I am in charge of creating a new laravel project where the authentication is made by our LDAP. I am pretty new to laravel so excuse me for my lack of comprehension
I am trying to use this library : Adldap2-Laravel
I followed this documentation to build the authentification from scratch.
So my config/app.php have those lines added
//In providers array
Adldap\Laravel\AdldapServiceProvider::class,
Adldap\Laravel\AdldapAuthServiceProvider::class,
//In aliases
'Adldap' => Adldap\Laravel\Facades\Adldap::class,
And my config/auth.php (I also tried to only use the adldap driver, without success)
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'users' => [
'driver' => 'adldap',
'model' => App\User::class,
],
],
Everything looks right. But I can not auth, I have this error : These credentials do not match our records.
When I use this code
use Adldap\Laravel\Facades\Adldap;
$username = "myUser";
$password = "myPassword";
if (Adldap::auth()->attempt($username, $password)) {
//Queries here
}
else
{
echo "Auth failed";
}
I CAN perform queries, and the authentication works with all my users. But I can not use properly the login form behind the "Login" button.
Did I miss something ?
I do not know if the authentication should work directly without importing anything but I also tried to run this command
php artisan adldap:import
All my users are found and inserted in the laravel DB. But the authentication still does not work.
I deleted the ADLDAP_ACCOUNT_SUFFIX= from my .env file
And added the suffix directly in ADLDAP_ADMIN_USERNAME=Administrator#mycompany.something
Now I'm able to connect via the email address.
I do not know if it is the best solution but at least it works.
I let this post open for a few days to see if someone have a better idea
Related
Thank you in advance,
I want multiple laravel passport guards as my system has 2 user types, 1) Admin, 2) Normal User.
for both, I have separate routes and authentication modules(Login, register, logout, etc). so I need a separate passport guard for the API authentication. a few of the codes I added as below
config/auth.php looks like below
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
'hash' => false,
],
'api-admin' => [
'driver' => 'passport',
'provider' => 'admins',
'hash' => false,
]
],
Here i defined 2 guards for admin and user
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'admins' => [
'driver' => 'eloquent',
'table' => App\Models\Admin::class,
],
],
Here i defined 2 providers for admin and user
Now i am creating token like
$tokenResult = $user->createToken('TOKEN_DEMO');
$token = $tokenResult->token;
$token->save();
$accessToken = $tokenResult->accessToken;
It is generating well as expected for admin user with user_id = 1 (As an example consider user_id = 1)
this is about generating token for the admin user
the same way normal user logged in and generating token as same as above then this will also generate the token for the user with user_id = 1 in oauth_clients table
The table looks like as mentioned in the screenshot
The concern is that if the normal user logged out then automatically admin user's token will be destroyed as both's user_id is 1 in oauth_clients table while guards is different for both
Please help me out for the same
It's also a security issue as your user with same id as admin can pass admin authentication middleware.
Following method is the cleanest workaround I've found.
You have to use different clients for your guards.
You have to run
passport:install
two times if you have two guards using Passport. it will generate two clients.
In new versions of Passport(I think after release of Laravel 8) when you are creating a client it asks you for a provider(Defined in auth.providers config). Each provider needs one client. If you are using old versions you can manually assign providers in oauth_clients table.
Now when generating token you have to specify client id.
In older versions you could do this by changing a public property of one of Passport classes but now you should register ClientRepository again.
App::clearResolvedInstance(ClientRepository::class);
app()->singleton(ClientRepository::class, function () {
return new ClientRepository(User::CLIENT_ID, null); // You should give the client id in the first parameter
});
$token = $user->createToken('TOKEN-EXAMPLE');
$accessToken = $token->accessToken;
Now if you check your access tokens table you can see that client ids are different.
Everything is fine now.
You mentioned there might be an issue with revoking tokens but I believe even in your case(using same client and not specifying providers) if you revoke a user token with same id as admin, admin's token will still remain. Revoking user token:
$user = Auth::guard('user-api')->user();
$user->token()->revoke();
does the guard apear anywhere on the token? or do tokens only have scopes? and if so, why would you use guards when you can use scopes...
good day!
[Edit]
in my case, im using roles and permissions to write my scopes... roles and permissions are guard based and a permission or role with a admin guard cannot be assigned to a user unless we add the 'admin' key with (in my case) 'passport' drive and 'user' provider...
We are working on a project where are 4 roles. But in cakephp 3.x Auth component holds authenticate user data in session with Auth.User indexing using
$this->Auth->setUser($user);
Due to this we are not able to access front-end user account from admin panel for some purpose, because of when we login to front-end user from admin panel, front-end login action performs and over write of session value.
So if there is any process to handle this please suggest us.
Thank you in advance.
As well I have understood that you are not using prefix to manage back-end and front-end user then may be you worked with separate folder structure for back-end, May I right?
You are right that $this->Auth->setUser($user); always holds session with Auth.User indexing. So you need to write different session indexing for back-end, and you can do it as follow :
For back-end user authentication :
**
$this->loadComponent('Auth', [
'authorize' => ['Controller'], // Added this line
'loginRedirect' => [
'controller' => 'Users',
'action' => 'dashboard',
'prefix' => 'admin_panel'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login',
'prefix' => 'admin_panel'
],
'storage' => [
'className' => 'Session',
'key' => 'Auth.Admin',
]
]);
**
Here you can pass your desired index in 'storage' array key value.
I think it'll works for you.
Check out the section Authentication and Authorization in this curated list of CakePHP Plugins.
