Review updates

- Keep 2FA step if enabled for oauth users
- Fallback to no icon sign in link if not available
- Merge cloudfront config in services
- Rename Twill enabled feature for consistency
- Update published assets

config/enabled.php

@@ -17,10 +17,10 @@
     'users-image' => false,
     'site-link' => false,
     'settings' => true,
-    'oauth-login' => false,
     'dashboard' => true,
     'search' => true,
     'users-description' => false,
     'activitylog' => true,
     'users-2fa' => false,
+    'users-oauth' => false,
 ];

config/services.php

@@ -1,58 +1,54 @@
 <?php
 
 return [
-
-    /*
-    |--------------------------------------------------------------------------
-    | Services default configuration values
-    |--------------------------------------------------------------------------
-    |
-    | Set of default values. These can be replaced in your config/services.php
-    |
-    | These keys represent Socialite possible providers for Oauth authentication
-    |
-     */
+    'cloudfront' => [
+        'key' => env('CLOUDFRONT_KEY', env('AWS_KEY')),
+        'secret' => env('CLOUDFRONT_SECRET', env('AWS_SECRET')),
+        'distribution' => env('CLOUDFRONT_DISTRIBUTION', env('AWS_CLOUDFRONT_DISTRIBUTION')),
+        'sdk_version' => env('CLOUDFRONT_SDK_VERSION', env('AWS_SDK_VERSION', '2017-10-30')),
+        'region' => env('CLOUDFRONT_REGION', env('AWS_REGION', 'us-east-1')),
+    ],
 
     'github' => [
         'client_id' => env('GITHUB_CLIENT_ID'),
         'client_secret' => env('GITHUB_CLIENT_SECRET'),
-        'redirect' => env('GITHUB_CALLBACK_URL', '/login/oauth/callback/github')
+        'redirect' => env('GITHUB_CALLBACK_URL', '/login/oauth/callback/github'),
     ],
 
     'google' => [
         'client_id' => env('GOOGLE_CLIENT_ID'),
         'client_secret' => env('GOOGLE_CLIENT_SECRET'),
-        'redirect' => env('GOOGLE_CALLBACK_URL', '/login/oauth/callback/google')
+        'redirect' => env('GOOGLE_CALLBACK_URL', '/login/oauth/callback/google'),
     ],
 
     'facebook' => [
         'client_id' => env('FACEBOOK_CLIENT_ID'),
         'client_secret' => env('FACEBOOK_CLIENT_SECRET'),
-        'redirect' => env('FACEBOOK_CALLBACK_URL', '/login/oauth/callback/facebook')
+        'redirect' => env('FACEBOOK_CALLBACK_URL', '/login/oauth/callback/facebook'),
     ],
 
     'twitter' => [
         'client_id' => env('TWITTER_CLIENT_ID'),
         'client_secret' => env('TWITTER_CLIENT_SECRET'),
-        'redirect' => env('TWITTER_CALLBACK_URL', '/login/oauth/callback/twitter')
+        'redirect' => env('TWITTER_CALLBACK_URL', '/login/oauth/callback/twitter'),
     ],
 
     'linkedin' => [
         'client_id' => env('LINKEDIN_CLIENT_ID'),
         'client_secret' => env('LINKEDIN_CLIENT_SECRET'),
-        'redirect' => env('LINKEDIN_CALLBACK_URL', '/login/oauth/callback/linkedin')
+        'redirect' => env('LINKEDIN_CALLBACK_URL', '/login/oauth/callback/linkedin'),
     ],
 
     'gitlab' => [
         'client_id' => env('GITLAB_CLIENT_ID'),
         'client_secret' => env('GITLAB_CLIENT_SECRET'),
-        'redirect' => env('GITLAB_CALLBACK_URL', '/login/oauth/callback/gitlab')
+        'redirect' => env('GITLAB_CALLBACK_URL', '/login/oauth/callback/gitlab'),
     ],
 
     'bitbucket' => [
         'client_id' => env('BITBUCKET_CLIENT_ID'),
         'client_secret' => env('BITBUCKET_CLIENT_SECRET'),
-        'redirect' => env('BITBUCKET_CALLBACK_URL', '/login/oauth/callback/bitbucket')
+        'redirect' => env('BITBUCKET_CALLBACK_URL', '/login/oauth/callback/bitbucket'),
     ],
 
