diff --git a/app/Api/V1/Controllers/BillController.php b/app/Api/V1/Controllers/BillController.php index f7a2df3d63..0038163a0c 100644 --- a/app/Api/V1/Controllers/BillController.php +++ b/app/Api/V1/Controllers/BillController.php @@ -52,12 +52,16 @@ class BillController extends Controller */ public function __construct() { - - /** @var BillRepositoryInterface repository */ - $this->repository = app(BillRepositoryInterface::class); - $user = Auth::guard('api')->user(); - $this->repository->setUser($user); parent::__construct(); + $this->middleware( + function ($request, $next) { + /** @var BillRepositoryInterface repository */ + $this->repository = app(BillRepositoryInterface::class); + $this->repository->setUser(auth()->user()); + + return $next($request); + } + ); } /** @@ -104,10 +108,10 @@ class BillController extends Controller return Response::json($manager->createData($resource)->toArray()); } + /** - * Display the specified resource. - * - * @param \FireflyIII\Models\Bill $bill + * @param Request $request + * @param Bill $bill * * @return \Illuminate\Http\JsonResponse */ diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php index 3e6263c80f..66373305ca 100644 --- a/app/Http/Middleware/Authenticate.php +++ b/app/Http/Middleware/Authenticate.php @@ -1,7 +1,7 @@ . */ -declare(strict_types=1); namespace FireflyIII\Http\Middleware; use Closure; -use Illuminate\Http\Request; -use Illuminate\Support\Facades\Auth; -use Session; +use Illuminate\Auth\AuthenticationException; +use Illuminate\Contracts\Auth\Factory as Auth; /** - * Class Authenticate. + * Class Authenticate */ class Authenticate { + /** + * The authentication factory instance. + * + * @var \Illuminate\Contracts\Auth\Factory + */ + protected $auth; + + /** + * Create a new middleware instance. + * + * @param \Illuminate\Contracts\Auth\Factory $auth + * + * @return void + */ + public function __construct(Auth $auth) + { + $this->auth = $auth; + } + /** * Handle an incoming request. * - * @param \Illuminate\Http\Request $request - * @param \Closure $next - * @param string|null $guard + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @param string[] ...$guards * * @return mixed + * + * @throws \Illuminate\Auth\AuthenticationException */ - public function handle(Request $request, Closure $next, $guard = null) + public function handle($request, Closure $next, ...$guards) { - if (Auth::guard($guard)->guest()) { - if ($request->ajax()) { - return response('Unauthorized.', 401); - } - - return redirect()->guest('login'); - } - if (1 === intval(Auth::guard($guard)->user()->blocked)) { - $message = strval(trans('firefly.block_account_logout')); - if ('email_changed' === Auth::guard($guard)->user()->blocked_code) { - $message = strval(trans('firefly.email_changed_logout')); - } - - Session::flash('logoutMessage', $message); - Auth::guard($guard)->logout(); - - return redirect()->guest('login'); - } + $this->authenticate($guards); return $next($request); } + + /** + * Determine if the user is logged in to any of the given guards. + * + * @param array $guards + * + * @return void + * + * @throws \Illuminate\Auth\AuthenticationException + */ + protected function authenticate(array $guards) + { + if (empty($guards)) { + // go for default guard: + if ($this->auth->check()) { + // do an extra check on user object. + $user = $this->auth->authenticate(); + if (1 === intval($user->blocked)) { + $message = strval(trans('firefly.block_account_logout')); + if ('email_changed' === $user->blocked_code) { + $message = strval(trans('firefly.email_changed_logout')); + } + + app('session')->flash('logoutMessage', $message); + $this->auth->logout(); + + return redirect()->guest('login'); + } + } + + return $this->auth->authenticate(); + } + + foreach ($guards as $guard) { + if ($this->auth->guard($guard)->check()) { + return $this->auth->shouldUse($guard); + } + } + + throw new AuthenticationException('Unauthenticated.', $guards); + } } diff --git a/app/Http/Middleware/HttpBinder.php b/app/Http/Middleware/HttpBinder.php index fca7d481cf..d9566e3ac0 100644 --- a/app/Http/Middleware/HttpBinder.php +++ b/app/Http/Middleware/HttpBinder.php @@ -24,7 +24,7 @@ namespace FireflyIII\Http\Middleware; use Closure; use FireflyIII\Support\Domain; -use Illuminate\Auth\SessionGuard; +use Illuminate\Contracts\Auth\Factory as Auth; use Illuminate\Http\Request; use Illuminate\Routing\Route; @@ -33,6 +33,12 @@ use Illuminate\Routing\Route; */ class HttpBinder { + /** + * The authentication factory instance. + * + * @var \Illuminate\Contracts\Auth\Factory + */ + protected $auth; /** * @var array */ @@ -40,21 +46,27 @@ class HttpBinder /** * Binder constructor. + * + * @param \Illuminate\Contracts\Auth\Factory $auth */ - public function __construct() + public function __construct(Auth $auth) { $this->binders = Domain::getBindables(); + $this->auth = $auth; } /** * Handle an incoming request. * - * @param \Illuminate\Http\Request $request - * @param \Closure $next + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @param string[] ...$guards * * @return mixed + * + * @throws \Illuminate\Auth\AuthenticationException */ - public function handle(Request $request, Closure $next) + public function handle($request, Closure $next, ...$guards) { $middleware = $request->route()->middleware(); $guard = 'web'; diff --git a/app/Models/Bill.php b/app/Models/Bill.php index 9b3a94af90..9214b60c37 100644 --- a/app/Models/Bill.php +++ b/app/Models/Bill.php @@ -29,7 +29,7 @@ use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Database\Eloquent\SoftDeletes; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Watson\Validating\ValidatingTrait; - +use Illuminate\Contracts\Auth\Factory as Auth; /** * Class Bill. */ diff --git a/app/Transformers/BillTransformer.php b/app/Transformers/BillTransformer.php index 86b9244d21..80859a7ee2 100644 --- a/app/Transformers/BillTransformer.php +++ b/app/Transformers/BillTransformer.php @@ -72,7 +72,7 @@ class BillTransformer extends TransformerAbstract { $attachments = $bill->attachments()->get(); - return $this->collection($attachments, new AttachmentTransformer,'attachment'); + return $this->collection($attachments, new AttachmentTransformer, 'attachment'); } /** @@ -84,7 +84,7 @@ class BillTransformer extends TransformerAbstract { $notes = $bill->notes()->get(); - return $this->collection($notes, new NoteTransformer,'note'); + return $this->collection($notes, new NoteTransformer, 'note'); } /** diff --git a/routes/api.php b/routes/api.php index 05cfee1bfb..fa9436aa93 100644 --- a/routes/api.php +++ b/routes/api.php @@ -20,7 +20,7 @@ */ Route::group( - ['namespace' => 'FireflyIII\Api\V1\Controllers', 'prefix' => 'bill', 'as' => 'api.v1.bills.'], function () { + ['middleware' => ['auth:api','bindings'], 'namespace' => 'FireflyIII\Api\V1\Controllers', 'prefix' => 'bill', 'as' => 'api.v1.bills.'], function () { // Bills API routes: Route::get('', ['uses' => 'BillController@index', 'as' => 'index']);