You could, for example, use dereuromarks TinyAuth Plugin to authorize your users and configure what they are able to see.
This way you can use the same authentication (be aware of the differences between Authentication and Authorization) and the same users table, which will prevent the Session conflict you mentioned.
The Auth component overwrite the previous session because it store the session in Auth.users all the time so we have to change the session key for different role.
If you are using URL prefix for the different roles to access then you can do like this.
AppController.php
public function beforeFilter(Event $event)
{
if($this->request->params['prefix']){
$this->Auth->config('storage', [
'key'=>'Auth.'.$this->request->params['prefix'],
'className'=>'Session'
]);
}
return parent::beforeFilter($event); // TODO: Change the autogenerated stub
}
This will create different roles in Auth as you required.
The session will be like this
[
'Auth'=>[
'User'=>['id'=>''],
'Admin'=>['id'=>''],
]
]
Tested it, working great for me.
I have read a lot of threads about multi-auth in Laravel, most of the configurations I see are somehow complicated, I have also seen a multi-auth package but it does not support Laravel Socialite.
I am aware that this question is asked multiple times, but if someone can give a better answer. It would be much appreciated!
Things I have tried
I am familiar with Laravel make:auth
I am also familiar with Laravel socialite Facebook , Twitter , Google plus.
Give this a try. But you still need some basic knowledge about Laravel's new multitenancy.
In config/auth.php add something like this to guards array:
'customer' => [
'driver' => 'session',
'provider' => 'customers',
],
Than in the same file add this to providers array:
'customers' => [
'driver' => 'eloquent',
'model' => App\Customer::class,
],
Than create Migration for customers DB table (you can use Laravel's out of the box migration for users table)
Next is Eloquent model App\Customer with these included:
use App\Scopes\AuthorizedScope;
use Illuminate\Foundation\Auth\User as Authenticatable;
These should let you use Laravel's Auth facade in your app with these most used methods:
Auth::guard('customer')->attempt()
Auth::guard('customer')->check()
Auth::guard('customer')->logout()
Auth::guard('customer')->user()
Or use auth middleware like this:
Route::get('customer/dashboard', function () {
// Only authenticated users may enter...
})->middleware('auth:customer');
Also checkout these:
https://laravel.com/docs/5.3/authentication#authenticating-users
I've followed the instructions at https://github.com/strebl/ldap-auth with a brand new laravel project and I can't seem to get it to work. I have done the following:
Added the following line to app.php
Ccovey\LdapAuth\LdapAuthServiceProvider::class
Changed the driver to LDAP in auth.php
'providers' => [
'users' => [
'driver' => 'ldap',
'model' => App\User::class,
]
],
I've also created a adladap.php file that I haven't posted here.
I have also added middleware group in order to make sure the user was authenticated.
Route::group(['middleware' => 'auth'], function () {
Route::get('/test', function(){ return "Test";});
}
However when I try to go to the test route I get the following error
InvalidArgumentException in CreatesUserProviders.php line 40:
Authentication user provider [ldap] is not defined.
I'm sure there's some simple configuration that I've been looking over but for the life of me I can't figure out what it is.
If you are trying to do adminless LDAP, this might be of interest:
laravel-simple-ldap-auth
I created a simple login and registration in my page and I also added some new columns in the default users table. Now my problem is I have another table named as admin and the default Laravel's Auth table is users. How can I implement the same functionality in my table?
In the Users model it has the declaration for the table name
protected $table = 'users';
Can you give me an example how can I use the default laravel's auth class?
Thats all thanks. :-)
Laravel takes default users table for an application. For a change of laravel authentication different table relevant table name, we need to make a small change in authentication file of config.
Go to
config/auth.php
'providers' => [
// 'users' => [
// 'driver' => 'eloquent',
// 'model' => App\User::class,
// ],
'users' => [
'driver' => 'database',
'table' => 'user',
],
],
Do you hear about Multiauth in laravel. in this library there are two or more type user can login in one laravel application. In our case there are two type user Admin and Public that means User right.
Both forgot password and reset password functionality works separately in one application.
After install this library have have one step like below.
'multi' => [ 'admin' => [ 'driver' => 'database', 'table' => 'admin', 'email' => 'client.emails.password' ], 'users' => [ 'driver' => 'database', 'table' => 'users', 'email' => 'client.emails.password', ] ],
change your Auth.php file code with this one.
installation
Firstly you want to include this package in your composer.json file.
"require": {
"sboo/multiauth" : "4.0.*"
}
Now you'll want to update or install via composer.
composer update
Usage
Everything is done the exact same way as the original library, the one exception being that all method calls are prefixed with the key (account or user in the above examples) as a method itself.
Auth::admin()->attempt(array(
'email' => $attributes['email'],
'password' => $attributes['password'],
));
Auth::client()->attempt(array(
'email' => $attributes['email'],
'password' => $attributes['password'],
));
Auth::admin()->check();
Auth::client()->check();
Here is your library
I don't think the best way is to duplicate your table. I would extend users table with a role field that indicates if the user is a standard one or an admin. This way, you can keep the same code and add the ADMIN functionality that you are looking for.
If you NEED to do that and you are using Laravel 4, maybe you can use this plugin:
https://github.com/ollieread/multiauth/
Also in this thread you have code that implements Auth in different tables:
https://gist.github.com/danielcoimbra/64b779b4d9e522bc3373
But I strongly suggest to integrate both tables in one with an Admin flag/field