From 0fb614f4bffb13d2ef6e2cd0390adc2ff005cdf5 Mon Sep 17 00:00:00 2001
From: dogukanoksuz <me@dogukan.dev>
Date: Thu, 19 Dec 2024 07:57:09 +0000
Subject: [PATCH] feat: Enhance LDAP authentication and user deletion logic

---
 .../Authentication/LDAPAuthenticator.php      | 36 +++++++++++++------
 .../API/Settings/UserController.php           | 10 +++++-
 2 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/app/Classes/Authentication/LDAPAuthenticator.php b/app/Classes/Authentication/LDAPAuthenticator.php
index ac183dee..0b63bad7 100644
--- a/app/Classes/Authentication/LDAPAuthenticator.php
+++ b/app/Classes/Authentication/LDAPAuthenticator.php
@@ -36,7 +36,12 @@ public function authenticate($credentials, $request): JsonResponse
             ->first();
 
         try {
-            $email = explode("@", strtolower($request->email))[0];
+            // Check if email contains @ symbol if not, just write the email
+            if (! strpos($request->email, '@')) {
+                $email = strtolower($request->email);
+            } else {
+                $email = explode("@", strtolower($request->email))[0];
+            }
             $ldap = new Ldap(
                 env('LDAP_HOST'),
                 $email,
@@ -125,16 +130,27 @@ public function authenticate($credentials, $request): JsonResponse
         }
 
         if (! $create) {
-            $user = User::create([
-                'objectguid' => $objectguid,
-                'name' => $name,
-                'email' => $mail,
-                'username' => strtolower($ldapUser['samaccountname']),
-                'auth_type' => 'ldap',
-                'password' => Hash::make(Str::random(16)),
-                'forceChange' => false,
-            ]);
+            try {
+                $user = User::create([
+                    'objectguid' => $objectguid,
+                    'name' => $name,
+                    'email' => $mail,
+                    'username' => strtolower($ldapUser['samaccountname']),
+                    'auth_type' => 'ldap',
+                    'password' => Hash::make(Str::random(16)),
+                    'forceChange' => false,
+                ]);
+            } catch (\Throwable $e) {
+                Log::error('LDAP authentication failed. '.$e->getMessage());
+
+                return Authenticator::returnLoginError($request->email);
+            }
         } else {
+            if (! $user) {
+                // Return error if user already exists
+                Log::error('LDAP authentication failed. User already exists on system.');
+                return Authenticator::returnLoginError($request->email);
+            }
             if ($user->email != $mail) {
                 $temp = User::where('email', $mail)->first();
                 if (! $temp) {
diff --git a/app/Http/Controllers/API/Settings/UserController.php b/app/Http/Controllers/API/Settings/UserController.php
index c9297d7d..ef97ac86 100644
--- a/app/Http/Controllers/API/Settings/UserController.php
+++ b/app/Http/Controllers/API/Settings/UserController.php
@@ -176,6 +176,15 @@ public function update(Request $request)
      */
     public function delete(Request $request)
     {
+        $user = User::where('id', $request->user_id)->first();
+
+        // If user type is not local, return error
+        if ($user->auth_type !== 'local') {
+            return response()->json([
+                'message' => 'LDAP kullanıcıları silinemez.'
+            ], 400);
+        }
+
         // Delete Permissions
         Permission::where('morph_id', $request->user_id)->delete();
 
@@ -183,7 +192,6 @@ public function delete(Request $request)
         RoleUser::where('user_id', $request->user_id)->delete();
 
         // Delete User
-        $user = User::where('id', $request->user_id)->first();
         $user->delete();
 
         AuditLog::write(