kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 23:45:10 +00:00
Code Issues Projects Releases Wiki Activity

Fix https://github.com/firefly-iii/firefly-iii/issues/6788

Browse Source
This commit is contained in:
James Cole
2023-01-01 14:25:52 +01:00
parent c60120ac20
commit c3ce9e896e
5 changed files with 56 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Kernel.php
View File

@@ -176,12 +176,14 @@ class Kernel extends HttpKernel
CreateFreshApiToken::class, CreateFreshApiToken::class,
], ],
// full API authentication
'api' => [ 'api' => [
EnsureFrontendRequestsAreStateful::class, EnsureFrontendRequestsAreStateful::class,
'auth:api,sanctum', 'auth:api,sanctum',
'bindings', 'bindings',
], ],
'apiY' => [ // do only bindings, no auth
'api_basic' => [
'bindings', 'bindings',
], ],
]; ];

27
app/Http/Middleware/Authenticate.php
View File

@@ -29,8 +29,8 @@ use FireflyIII\Exceptions\FireflyException;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\AuthenticationException;
use Illuminate\Contracts\Auth\Factory as Auth; use Illuminate\Contracts\Auth\Factory as Auth;
use Illuminate\Database\QueryException;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Log;
/** /**
* Class Authenticate * Class Authenticate
@@ -87,17 +87,22 @@ class Authenticate
*/ */
protected function authenticate($request, array $guards) protected function authenticate($request, array $guards)
{ {
Log::debug(sprintf('Now in %s', __METHOD__));
if (empty($guards)) { if (0 === count($guards)) {
try { Log::debug('No guards present.');
// go for default guard: // go for default guard:
/** @noinspection PhpUndefinedMethodInspection */ /** @noinspection PhpUndefinedMethodInspection */
if ($this->auth->check()) { if ($this->auth->check()) {
Log::debug('Default guard says user is authenticated.');
// do an extra check on user object. // do an extra check on user object.
/** @noinspection PhpUndefinedMethodInspection */ /** @noinspection PhpUndefinedMethodInspection */
/** @var User $user */ /** @var User $user */
$user = $this->auth->authenticate(); $user = $this->auth->authenticate();
if (null === $user) {
Log::warning('User is null, throw exception?');
}
if (null !== $user) {
Log::debug(get_class($user));
if (1 === (int)$user->blocked) { if (1 === (int)$user->blocked) {
$message = (string)trans('firefly.block_account_logout'); $message = (string)trans('firefly.block_account_logout');
if ('email_changed' === $user->blocked_code) { if ('email_changed' === $user->blocked_code) {
@@ -110,21 +115,12 @@ class Authenticate
throw new AuthenticationException('Blocked account.', $guards); throw new AuthenticationException('Blocked account.', $guards);
} }
} }
} catch (QueryException $e) {
throw new FireflyException(
sprintf(
'It seems the database has not yet been initialized. Did you run the correct upgrade or installation commands? Error: %s',
$e->getMessage()
), 0, $e
);
} }
/** @noinspection PhpUndefinedMethodInspection */ /** @noinspection PhpUndefinedMethodInspection */
return $this->auth->authenticate(); return $this->auth->authenticate();
} }
Log::debug('Guard array is not empty.');
foreach ($guards as $guard) { foreach ($guards as $guard) {
if ($this->auth->guard($guard)->check()) { if ($this->auth->guard($guard)->check()) {
@@ -134,6 +130,5 @@ class Authenticate
} }
throw new AuthenticationException('Unauthenticated.', $guards); throw new AuthenticationException('Unauthenticated.', $guards);
} }
} }

2
app/Providers/RouteServiceProvider.php
View File

@@ -58,7 +58,7 @@ class RouteServiceProvider extends ServiceProvider
->group(base_path('routes/api.php')); ->group(base_path('routes/api.php'));
Route::prefix('api/v1/cron') Route::prefix('api/v1/cron')
->middleware('apiY') ->middleware('api_basic')
->namespace($this->namespace) ->namespace($this->namespace)
->group(base_path('routes/api-noauth.php')); ->group(base_path('routes/api-noauth.php'));

