From 4b1f4ae31917f2051414799461be84c14a12b5dd Mon Sep 17 00:00:00 2001 From: James Cole Date: Tue, 13 Oct 2020 06:48:11 +0200 Subject: [PATCH] Fix #3915 --- app/Http/Controllers/ProfileController.php | 48 +++++++++++++--------- resources/lang/en_US/firefly.php | 1 + resources/views/v1/profile/index.twig | 14 +++++-- 3 files changed, 40 insertions(+), 23 deletions(-) diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 77c926f7b7..452934e97c 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -60,7 +60,8 @@ class ProfileController extends Controller { use RequestInformation, CreateStuff; - protected bool $externalIdentity; + protected bool $internalAuth; + protected bool $internalIdentity; /** * ProfileController constructor. @@ -81,7 +82,8 @@ class ProfileController extends Controller ); $loginProvider = config('firefly.login_provider'); $authGuard = config('firefly.authentication_guard'); - $this->externalIdentity = 'web' !== $authGuard; + $this->internalAuth = 'web' === $authGuard; + $this->internalIdentity = 'eloquent' === $loginProvider; Log::debug(sprintf('ProfileController::__construct(). Login provider is "%s", authentication guard is "%s"', $loginProvider, $authGuard)); $this->middleware(IsDemoUser::class)->except(['index']); @@ -92,7 +94,10 @@ class ProfileController extends Controller */ public function logoutOtherSessions() { - // + if (!$this->internalAuth) { + session()->flash('info', (string) trans('firefly.external_auth_disabled')); + return redirect(route('profile.index')); + } return view('profile.logout-other-sessions'); } @@ -103,6 +108,10 @@ class ProfileController extends Controller */ public function postLogoutOtherSessions(Request $request) { + if (!$this->internalAuth) { + session()->flash('info', (string) trans('firefly.external_auth_disabled')); + return redirect(route('profile.index')); + } $creds = [ 'email' => auth()->user()->email, 'password' => $request->get('password'), @@ -128,7 +137,7 @@ class ProfileController extends Controller */ public function changeEmail(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -151,7 +160,7 @@ class ProfileController extends Controller */ public function changePassword(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -173,7 +182,7 @@ class ProfileController extends Controller */ public function code(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -229,7 +238,7 @@ class ProfileController extends Controller */ public function confirmEmailChange(UserRepositoryInterface $repository, string $token) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { // @codeCoverageIgnoreStart throw new FireflyException(trans('firefly.external_user_mgt_disabled')); // @codeCoverageIgnoreEnd @@ -265,7 +274,7 @@ class ProfileController extends Controller */ public function deleteAccount(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -284,7 +293,7 @@ class ProfileController extends Controller */ public function deleteCode(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -309,7 +318,7 @@ class ProfileController extends Controller */ public function enable2FA(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -340,7 +349,8 @@ class ProfileController extends Controller { /** @var User $user */ $user = auth()->user(); - $isExternalIdentity = $this->externalIdentity; + $isInternalAuth = $this->internalAuth; + $isInternalIdentity = $this->internalIdentity; $count = DB::table('oauth_clients')->where('personal_access_client', 1)->whereNull('user_id')->count(); $subTitle = $user->email; $userId = $user->id; @@ -360,7 +370,7 @@ class ProfileController extends Controller $accessToken = app('preferences')->set('access_token', $token); } - return view('profile.index', compact('subTitle', 'mfaBackupCount', 'userId', 'accessToken', 'enabled2FA', 'isExternalIdentity')); + return view('profile.index', compact('subTitle', 'mfaBackupCount', 'userId', 'accessToken', 'enabled2FA', 'isInternalAuth','isInternalIdentity')); } /** @@ -368,7 +378,7 @@ class ProfileController extends Controller */ public function newBackupCodes(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -399,7 +409,7 @@ class ProfileController extends Controller */ public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -450,7 +460,7 @@ class ProfileController extends Controller */ public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -485,7 +495,7 @@ class ProfileController extends Controller */ public function postCode(TokenFormRequest $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -530,7 +540,7 @@ class ProfileController extends Controller */ public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -559,7 +569,7 @@ class ProfileController extends Controller */ public function regenerate(Request $request) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { $request->session()->flash('error', trans('firefly.external_user_mgt_disabled')); return redirect(route('profile.index')); @@ -587,7 +597,7 @@ class ProfileController extends Controller */ public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash) { - if ($this->externalIdentity) { + if (!$this->internalAuth || !$this->internalIdentity) { throw new FireflyException(trans('firefly.external_user_mgt_disabled')); } diff --git a/resources/lang/en_US/firefly.php b/resources/lang/en_US/firefly.php index 248faf3c45..115c5dc60b 100644 --- a/resources/lang/en_US/firefly.php +++ b/resources/lang/en_US/firefly.php @@ -754,6 +754,7 @@ return [ 'login_with_old_email' => 'You can now login with your old email address again.', 'login_provider_local_only' => 'This action is not available when authenticating through ":login_provider".', 'external_user_mgt_disabled' => 'This action is not available when Firefly III isn\'t responsible for user management or authentication handling.', + 'external_auth_disabled' => 'This action is not available when Firefly III isn\'t responsible for authentication handling.', 'delete_local_info_only' => "Because Firefly III isn't responsible for user management or authentication handling, this function will only delete local Firefly III information.", 'oauth' => 'OAuth', 'profile_oauth_clients' => 'OAuth Clients', diff --git a/resources/views/v1/profile/index.twig b/resources/views/v1/profile/index.twig index 3834ca1e3e..2d15e6b3b6 100644 --- a/resources/views/v1/profile/index.twig +++ b/resources/views/v1/profile/index.twig @@ -18,17 +18,21 @@
  • {{ 'command_line_token'|_ }}
    • - {% if false == isExternalIdentity %} + {% if true == isInternalAuth %}
  • {{ 'oauth'|_ }}
    • + {% endif %} + {% if true == isInternalAuth and true == isInternalIdentity %}
  • {{ 'pref_two_factor_auth'|_ }}
    • {% endif %} + {% if true == isInternalAuth and true == isInternalIdentity %}
  • {{ 'delete_stuff_header'|_ }}
    • + {% endif %}
    @@ -42,7 +46,7 @@
    - {% if false == isExternalIdentity %} + {% if true == isInternalAuth %}
    + {% endif %} + {% if true == isInternalAuth and true == isInternalIdentity %}