From c3ce9e896e5e3390a1503ed07822c13840e36d37 Mon Sep 17 00:00:00 2001 From: James Cole Date: Sun, 1 Jan 2023 14:25:52 +0100 Subject: [PATCH] Fix https://github.com/firefly-iii/firefly-iii/issues/6788 --- app/Http/Kernel.php | 4 +- app/Http/Middleware/Authenticate.php | 57 +++++++++---------- app/Providers/RouteServiceProvider.php | 2 +- .../Authentication/RemoteUserGuard.php | 28 ++++++++- config/passport.php | 2 +- 5 files changed, 56 insertions(+), 37 deletions(-) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 90f7fb65bb..5dbc366ee1 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -176,12 +176,14 @@ class Kernel extends HttpKernel CreateFreshApiToken::class, ], + // full API authentication 'api' => [ EnsureFrontendRequestsAreStateful::class, 'auth:api,sanctum', 'bindings', ], - 'apiY' => [ + // do only bindings, no auth + 'api_basic' => [ 'bindings', ], ]; diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php index 341c605609..bacdcf6547 100644 --- a/app/Http/Middleware/Authenticate.php +++ b/app/Http/Middleware/Authenticate.php @@ -29,8 +29,8 @@ use FireflyIII\Exceptions\FireflyException; use FireflyIII\User; use Illuminate\Auth\AuthenticationException; use Illuminate\Contracts\Auth\Factory as Auth; -use Illuminate\Database\QueryException; use Illuminate\Http\Request; +use Log; /** * Class Authenticate @@ -47,7 +47,7 @@ class Authenticate /** * Create a new middleware instance. * - * @param Auth $auth + * @param Auth $auth * * @return void */ @@ -59,9 +59,9 @@ class Authenticate /** * Handle an incoming request. * - * @param Request $request - * @param Closure $next - * @param string[] ...$guards + * @param Request $request + * @param Closure $next + * @param string[] ...$guards * * @return mixed * @@ -78,8 +78,8 @@ class Authenticate /** * Determine if the user is logged in to any of the given guards. * - * @param mixed $request - * @param array $guards + * @param mixed $request + * @param array $guards * * @return mixed * @throws FireflyException @@ -87,21 +87,26 @@ class Authenticate */ protected function authenticate($request, array $guards) { - - if (empty($guards)) { - try { - // go for default guard: + Log::debug(sprintf('Now in %s', __METHOD__)); + if (0 === count($guards)) { + Log::debug('No guards present.'); + // go for default guard: + /** @noinspection PhpUndefinedMethodInspection */ + if ($this->auth->check()) { + Log::debug('Default guard says user is authenticated.'); + // do an extra check on user object. /** @noinspection PhpUndefinedMethodInspection */ - if ($this->auth->check()) { - - // do an extra check on user object. - /** @noinspection PhpUndefinedMethodInspection */ - /** @var User $user */ - $user = $this->auth->authenticate(); - if (1 === (int) $user->blocked) { - $message = (string) trans('firefly.block_account_logout'); + /** @var User $user */ + $user = $this->auth->authenticate(); + if (null === $user) { + Log::warning('User is null, throw exception?'); + } + if (null !== $user) { + Log::debug(get_class($user)); + if (1 === (int)$user->blocked) { + $message = (string)trans('firefly.block_account_logout'); if ('email_changed' === $user->blocked_code) { - $message = (string) trans('firefly.email_changed_logout'); + $message = (string)trans('firefly.email_changed_logout'); } app('session')->flash('logoutMessage', $message); /** @noinspection PhpUndefinedMethodInspection */ @@ -110,21 +115,12 @@ class Authenticate throw new AuthenticationException('Blocked account.', $guards); } } - } catch (QueryException $e) { - - throw new FireflyException( - sprintf( - 'It seems the database has not yet been initialized. Did you run the correct upgrade or installation commands? Error: %s', - $e->getMessage() - ), 0, $e - ); - } /** @noinspection PhpUndefinedMethodInspection */ return $this->auth->authenticate(); } - + Log::debug('Guard array is not empty.'); foreach ($guards as $guard) { if ($this->auth->guard($guard)->check()) { @@ -134,6 +130,5 @@ class Authenticate } throw new AuthenticationException('Unauthenticated.', $guards); - } } diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index d27004ea11..cf1d311aa4 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -58,7 +58,7 @@ class RouteServiceProvider extends ServiceProvider ->group(base_path('routes/api.php')); Route::prefix('api/v1/cron') - ->middleware('apiY') + ->middleware('api_basic') ->namespace($this->namespace) ->group(base_path('routes/api-noauth.php')); diff --git a/app/Support/Authentication/RemoteUserGuard.php b/app/Support/Authentication/RemoteUserGuard.php index 825aadfa3c..356b7acfba 100644 --- a/app/Support/Authentication/RemoteUserGuard.php +++ b/app/Support/Authentication/RemoteUserGuard.php @@ -30,6 +30,7 @@ use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Contracts\Auth\Guard; use Illuminate\Contracts\Auth\UserProvider; use Illuminate\Contracts\Foundation\Application; +use Illuminate\Http\Request; use Log; /** @@ -50,26 +51,37 @@ class RemoteUserGuard implements Guard // @phpstan-ignore-next-line public function __construct(UserProvider $provider, Application $app) // @phpstan-ignore-line { + /** @var Request $request */ + $request = $app->get('request'); + Log::debug(sprintf('Created RemoteUserGuard for "%s"', $request?->getRequestUri())); $this->application = $app; $this->provider = $provider; $this->user = null; } + /** + * @return bool + */ + public function viaRemember(): bool { + Log::debug(sprintf('Now at %s', __METHOD__)); + return false; + } + /** * */ public function authenticate(): void { Log::debug(sprintf('Now at %s', __METHOD__)); - if (!is_null($this->user)) { - Log::debug('User is found.'); + if (null !== $this->user) { + Log::debug(sprintf('%s is found: #%d, "%s".', get_class($this->user), $this->user->id, $this->user->email)); return; } // Get the user identifier from $_SERVER or apache filtered headers $header = config('auth.guard_header', 'REMOTE_USER'); $userID = request()->server($header) ?? apache_request_headers()[$header] ?? null; - + $userID = 'james@firefly'; if (null === $userID) { Log::error(sprintf('No user in header "%s".', $header)); throw new FireflyException('The guard header was unexpectedly empty. See the logs.'); @@ -103,6 +115,8 @@ class RemoteUserGuard implements Guard */ public function guest(): bool { + Log::debug(sprintf('Now at %s', __METHOD__)); + $this->authenticate(); return !$this->check(); } @@ -111,6 +125,8 @@ class RemoteUserGuard implements Guard */ public function check(): bool { + Log::debug(sprintf('Now at %s', __METHOD__)); + $this->authenticate(); return !is_null($this->user()); } @@ -119,6 +135,8 @@ class RemoteUserGuard implements Guard */ public function user(): ?User { + Log::debug(sprintf('Now at %s', __METHOD__)); + $this->authenticate(); return $this->user; } @@ -127,6 +145,7 @@ class RemoteUserGuard implements Guard */ public function hasUser() { + Log::debug(sprintf('Now at %s', __METHOD__)); // TODO: Implement hasUser() method. } @@ -135,6 +154,7 @@ class RemoteUserGuard implements Guard */ public function id(): ?User { + Log::debug(sprintf('Now at %s', __METHOD__)); return $this->user; } @@ -143,6 +163,7 @@ class RemoteUserGuard implements Guard */ public function setUser(Authenticatable $user) { + Log::debug(sprintf('Now at %s', __METHOD__)); $this->user = $user; } @@ -151,6 +172,7 @@ class RemoteUserGuard implements Guard */ public function validate(array $credentials = []) { + Log::debug(sprintf('Now at %s', __METHOD__)); throw new FireflyException('Did not implement RemoteUserGuard::validate()'); } } diff --git a/config/passport.php b/config/passport.php index 1d1226c819..f025442040 100644 --- a/config/passport.php +++ b/config/passport.php @@ -14,7 +14,7 @@ return [ | */ - 'guard' => 'web', + 'guard' => envNonEmpty('AUTHENTICATION_GUARD', 'web'), /* |--------------------------------------------------------------------------