ['formId' => 'login-form-' . $authMethod]) + @endforeach @if(count($socialDrivers) > 0)
@@ -25,7 +31,7 @@ @endforeach @endif - @if(setting('registration-enabled') && config('auth.method') === 'standard') + @if(setting('registration-enabled') && auth_method_enabled('standard'))
{{ trans('auth.dont_have_account') }} diff --git a/resources/views/auth/parts/login-form-ldap.blade.php b/resources/views/auth/parts/login-form-ldap.blade.php index 92eba80e8c8..5e403e73a40 100644 --- a/resources/views/auth/parts/login-form-ldap.blade.php +++ b/resources/views/auth/parts/login-form-ldap.blade.php @@ -1,5 +1,6 @@ -
+ {!! csrf_field() !!} +
@@ -25,4 +26,4 @@
-
\ No newline at end of file + diff --git a/resources/views/auth/parts/login-form-oidc.blade.php b/resources/views/auth/parts/login-form-oidc.blade.php index e5e1b70fc59..1ea3fda5bfb 100644 --- a/resources/views/auth/parts/login-form-oidc.blade.php +++ b/resources/views/auth/parts/login-form-oidc.blade.php @@ -1,4 +1,4 @@ -
+ {!! csrf_field() !!}
diff --git a/resources/views/auth/parts/login-form-saml2.blade.php b/resources/views/auth/parts/login-form-saml2.blade.php index 1afd2d9bb6d..c45077cdda9 100644 --- a/resources/views/auth/parts/login-form-saml2.blade.php +++ b/resources/views/auth/parts/login-form-saml2.blade.php @@ -1,4 +1,4 @@ - + {!! csrf_field() !!}
@@ -8,4 +8,4 @@
- \ No newline at end of file + diff --git a/resources/views/auth/parts/login-form-standard.blade.php b/resources/views/auth/parts/login-form-standard.blade.php index 71989dc2f23..21cfa484942 100644 --- a/resources/views/auth/parts/login-form-standard.blade.php +++ b/resources/views/auth/parts/login-form-standard.blade.php @@ -1,5 +1,6 @@ -
+ {!! csrf_field() !!} +
@@ -32,5 +33,3 @@
- - diff --git a/resources/views/layouts/parts/header-links.blade.php b/resources/views/layouts/parts/header-links.blade.php index c3d2f58da17..f968a47d665 100644 --- a/resources/views/layouts/parts/header-links.blade.php +++ b/resources/views/layouts/parts/header-links.blade.php @@ -18,8 +18,8 @@ @endif @if(user()->isGuest()) - @if(setting('registration-enabled') && config('auth.method') === 'standard') + @if(setting('registration-enabled') && auth_method_enabled('standard')) @icon('new-user'){{ trans('auth.sign_up') }} @endif @icon('login'){{ trans('auth.log_in') }} -@endif \ No newline at end of file +@endif diff --git a/resources/views/layouts/parts/header-user-menu.blade.php b/resources/views/layouts/parts/header-user-menu.blade.php index c252deb8218..4729b7f9f95 100644 --- a/resources/views/layouts/parts/header-user-menu.blade.php +++ b/resources/views/layouts/parts/header-user-menu.blade.php @@ -40,7 +40,7 @@ class="icon-item">
  • @php - $logoutPath = match (config('auth.method')) { + $logoutPath = match (auth_session_method()) { 'saml2' => '/saml2/logout', 'oidc' => '/oidc/logout', default => '/logout', @@ -55,4 +55,4 @@ class="icon-item">
    • -
    \ No newline at end of file +
    diff --git a/resources/views/settings/categories/registration.blade.php b/resources/views/settings/categories/registration.blade.php index 1666cef53cd..49ee00ef9dc 100644 --- a/resources/views/settings/categories/registration.blade.php +++ b/resources/views/settings/categories/registration.blade.php @@ -19,7 +19,7 @@ 'label' => trans('settings.reg_enable_toggle') ]) - @if(in_array(config('auth.method'), ['ldap', 'saml2', 'oidc'])) + @if(count(array_intersect(auth_methods(), ['ldap', 'saml2', 'oidc'])) > 0)
    {{ trans('settings.reg_enable_external_warning') }}
    @endif @@ -74,4 +74,4 @@ class="setting-list-label">{{ trans('settings.reg_confirm_restrict_domain') }}{{ trans('settings.settings_save') }}
    -@endsection \ No newline at end of file +@endsection diff --git a/resources/views/settings/roles/parts/form.blade.php b/resources/views/settings/roles/parts/form.blade.php index 5a9eca7d2cd..fcacb34d2c5 100644 --- a/resources/views/settings/roles/parts/form.blade.php +++ b/resources/views/settings/roles/parts/form.blade.php @@ -17,7 +17,7 @@ @include('form.checkbox', ['name' => 'mfa_enforced', 'label' => trans('settings.role_mfa_enforced'), 'model' => $role ]) - @if(in_array(config('auth.method'), ['ldap', 'saml2', 'oidc'])) + @if(count(array_intersect(auth_methods(), ['ldap', 'saml2', 'oidc'])) > 0)
    @include('form.text', ['name' => 'external_auth_id', 'model' => $role]) @@ -92,4 +92,4 @@ class="item-list toggle-switch-list">

    - \ No newline at end of file + diff --git a/resources/views/users/account/auth.blade.php b/resources/views/users/account/auth.blade.php index 57e6c1f9cb3..4f32dbbb584 100644 --- a/resources/views/users/account/auth.blade.php +++ b/resources/views/users/account/auth.blade.php @@ -2,7 +2,7 @@ @section('main') - @if($authMethod === 'standard') + @if(auth_method_enabled('standard') && $sessionAuthMethod === 'standard')
    {{ method_field('put') }} diff --git a/resources/views/users/parts/form.blade.php b/resources/views/users/parts/form.blade.php index 86287646f05..49404bad92d 100644 --- a/resources/views/users/parts/form.blade.php +++ b/resources/views/users/parts/form.blade.php @@ -5,10 +5,10 @@
    - @if($authMethod === 'standard') + @if(auth_method_enabled('standard'))

    {{ trans('settings.users_details_desc') }}

    @endif - @if($authMethod === 'ldap' || $authMethod === 'system') + @if($authMethod === 'system' || (auth_method_enabled('standard') === false && auth_method_enabled('ldap')))

    {{ trans('settings.users_details_desc_no_email') }}

    @endif
    @@ -17,7 +17,7 @@ @include('form.text', ['name' => 'name'])
    - @if($authMethod !== 'ldap' || userCan(\BookStack\Permissions\Permission::UsersManage)) + @if($authMethod !== 'ldap' || userCan(\BookStack\Permissions\Permission::UsersManage) || auth_method_enabled('standard')) @include('form.text', ['name' => 'email', 'disabled' => !userCan(\BookStack\Permissions\Permission::UsersManage)]) @endif @@ -44,7 +44,7 @@
    -@if($authMethod === 'standard') +@if(auth_method_enabled('standard') && $authMethod !== 'system')