kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-26 13:36:15 +00:00
Code Issues Projects Releases Wiki Activity

New middleware.

Browse Source
This commit is contained in:
James Cole
2016-03-29 12:23:10 +02:00
parent 87b36cf7e3
commit 993a2c7823
2 changed files with 112 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
app/Http/Kernel.php
View File

@@ -50,30 +50,39 @@ class Kernel extends HttpKernel
// does not check login // does not check login
// does not check 2fa // does not check 2fa
// does not check activation // does not check activation
'web' => [ 'web' => [
EncryptCookies::class, EncryptCookies::class,
AddQueuedCookiesToResponse::class, AddQueuedCookiesToResponse::class,
StartSession::class, StartSession::class,
ShareErrorsFromSession::class, ShareErrorsFromSession::class,
VerifyCsrfToken::class, VerifyCsrfToken::class,
], ],
// must be authenticated // MUST NOT be logged in. Does not care about 2FA or confirmation.
// must be 2fa (if enabled) 'user-not-logged-in' => [
// must be activated account EncryptCookies::class,
'web-auth' => [ AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
RedirectIfAuthenticated::class,
],
// MUST be logged in.
// MUST NOT have 2FA
// don't care about confirmation:
'user-logged-in-no-2fa' => [
EncryptCookies::class, EncryptCookies::class,
AddQueuedCookiesToResponse::class, AddQueuedCookiesToResponse::class,
StartSession::class, StartSession::class,
ShareErrorsFromSession::class, ShareErrorsFromSession::class,
VerifyCsrfToken::class, VerifyCsrfToken::class,
Authenticate::class, Authenticate::class,
AuthenticateTwoFactor::class, RedirectIfTwoFactorAuthenticated::class,
IsConfirmed::class,
], ],
// must be authenticated // MUST be logged in
// must be 2fa (if enabled) // MUST have 2FA
// must NOT be activated account // MUST NOT have confirmation.
'web-auth-no-confirm' => [ 'user-logged-in-2fa-no-activation' => [
EncryptCookies::class, EncryptCookies::class,
AddQueuedCookiesToResponse::class, AddQueuedCookiesToResponse::class,
StartSession::class, StartSession::class,
@@ -83,29 +92,11 @@ class Kernel extends HttpKernel
AuthenticateTwoFactor::class, AuthenticateTwoFactor::class,
IsNotConfirmed::class, IsNotConfirmed::class,
], ],
// must be authenticated // MUST be logged in
// does not care about 2fa // MUST have 2fa
// must be confirmed. // MUST be confirmed.
'web-auth-no-two-factor' => [ // (this group includes the other Firefly middleware)
EncryptCookies::class, 'user-full-auth' => [
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
Authenticate::class,
RedirectIfTwoFactorAuthenticated::class,
IsConfirmed::class,
],
'web-auth-no-two-factor-any-confirm' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
Authenticate::class,
RedirectIfTwoFactorAuthenticated::class,
],
'web-auth-range' => [
EncryptCookies::class, EncryptCookies::class,
AddQueuedCookiesToResponse::class, AddQueuedCookiesToResponse::class,
StartSession::class, StartSession::class,
@@ -118,6 +109,68 @@ class Kernel extends HttpKernel
Binder::class, Binder::class,
], ],
//
// // must be authenticated
// // must be 2fa (if enabled)
// // must be activated account
// 'web-auth' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// AuthenticateTwoFactor::class,
// IsConfirmed::class,
// ],
// // must be authenticated
// // must be 2fa (if enabled)
// // must NOT be activated account
// 'web-auth-no-confirm' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// AuthenticateTwoFactor::class,
// IsNotConfirmed::class,
// ],
// // must be authenticated
// // does not care about 2fa
// // must be confirmed.
// 'web-auth-no-two-factor' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// RedirectIfTwoFactorAuthenticated::class,
// IsConfirmed::class,
// ],
// 'web-auth-no-two-factor-any-confirm' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// RedirectIfTwoFactorAuthenticated::class,
// ],
// 'web-auth-range' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// AuthenticateTwoFactor::class,
// IsConfirmed::class,
// Range::class,
// Binder::class,
// ],
'api' => [ 'api' => [
'throttle:60,1', 'throttle:60,1',
], ],

