kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 15:35:15 +00:00
Code Issues Projects Releases Wiki Activity

Expand authentication validation in API.

Browse Source
This commit is contained in:
James Cole
2023-01-14 07:53:00 +01:00
parent 4ccdd8f322
commit 23bbebb80e
3 changed files with 44 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
app/Http/Middleware/Authenticate.php
View File

@@ -87,7 +87,7 @@ class Authenticate
*/
protected function authenticate($request, array $guards)
{
// Log::debug(sprintf('Now in %s', __METHOD__));
Log::debug(sprintf('Now in %s', __METHOD__));
if (0 === count($guards)) {
// Log::debug('No guards present.');
// go for default guard:
@@ -98,22 +98,7 @@ class Authenticate
/** @noinspection PhpUndefinedMethodInspection */
/** @var User $user */
$user = $this->auth->authenticate();
if (null === $user) {
Log::warning('User is null, throw exception?');
}
if (null !== $user) {
// Log::debug(get_class($user));
if (1 === (int)$user->blocked) {
$message = (string)trans('firefly.block_account_logout');
if ('email_changed' === $user->blocked_code) {
$message = (string)trans('firefly.email_changed_logout');
}
app('session')->flash('logoutMessage', $message);
$this->auth->logout(); // @phpstan-ignore-line (thinks function is undefined)
throw new AuthenticationException('Blocked account.', $guards);
}
}
$this->validateBlockedUser($user, $guards);
}
return $this->auth->authenticate(); // @phpstan-ignore-line (thinks function returns void)
@@ -121,13 +106,15 @@ class Authenticate
// Log::debug('Guard array is not empty.');
foreach ($guards as $guard) {
// Log::debug(sprintf('Now in guard loop, guard is "%s"', $guard));
if('api' !== $guard) {
Log::debug(sprintf('Now in guard loop, guard is "%s"', $guard));
if ('api' !== $guard) {
$this->auth->guard($guard)->authenticate();
}
$result = $this->auth->guard($guard)->check();
// Log::debug(sprintf('Result is %s', var_export($result, true)));
Log::debug(sprintf('Result is %s', var_export($result, true)));
if ($result) {
$user = $this->auth->guard($guard)->user();
$this->validateBlockedUser($user, $guards);
// According to PHPstan the method returns void, but we'll see.
return $this->auth->shouldUse($guard); // @phpstan-ignore-line
}
@@ -135,4 +122,32 @@ class Authenticate
throw new AuthenticationException('Unauthenticated.', $guards);
}
/**
* @param User|null $user
* @param array $guards
* @return void
* @throws AuthenticationException
*/
private function validateBlockedUser(?User $user, array $guards): void
{
Log::debug(sprintf('Now in %s', __METHOD__));
if (null === $user) {
Log::warning('User is null, throw exception?');
}
if (null !== $user) {
// Log::debug(get_class($user));
if (1 === (int)$user->blocked) {
$message = (string)trans('firefly.block_account_logout');
if ('email_changed' === $user->blocked_code) {
$message = (string)trans('firefly.email_changed_logout');
}
Log::warning('User is blocked, cannot use authentication method.');
app('session')->flash('logoutMessage', $message);
$this->auth->logout(); // @phpstan-ignore-line (thinks function is undefined)
throw new AuthenticationException('Blocked account.', $guards);
}
}
}
}