feat: Enhance LDAP authentication and user deletion logic

limanmys · Dec 19, 2024 · 0fb614f · 0fb614f
1 parent c8b9767
commit 0fb614f
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 11 deletions.
diff --git a/app/Classes/Authentication/LDAPAuthenticator.php b/app/Classes/Authentication/LDAPAuthenticator.php
@@ -36,7 +36,12 @@ public function authenticate($credentials, $request): JsonResponse
             ->first();
 
         try {
-            $email = explode("@", strtolower($request->email))[0];
+            // Check if email contains @ symbol if not, just write the email
+            if (! strpos($request->email, '@')) {
+                $email = strtolower($request->email);
+            } else {
+                $email = explode("@", strtolower($request->email))[0];
+            }
             $ldap = new Ldap(
                 env('LDAP_HOST'),
                 $email,
@@ -125,16 +130,27 @@ public function authenticate($credentials, $request): JsonResponse
         }
 
         if (! $create) {
-            $user = User::create([
-                'objectguid' => $objectguid,
-                'name' => $name,
-                'email' => $mail,
-                'username' => strtolower($ldapUser['samaccountname']),
-                'auth_type' => 'ldap',
-                'password' => Hash::make(Str::random(16)),
-                'forceChange' => false,
-            ]);
+            try {
+                $user = User::create([
+                    'objectguid' => $objectguid,
+                    'name' => $name,
+                    'email' => $mail,
+                    'username' => strtolower($ldapUser['samaccountname']),
+                    'auth_type' => 'ldap',
+                    'password' => Hash::make(Str::random(16)),
+                    'forceChange' => false,
+                ]);
+            } catch (\Throwable $e) {
+                Log::error('LDAP authentication failed. '.$e->getMessage());
+
+                return Authenticator::returnLoginError($request->email);
+            }
         } else {
+            if (! $user) {
+                // Return error if user already exists
+                Log::error('LDAP authentication failed. User already exists on system.');
+                return Authenticator::returnLoginError($request->email);
+            }
             if ($user->email != $mail) {
                 $temp = User::where('email', $mail)->first();
                 if (! $temp) {

diff --git a/app/Http/Controllers/API/Settings/UserController.php b/app/Http/Controllers/API/Settings/UserController.php
@@ -176,14 +176,22 @@ public function update(Request $request)
      */
     public function delete(Request $request)
     {
+        $user = User::where('id', $request->user_id)->first();
+
+        // If user type is not local, return error
+        if ($user->auth_type !== 'local') {
+            return response()->json([
+                'message' => 'LDAP kullanıcıları silinemez.'
+            ], 400);
+        }
+
         // Delete Permissions
         Permission::where('morph_id', $request->user_id)->delete();
 
         // Delete user roles
         RoleUser::where('user_id', $request->user_id)->delete();
 
         // Delete User
-        $user = User::where('id', $request->user_id)->first();
         $user->delete();
 
         AuditLog::write(