SSO middleware tweaks

stevebauman · stevebauman · commit 0071f2a72d6e · 2016-02-11T12:19:41.000-05:00
diff --git a/src/Config/auth.php b/src/Config/auth.php
@@ -77,9 +77,11 @@
     |
     | If your using Apache, this attribute must be named `REMOTE_USER`.
     |
+    | The key of the array is what the user will be discovered from in LDAP.
+    |
     */
 
-    'windows_auth_attribute' => 'AUTH_USER',
+    'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],
 
     /*
     |--------------------------------------------------------------------------
diff --git a/src/Middleware/WindowsAuthenticate.php b/src/Middleware/WindowsAuthenticate.php
@@ -4,6 +4,7 @@
 
 use Adldap\Laravel\Traits\ImportsUsers;
 use Adldap\Models\User;
+use Adldap\Schemas\ActiveDirectory;
 use Closure;
 use Illuminate\Contracts\Auth\Guard;
 use Illuminate\Database\Eloquent\Model;
@@ -44,23 +45,22 @@ public function handle(Request $request, Closure $next)
         // Retrieve the SSO login attribute.
         $auth = $this->getWindowsAuthAttribute();
 
+        $key = key($auth);
+
         // Handle Windows Authentication.
-        if ($account = $request->server($auth)) {
+        if ($account = $request->server($auth[$key])) {
             // Usernames will be prefixed with their domain,
             // we just need their account name.
             list($domain, $username) = explode('\\', $account);
 
             // Create a new user LDAP user query.
             $query = $this->newAdldapUserQuery();
 
-            // Get the username input attributes
-            $attributes = $this->getUsernameAttribute();
-
             // Get the input key
-            $key = key($attributes);
+            $key = key($auth);
 
             // Filter the query by the username attribute
-            $query->whereEquals($attributes[$key], $username);
+            $query->whereEquals($key, $username);
 
             // Retrieve the first user result
             $user = $query->first();
@@ -70,7 +70,7 @@ public function handle(Request $request, Closure $next)
 
                 if ($model instanceof Model && $this->auth->guest()) {
                     // Double check user instance before logging them in.
-                    $this->auth->login($user);
+                    $this->auth->login($model);
                 }
             }
         }
@@ -97,6 +97,6 @@ public function createModel()
      */
     protected function getWindowsAuthAttribute()
     {
-        return Config::get('adldap_auth.windows_auth_attribute', 'AUTH_USER');
+        return Config::get('adldap_auth.windows_auth_attribute', [ActiveDirectory::ACCOUNT_NAME => 'AUTH_USER']);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -77,9 +77,11 @@`
`77`	`77`	`\|`
`78`	`78`	\| If your using Apache, this attribute must be named `REMOTE_USER`.
`79`	`79`	`\|`
	`80`	`+ \| The key of the array is what the user will be discovered from in LDAP.`
	`81`	`+ \|`
`80`	`82`	`*/`
`81`	`83`
`82`		`- 'windows_auth_attribute' => 'AUTH_USER',`
	`84`	`+ 'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],`
`83`	`85`
`84`	`86`	`/*`
`85`	`87`	`\|--------------------------------------------------------------------------`