 ];

dist/mix-manifest.json

@@ -1,10 +1,10 @@
 {
     "/assets/admin/js/manifest.js": "/assets/admin/js/manifest.js?id=01c8731923a46c30aaed",
-    "/assets/admin/js/vendor.js": "/assets/admin/js/vendor.js?id=a66b2381da3139b06275",
-    "/assets/admin/js/main-buckets.js": "/assets/admin/js/main-buckets.js?id=7e6dd62bef78c3239f49",
+    "/assets/admin/js/vendor.js": "/assets/admin/js/vendor.js?id=3a1352c530a89e56d3a8",
+    "/assets/admin/js/main-buckets.js": "/assets/admin/js/main-buckets.js?id=3c608e011d4b453d3a7c",
     "/assets/admin/js/main-dashboard.js": "/assets/admin/js/main-dashboard.js?id=4a352517865af7e4be11",
-    "/assets/admin/js/main-form.js": "/assets/admin/js/main-form.js?id=33ab8a05232ca80f9275",
+    "/assets/admin/js/main-form.js": "/assets/admin/js/main-form.js?id=dcd0ac86f5b61ffbfa62",
     "/assets/admin/js/main-free.js": "/assets/admin/js/main-free.js?id=c0ab99eb3e6b32749874",
     "/assets/admin/js/main-listing.js": "/assets/admin/js/main-listing.js?id=66697cee31d90883f2f9",
-    "/assets/admin/css/app.css": "/assets/admin/css/app.css?id=476b64afbec7f46a989f"
+    "/assets/admin/css/app.css": "/assets/admin/css/app.css?id=edb1c44eee53e2cd4f9d"
 }

frontend/scss/organisms/_login.scss

@@ -93,11 +93,12 @@
   }
 }
 
-.login__google, .login_github, .login_facebook {
+.login__socialite {
   display:block;
   text-align:center;
   text-decoration:none;
   color:$color__text--forms;
+  margin-bottom:20px;
 
   .icon {
     color:$color__text--forms;

migrations/optional/users-2fa/2019_08_03_000002_add_two_factor_auth_columns_to_twill_users.php

@@ -38,20 +38,19 @@ public function up()
      */
     public function down()
     {
-        if (config('twill.enabled.users-2fa', false)) {
-            $twillUsersTable = config('twill.users_table', 'twill_users');
+        $twillUsersTable = config('twill.users_table', 'twill_users');
 
-            if (Schema::hasTable($twillUsersTable) && Schema::hasColumn($twillUsersTable, 'google_2fa_secret')) {
-                Schema::table($twillUsersTable, function (Blueprint $table) {
-                    $table->dropColumn('google_2fa_secret');
-                });
-            }
+        if (Schema::hasTable($twillUsersTable) && Schema::hasColumn($twillUsersTable, 'google_2fa_secret')) {
+            Schema::table($twillUsersTable, function (Blueprint $table) {
+                $table->dropColumn('google_2fa_secret');
+            });
+        }
 
-            if (Schema::hasTable($twillUsersTable) && Schema::hasColumn($twillUsersTable, 'google_2fa_enabled')) {
-                Schema::table($twillUsersTable, function (Blueprint $table) {
-                    $table->dropColumn('google_2fa_enabled');
-                });
-            }
+        if (Schema::hasTable($twillUsersTable) && Schema::hasColumn($twillUsersTable, 'google_2fa_enabled')) {
+            Schema::table($twillUsersTable, function (Blueprint $table) {
+                $table->dropColumn('google_2fa_enabled');
+            });
         }
     }
+
 }

migrations/optional/users-oauth/2019_10_23_053500_create_twill_users_oauth_table.php

@@ -0,0 +1,44 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateTwillUsersOauthTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        if (config('twill.enabled.users-oauth', false)) {
+            $twillUsersTable = config('twill.users_table', 'twill_users');
+            $twillOauthTable = config('twill.users_oauth_table', 'twill_users_oauth');
+
+            if (!Schema::hasTable($twillOauthTable)) {
+                Schema::create($twillOauthTable, function (Blueprint $table) use ($twillUsersTable) {
+                    $table->{twillIncrementsMethod()}('id');
+                    $table->timestamps();
+                    $table->string('token')->index();
+                    $table->string('provider')->index();
+                    $table->string('avatar')->nullable();
+                    $table->string('oauth_id')->index();
+                    $table->{twillIntegerMethod()}('user_id')->unsigned()->index();
+                    $table->foreign('user_id', 'fk_twill_users_id')->references('id')->on($twillUsersTable)->onDelete('cascade');
+                });
+            }
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists(config('twill.users_oauth_table', 'twill_users_oauth'));
+    }
+}

routes/auth.php

@@ -22,7 +22,7 @@
     Route::post('login-2fa', 'LoginController@login2Fa')->name('login-2fa');
 }
 
-if (config('twill.enabled.oauth-login')) {
+if (config('twill.enabled.users-oauth')) {
     Route::get('login/oauth/redirect/{provider}', 'LoginController@redirectToProvider')->name('login.redirect');
     Route::get('login/oauth/callback/{provider}', 'LoginController@handleProviderCallback')->name('login.callback');
     Route::get('login/oauth/oauth-link', 'LoginController@showPasswordForm')->name('login.oauth.showPasswordForm');

src/Http/Controllers/Admin/LoginController.php

@@ -2,15 +2,16 @@
 
 namespace A17\Twill\Http\Controllers\Admin;
 
