CU Auth

.env.example

@@ -1,8 +1,8 @@
-APP_NAME=Laravel
+APP_NAME="Custom Development Laravel/Livewire Starter Kit"
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
-APP_URL=http://localhost
+APP_URL=https://cd-laravel-base.lndo.site
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
@@ -20,12 +20,12 @@ LOG_STACK=single
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=sqlite
-# DB_HOST=127.0.0.1
-# DB_PORT=3306
-# DB_DATABASE=laravel
-# DB_USERNAME=root
-# DB_PASSWORD=
+#DB_CONNECTION=sqlite
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=laravel
+DB_USERNAME=laravel
+DB_PASSWORD=laravel
 
 SESSION_DRIVER=database
 SESSION_LIFETIME=120
@@ -40,13 +40,6 @@ QUEUE_CONNECTION=database
 CACHE_STORE=database
 # CACHE_PREFIX=
 
-MEMCACHED_HOST=127.0.0.1
-
-REDIS_CLIENT=phpredis
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
 MAIL_MAILER=log
 MAIL_SCHEME=null
 MAIL_HOST=127.0.0.1
@@ -56,10 +49,4 @@ MAIL_PASSWORD=null
 MAIL_FROM_ADDRESS="[email protected]"
 MAIL_FROM_NAME="${APP_NAME}"
 
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=
-AWS_USE_PATH_STYLE_ENDPOINT=false
-
 VITE_APP_NAME="${APP_NAME}"

.lando.yml

@@ -2,6 +2,6 @@ name: cd-laravel-base
 recipe: laravel
 config:
   webroot: ./public
-  php: 8.2
+  php: 8.3
   cache: none
   composer_version: 2-latest

README.md

@@ -26,14 +26,14 @@ Run this command to recreate your database and seed users table:
 
 The Layout is built with the Cornell Design System: https://cornellcustomdev.github.io/cds-docs/
 
-Edit the layout starting at [resources/views/components/cds/layout/app.blade.php](resources/views/components/cds/layout/app.blade.php)
+Edit the layout starting at [resources/views/components/layouts/app.blade.php](resources/views/components/layouts/app.blade.php)
 
 ## Components
 
 Components are built with [FluxPro](https://fluxui.dev/docs). Examples of components are at [resources/views/examples/form.blade.php](resources/views/examples/form.blade.php)
 
 Available components:
-- [Text input](resources/views/components/cds/forms/input.blade.php)
+- [Text input](resources/views/components/cds/input.blade.php)
 
 ### Using components
 Components are used in blade files with the `<x-cds` syntax. For example, to use the text input forms component, you would write:
@@ -57,3 +57,16 @@ You can also pass additional attributes to the component and they will be applie
 Common and defaulted attributes can be found in the component's blade file, generally as `@prop` definitions so that an IDE can provide autocomplete.
 
 The underlying Flux component documentation is linked from the blade file and should be consulted for additional options and usage.
+
+## SSO Authentication
+
+The starter kit can use Cornell's SSO for authentication. [routes/examples.php](routes/examples.php) demonstrates how to use CUAuth to require SSO login for specific pages.
+
+The defaults set in [config/cu-auth.php](config/cu-auth.php) use Apache mod_shib and will create a new user if one does not exist. See the config file for other options which can also be set with environment variables.
+
+Most apps will require a custom implementation of the `CUAuthenticated` event listener to handle user authorization. See [app/Listeners/CUAuthorizeUser.php](app/Listeners/CUAuthorizeUser.php) for an example of how to implement this listener.
+
+### Local setup 
+Since the lando environment does not have mod_shib, the `REMOTE_USER` environment variable is used to simulate SSO authentication. Set `REMOTE_USER` in `.env` to your NetID to simulate SSO authentication.
+
+Alternatively, set `CU_AUTH_IDENTIY_MANAGER=php-saml`, which will use the [OneLogin SAML PHP Toolkit](https://github.com/SAML-Toolkits/php-saml/tree/4.x-dev) and allow you to test SSO authentication locally.

app/Listeners/CUAuthorizeUser.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Listeners;
+
+use CornellCustomDev\LaravelStarterKit\CUAuth\DataObjects\RemoteIdentity;
+use CornellCustomDev\LaravelStarterKit\CUAuth\Events\CUAuthenticated;
+use CornellCustomDev\LaravelStarterKit\CUAuth\Managers\IdentityManager;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Str;
+
+class CUAuthorizeUser
+{
+    public function __construct(
+        protected IdentityManager $identityManager
+    ) {}
+
+    public function handle(CUAuthenticated $event, ?RemoteIdentity $remoteIdentity = null): void
+    {
+        $remoteIdentity ??= $this->identityManager->getIdentity();
+
+        // Look for a matching user.
+        $userModel = config('auth.providers.users.model');
+        $user = $userModel::firstWhere('email', $remoteIdentity->email());
+
+        if (empty($user)) {
+            // User does not exist, so create them.
+            $user = new $userModel;
+            $user->name = $remoteIdentity->name();
+            $user->email = $remoteIdentity->email();
+            $user->password = Str::random(32);
+            $user->save();
+            Log::info("AuthorizeUser: Created user $user->email with ID $user->id.");
+        }
+
+        auth()->login($user);
+        Log::info("AuthorizeUser: Logged in user $user->email.");
+    }
+}

composer.json

@@ -19,21 +19,21 @@
         }
     },
     "require": {
-        "php": "^8.2",
-        "cornell-custom-dev/cds": "^1.2.0@beta",
-        "laravel/framework": "^12.0",
-        "laravel/tinker": "^2.10.1",
+        "php": "^8.3",
+        "cornell-custom-dev/cds": "^1.3.3@beta",
+        "cornell-custom-dev/laravel-cu-auth": "^1.1.1",
+        "laravel/framework": "^12.39",
+        "laravel/tinker": "^2.10",
         "livewire/flux-pro": "^2.6",
-        "livewire/volt": "^1.7.0"
+        "livewire/volt": "^1.10"
     },
     "require-dev": {
-        "fakerphp/faker": "^1.23",
-        "laravel/pail": "^1.2.2",
-        "laravel/pint": "^1.24",
-        "laravel/sail": "^1.41",
+        "fakerphp/faker": "^1.24",
+        "laravel/pail": "^1.2",
+        "laravel/pint": "^1.25",
         "mockery/mockery": "^1.6",
-        "nunomaduro/collision": "^8.6",
-        "phpunit/phpunit": "^11.5.3"
+        "nunomaduro/collision": "^8.8",
+        "phpunit/phpunit": "^11.5"
     },
     "autoload": {
         "psr-4": {
@@ -55,6 +55,7 @@
             "cp -R vendor/cornell-custom-dev/cds public/",
             "@php artisan key:generate",
             "@php artisan migrate --force",
+            "@php artisan cu-auth:generate-keys",
             "npm install",
             "npm run build",
             "@php artisan optimize"