28
app/Support/Authentication/RemoteUserGuard.php
View File

@@ -30,6 +30,7 @@ use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Guard; use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\UserProvider; use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Foundation\Application; use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\Request;
use Log; use Log;
/** /**
@@ -50,26 +51,37 @@ class RemoteUserGuard implements Guard
// @phpstan-ignore-next-line // @phpstan-ignore-next-line
public function __construct(UserProvider $provider, Application $app) // @phpstan-ignore-line public function __construct(UserProvider $provider, Application $app) // @phpstan-ignore-line
{ {
/** @var Request $request */
$request = $app->get('request');
Log::debug(sprintf('Created RemoteUserGuard for "%s"', $request?->getRequestUri()));
$this->application = $app; $this->application = $app;
$this->provider = $provider; $this->provider = $provider;
$this->user = null; $this->user = null;
} }
/**
* @return bool
*/
public function viaRemember(): bool {
Log::debug(sprintf('Now at %s', __METHOD__));
return false;
}
/** /**
* *
*/ */
public function authenticate(): void public function authenticate(): void
{ {
Log::debug(sprintf('Now at %s', __METHOD__)); Log::debug(sprintf('Now at %s', __METHOD__));
if (!is_null($this->user)) { if (null !== $this->user) {
Log::debug('User is found.'); Log::debug(sprintf('%s is found: #%d, "%s".', get_class($this->user), $this->user->id, $this->user->email));
return; return;
} }
// Get the user identifier from $_SERVER or apache filtered headers // Get the user identifier from $_SERVER or apache filtered headers
$header = config('auth.guard_header', 'REMOTE_USER'); $header = config('auth.guard_header', 'REMOTE_USER');
$userID = request()->server($header) ?? apache_request_headers()[$header] ?? null; $userID = request()->server($header) ?? apache_request_headers()[$header] ?? null;
$userID = 'james@firefly';
if (null === $userID) { if (null === $userID) {
Log::error(sprintf('No user in header "%s".', $header)); Log::error(sprintf('No user in header "%s".', $header));
throw new FireflyException('The guard header was unexpectedly empty. See the logs.'); throw new FireflyException('The guard header was unexpectedly empty. See the logs.');
@@ -103,6 +115,8 @@ class RemoteUserGuard implements Guard
*/ */
public function guest(): bool public function guest(): bool
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
$this->authenticate();
return !$this->check(); return !$this->check();
} }
@@ -111,6 +125,8 @@ class RemoteUserGuard implements Guard
*/ */
public function check(): bool public function check(): bool
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
$this->authenticate();
return !is_null($this->user()); return !is_null($this->user());
} }
@@ -119,6 +135,8 @@ class RemoteUserGuard implements Guard
*/ */
public function user(): ?User public function user(): ?User
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
$this->authenticate();
return $this->user; return $this->user;
} }
@@ -127,6 +145,7 @@ class RemoteUserGuard implements Guard
*/ */
public function hasUser() public function hasUser()
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
// TODO: Implement hasUser() method. // TODO: Implement hasUser() method.
} }
@@ -135,6 +154,7 @@ class RemoteUserGuard implements Guard
*/ */
public function id(): ?User public function id(): ?User
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
return $this->user; return $this->user;
} }
@@ -143,6 +163,7 @@ class RemoteUserGuard implements Guard
*/ */
public function setUser(Authenticatable $user) public function setUser(Authenticatable $user)
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
$this->user = $user; $this->user = $user;
} }
@@ -151,6 +172,7 @@ class RemoteUserGuard implements Guard
*/ */
public function validate(array $credentials = []) public function validate(array $credentials = [])
{ {
Log::debug(sprintf('Now at %s', __METHOD__));
throw new FireflyException('Did not implement RemoteUserGuard::validate()'); throw new FireflyException('Did not implement RemoteUserGuard::validate()');
} }
} }

2
config/passport.php
View File

@@ -14,7 +14,7 @@ return [
| |
*/ */
'guard' => 'web', 'guard' => envNonEmpty('AUTHENTICATION_GUARD', 'web'),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------