diff --git a/config/auth.php b/config/auth.php index 7d1eb0d..7a44b14 100644 --- a/config/auth.php +++ b/config/auth.php @@ -7,15 +7,15 @@ return [ | Authentication Defaults |-------------------------------------------------------------------------- | - | This option defines the default authentication "guard" and password - | reset "broker" for your application. You may change these values + | This option controls the default authentication "guard" and password + | reset options for your application. You may change these defaults | as required, but they're a perfect start for most applications. | */ 'defaults' => [ - 'guard' => env('AUTH_GUARD', 'web'), - 'passwords' => env('AUTH_PASSWORD_BROKER', 'users'), + 'guard' => 'web', + 'passwords' => 'users', ], /* @@ -25,11 +25,11 @@ return [ | | Next, you may define every authentication guard for your application. | Of course, a great default configuration has been defined for you - | which utilizes session storage plus the Eloquent user provider. + | here which uses session storage and the Eloquent user provider. | - | All authentication guards have a user provider, which defines how the + | All authentication drivers have a user provider. This defines how the | users are actually retrieved out of your database or other storage - | system used by the application. Typically, Eloquent is utilized. + | mechanisms used by this application to persist your user's data. | | Supported: "session" | @@ -38,6 +38,11 @@ return [ 'guards' => [ 'web' => [ 'driver' => 'session', + 'provider' => 'ldap', + ], + // guard для аутентификации при запросе ендпоинтов API, а также для нормального логирования информации события обращения к API ендпоинтам + 'sanctum' => [ + 'driver' => 'sanctum', 'provider' => 'users', ], ], @@ -47,12 +52,12 @@ return [ | User Providers |-------------------------------------------------------------------------- | - | All authentication guards have a user provider, which defines how the + | All authentication drivers have a user provider. This defines how the | users are actually retrieved out of your database or other storage - | system used by the application. Typically, Eloquent is utilized. + | mechanisms used by this application to persist your user's data. | | If you have multiple user tables or models you may configure multiple - | providers to represent the model / table. These providers may then + | sources which represent each model / table. These sources may then | be assigned to any extra authentication guards you have defined. | | Supported: "database", "eloquent" @@ -60,11 +65,15 @@ return [ */ 'providers' => [ + 'ldap' => [ + 'driver' => 'ldap', + 'model' => LdapRecord\Models\ActiveDirectory\User::class, + ], + //Провайдер для записи в БД минимальных данных пользователя: логина и его id. Нужен для корректной работы Sanctum 'users' => [ 'driver' => 'eloquent', - 'model' => env('AUTH_MODEL', App\Models\User::class), + 'model' => App\Models\User::class, ], - // 'users' => [ // 'driver' => 'database', // 'table' => 'users', @@ -76,9 +85,9 @@ return [ | Resetting Passwords |-------------------------------------------------------------------------- | - | These configuration options specify the behavior of Laravel's password - | reset functionality, including the table utilized for token storage - | and the user provider that is invoked to actually retrieve users. + | You may specify multiple password reset configurations if you have more + | than one user table or model in the application and you want to have + | separate password reset settings based on the specific user types. | | The expiry time is the number of minutes that each reset token will be | considered valid. This security feature keeps tokens short-lived so @@ -93,7 +102,7 @@ return [ 'passwords' => [ 'users' => [ 'provider' => 'users', - 'table' => env('AUTH_PASSWORD_RESET_TOKEN_TABLE', 'password_reset_tokens'), + 'table' => 'password_reset_tokens', 'expire' => 60, 'throttle' => 60, ], @@ -104,12 +113,12 @@ return [ | Password Confirmation Timeout |-------------------------------------------------------------------------- | - | Here you may define the number of seconds before a password confirmation - | window expires and users are asked to re-enter their password via the + | Here you may define the amount of seconds before a password confirmation + | times out and the user is prompted to re-enter their password via the | confirmation screen. By default, the timeout lasts for three hours. | */ - 'password_timeout' => env('AUTH_PASSWORD_TIMEOUT', 10800), + 'password_timeout' => 10800, ]; diff --git a/config/ldap.php b/config/ldap.php new file mode 100644 index 0000000..0772558 --- /dev/null +++ b/config/ldap.php @@ -0,0 +1,81 @@ + env('LDAP_CONNECTION', 'default'), + + /* + |-------------------------------------------------------------------------- + | LDAP Connections + |-------------------------------------------------------------------------- + | + | Below you may configure each LDAP connection your application requires + | access to. Be sure to include a valid base DN - otherwise you may + | not receive any results when performing LDAP search operations. + | + */ + + 'connections' => [ + + 'default' => [ + 'hosts' => [env('LDAP_HOST', '127.0.0.1')], + 'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'), + 'password' => env('LDAP_PASSWORD', 'secret'), + 'port' => env('LDAP_PORT', 389), + 'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'), + 'timeout' => env('LDAP_TIMEOUT', 5), + 'use_ssl' => env('LDAP_SSL', false), + 'use_tls' => env('LDAP_TLS', false), + 'use_sasl' => env('LDAP_SASL', false), + 'sasl_options' => [ + // 'mech' => 'GSSAPI', + ], + ], + + ], + + /* + |-------------------------------------------------------------------------- + | LDAP Logging + |-------------------------------------------------------------------------- + | + | When LDAP logging is enabled, all LDAP search and authentication + | operations are logged using the default application logging + | driver. This can assist in debugging issues and more. + | + */ + + 'logging' => [ + 'enabled' => env('LDAP_LOGGING', true), + 'channel' => env('LOG_CHANNEL', 'stack'), + 'level' => env('LOG_LEVEL', 'info'), + ], + + /* + |-------------------------------------------------------------------------- + | LDAP Cache + |-------------------------------------------------------------------------- + | + | LDAP caching enables the ability of caching search results using the + | query builder. This is great for running expensive operations that + | may take many seconds to complete, such as a pagination request. + | + */ + + 'cache' => [ + 'enabled' => env('LDAP_CACHE', false), + 'driver' => env('CACHE_DRIVER', 'file'), + ], + +]; diff --git a/config/sanctum.php b/config/sanctum.php new file mode 100644 index 0000000..1b5eb0e --- /dev/null +++ b/config/sanctum.php @@ -0,0 +1,85 @@ + explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf( + '%s%s', + 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1', + Sanctum::currentApplicationUrlWithPort() + ))), + + /* + |-------------------------------------------------------------------------- + | Sanctum Guards + |-------------------------------------------------------------------------- + | + | This array contains the authentication guards that will be checked when + | Sanctum is trying to authenticate a request. If none of these guards + | are able to authenticate the request, Sanctum will use the bearer + | token that's present on an incoming request for authentication. + | + */ + + 'guard' => ['web'], + + /* + |-------------------------------------------------------------------------- + | Expiration Minutes + |-------------------------------------------------------------------------- + | + | This value controls the number of minutes until an issued token will be + | considered expired. This will override any values set in the token's + | "expires_at" attribute, but first-party sessions are not affected. + | + */ + + 'expiration' => null, + + /* + |-------------------------------------------------------------------------- + | Token Prefix + |-------------------------------------------------------------------------- + | + | Sanctum can prefix new tokens in order to take advantage of numerous + | security scanning initiatives maintained by open source platforms + | that notify developers if they commit tokens into repositories. + | + | See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning + | + */ + + 'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''), + + /* + |-------------------------------------------------------------------------- + | Sanctum Middleware + |-------------------------------------------------------------------------- + | + | When authenticating your first-party SPA with Sanctum you may need to + | customize some of the middleware Sanctum uses while processing the + | request. You may change the middleware listed below as required. + | + */ + + 'middleware' => [ + 'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class, + 'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class, + 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class, + ], + +];