47
app/Http/routes.php
View File

@@ -1,16 +1,22 @@
<?php <?php
declare(strict_types = 1); declare(strict_types = 1);
// does not check login
// does not check 2fa //Route::get('/logout', 'Auth\AuthController@logout');
// does not check activation //Route::get('/error', 'HomeController@displayError');
//Route::get('/logout', ['uses' => 'Auth\AuthController@logout', 'as' => 'logout']);
//Route::get('/flush', ['uses' => 'HomeController@flush']);
/**
* These routes only work when the user is NOT logged in.
*/
Route::group( Route::group(
['middleware' => 'web'], function () { ['middleware' => 'user-not-logged-in'], function () {
// Authentication Routes... // Authentication Routes...
Route::get('/login', 'Auth\AuthController@showLoginForm'); Route::get('/login', 'Auth\AuthController@showLoginForm');
Route::post('/login', 'Auth\AuthController@login'); Route::post('/login', 'Auth\AuthController@login');
Route::get('/logout', 'Auth\AuthController@logout');
// Registration Routes... // Registration Routes...
Route::get('/register', ['uses' => 'Auth\AuthController@showRegistrationForm', 'as' => 'register']); Route::get('/register', ['uses' => 'Auth\AuthController@showRegistrationForm', 'as' => 'register']);
@@ -23,30 +29,26 @@ Route::group(
Route::post('/password/email', 'Auth\PasswordController@sendResetLinkEmail'); Route::post('/password/email', 'Auth\PasswordController@sendResetLinkEmail');
Route::post('/password/reset', 'Auth\PasswordController@reset'); Route::post('/password/reset', 'Auth\PasswordController@reset');
// display error:
Route::get('/error', 'HomeController@displayError');
Route::get('/logout', ['uses' => 'Auth\AuthController@logout', 'as' => 'logout']);
} }
); );
// must be authenticated
// does not care about 2fa /**
// does not care about confirmation. * For the two factor routes, the user must be logged in, but not 2FA. Account confirmation does not matter here.
*/
Route::group( Route::group(
['middleware' => 'web-auth-no-two-factor-any-confirm'], function () { ['middleware' => 'user-logged-in-no-2fa'], function () {
Route::get('/two-factor', ['uses' => 'Auth\TwoFactorController@index', 'as' => 'two-factor']); Route::get('/two-factor', ['uses' => 'Auth\TwoFactorController@index', 'as' => 'two-factor']);
Route::get('/lost-two-factor', ['uses' => 'Auth\TwoFactorController@lostTwoFactor', 'as' => 'lost-two-factor']); Route::get('/lost-two-factor', ['uses' => 'Auth\TwoFactorController@lostTwoFactor', 'as' => 'lost-two-factor']);
Route::post('/two-factor', ['uses' => 'Auth\TwoFactorController@postIndex', 'as' => 'two-factor-post']); Route::post('/two-factor', ['uses' => 'Auth\TwoFactorController@postIndex', 'as' => 'two-factor-post']);
Route::get('/flush', ['uses' => 'HomeController@flush']);
} }
); );
// routes that can only be accessed without having your account confirmed. /**
* For the confirmation routes, the user must be logged in, also 2FA, but his account must not be confirmed.
*/
Route::group( Route::group(
['middleware' => 'web-auth-no-confirm'], function () { ['middleware' => 'user-logged-in-2fa-no-activation'], function () {
// //
Route::get('/confirm-your-account', ['uses' => 'Auth\ConfirmationController@confirmationError', 'as' => 'confirmation_error']); Route::get('/confirm-your-account', ['uses' => 'Auth\ConfirmationController@confirmationError', 'as' => 'confirmation_error']);
Route::get('/resend-confirmation', ['uses' => 'Auth\ConfirmationController@resendConfirmation', 'as' => 'resend_confirmation']); Route::get('/resend-confirmation', ['uses' => 'Auth\ConfirmationController@resendConfirmation', 'as' => 'resend_confirmation']);
@@ -55,9 +57,11 @@ Route::group(
} }
); );
/**
* For all other routes, the user must be fully authenticated and have an activated account.
*/
Route::group( Route::group(
['middleware' => ['web-auth-range']], function () { ['middleware' => ['user-full-auth']], function () {
/** /**
* Home Controller * Home Controller
@@ -65,7 +69,6 @@ Route::group(
Route::get('/', ['uses' => 'HomeController@index', 'as' => 'index']); Route::get('/', ['uses' => 'HomeController@index', 'as' => 'index']);
Route::get('/home', ['uses' => 'HomeController@index', 'as' => 'home']); Route::get('/home', ['uses' => 'HomeController@index', 'as' => 'home']);
Route::post('/daterange', ['uses' => 'HomeController@dateRange', 'as' => 'daterange']); Route::post('/daterange', ['uses' => 'HomeController@dateRange', 'as' => 'daterange']);
Route::get('/routes', ['uses' => 'HomeController@routes']); Route::get('/routes', ['uses' => 'HomeController@routes']);
/** /**
* Account Controller * Account Controller