-use A17\Twill\Models\User;
 use A17\Twill\Http\Requests\Admin\OauthRequest;
+use A17\Twill\Models\User;
 use A17\Twill\Repositories\UserRepository;
 use Illuminate\Auth\AuthManager;
 use Illuminate\Config\Repository as Config;
 use Illuminate\Encryption\Encrypter;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Redirector;
+use Illuminate\Support\Facades\App;
 use Illuminate\View\Factory as ViewFactory;
 use PragmaRX\Google2FA\Google2FA;
 use Socialite;
@@ -45,6 +46,11 @@ class LoginController extends Controller
      */
     protected $redirector;
 
+    /**
+     * @var Config
+     */
+    protected $config;
+
     /**
      * @var ViewFactory
      */
@@ -63,6 +69,7 @@ public function __construct(
         $this->encrypter = $encrypter;
         $this->redirector = $redirector;
         $this->viewFactory = $viewFactory;
+        $this->config = $config;
 
         $this->middleware('twill_guest', ['except' => 'logout']);
         $this->redirectTo = $config->get('twill.auth_login_redirect_path', '/');
@@ -113,6 +120,11 @@ public function logout(Request $request)
      * @return \Illuminate\Http\RedirectResponse
      */
     protected function authenticated(Request $request, $user)
+    {
+        return $this->afterAuthentication($request, $user);
+    }
+
+    private function afterAuthentication(Request $request, $user)
     {
         if ($user->google_2fa_secret && $user->google_2fa_enabled) {
             $this->guard()->logout();
@@ -154,7 +166,6 @@ public function login2Fa(Request $request)
         return $this->redirector->to(route('admin.login-2fa.form'))->withErrors([
             'error' => 'Your one time password is invalid.',
         ]);
-
     }
 
     /**
@@ -163,9 +174,10 @@ public function login2Fa(Request $request)
      */
     public function redirectToProvider($provider, OauthRequest $request)
     {
-
-        return Socialite::driver($provider)->redirect();
-
+        return Socialite::driver($provider)
+            ->scopes($this->config->get('twill.oauth.' . $provider . '.scopes', []))
+            ->with($this->config->get('twill.oauth.' . $provider . '.with', []))
+            ->redirect();
     }
 
     /**
@@ -176,7 +188,7 @@ public function handleProviderCallback($provider, OauthRequest $request)
     {
 
         $oauthUser = Socialite::driver($provider)->user();
-        $repository = app(UserRepository::class);
+        $repository = App::make(UserRepository::class);
 
         // If the user with that email exists
         if ($user = $repository->oauthUser($oauthUser)) {
@@ -186,8 +198,7 @@ public function handleProviderCallback($provider, OauthRequest $request)
                 $user = $repository->oauthUpdateProvider($oauthUser, $provider);
 
                 // Login and redirect
-                $this->authManager->guard('twill_users')->login($user);
-                return $this->redirector->intended($this->redirectTo);
+                return $this->afterAuthentication($request, $user);
             } else {
                 if ($user->password) {
                     // If the user has a password then redirect to a form to ask for it
@@ -201,8 +212,7 @@ public function handleProviderCallback($provider, OauthRequest $request)
                     $user->linkProvider($oauthUser, $provider);
 
                     // Login and redirect
-                    $this->authManager->guard('twill_users')->login($user);
-                    return  $this->redirector->intended($this->redirectTo);
+                    return $this->afterAuthentication($request, $user);
                 }
             }
         } else {
@@ -214,10 +224,8 @@ public function handleProviderCallback($provider, OauthRequest $request)
             $this->authManager->guard('twill_users')->login($user);
             return $this->redirector->intended($this->redirectTo);
         }
-
     }
 
-
     /**
      * @return \Illuminate\View\View
      */
@@ -228,7 +236,7 @@ public function showPasswordForm(Request $request)
 
         return $this->viewFactory->make('twill::auth.oauth-link', [
             'username' => $user->email,
-            'provider' => $request->session()->get('oauth:provider')
+            'provider' => $request->session()->get('oauth:provider'),
         ]);
     }
 
@@ -247,19 +255,16 @@ public function linkProvider(Request $request)
 
             // Link the provider and login
             $user->linkProvider($request->session()->get('oauth:user'), $request->session()->get('oauth:provider'));
-            $this->authManager->guard('twill_users')->login($user);
 
             // Remove session variables
             $request->session()->forget('oauth:user_id');
             $request->session()->forget('oauth:user');
             $request->session()->forget('oauth:provider');
 
-            // Redirect
-            return $this->redirector->intended($this->redirectTo);
+            // Login and redirect
+            return $this->afterAuthentication($request, $user);
         } else {
             return $this->sendFailedLoginResponse($request);
         }
-
     }
-
 }