kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-18 18:44:16 +00:00
Code Issues Projects Releases Wiki Activity

Fix #3586

Browse Source
This commit is contained in:
James Cole
2020-08-14 09:59:56 +02:00
parent 3dc1050929
commit d4029775ec
8 changed files with 85 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/Auth/ConfirmPasswordController.php
View File

@@ -24,6 +24,7 @@ declare(strict_types=1);
namespace FireflyIII\Http\Controllers\Auth; namespace FireflyIII\Http\Controllers\Auth;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Controllers\Controller;
use FireflyIII\Providers\RouteServiceProvider; use FireflyIII\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\ConfirmsPasswords; use Illuminate\Foundation\Auth\ConfirmsPasswords;
@@ -62,5 +63,12 @@ class ConfirmPasswordController extends Controller
{ {
parent::__construct(); parent::__construct();
$this->middleware('auth'); $this->middleware('auth');
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
if ('eloquent' !== $loginProvider || 'web' !== $authGuard) {
throw new FireflyException('Using external identity provider. Cannot continue.');
}
} }
} }

8
app/Http/Controllers/Auth/ForgotPasswordController.php
View File

@@ -23,6 +23,7 @@ declare(strict_types=1);
namespace FireflyIII\Http\Controllers\Auth; namespace FireflyIII\Http\Controllers\Auth;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Controllers\Controller;
use FireflyIII\Repositories\User\UserRepositoryInterface; use FireflyIII\Repositories\User\UserRepositoryInterface;
use FireflyIII\User; use FireflyIII\User;
@@ -51,6 +52,13 @@ class ForgotPasswordController extends Controller
{ {
parent::__construct(); parent::__construct();
$this->middleware('guest'); $this->middleware('guest');
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
if ('eloquent' !== $loginProvider || 'web' !== $authGuard) {
throw new FireflyException('Using external identity provider. Cannot continue.');
}
} }
/** /**

13
app/Http/Controllers/Auth/LoginController.php
View File

@@ -24,6 +24,7 @@ namespace FireflyIII\Http\Controllers\Auth;
use Adldap; use Adldap;
use DB; use DB;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Controllers\Controller;
use FireflyIII\Providers\RouteServiceProvider; use FireflyIII\Providers\RouteServiceProvider;
use Illuminate\Contracts\View\Factory; use Illuminate\Contracts\View\Factory;
@@ -65,6 +66,13 @@ class LoginController extends Controller
{ {
parent::__construct(); parent::__construct();
$this->middleware('guest')->except('logout'); $this->middleware('guest')->except('logout');
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
if ('eloquent' !== $loginProvider || 'web' !== $authGuard) {
throw new FireflyException('Using external identity provider. Cannot continue.');
}
} }
@@ -73,9 +81,9 @@ class LoginController extends Controller
* *
* @param Request $request * @param Request $request
* *
* @throws ValidationException
* @return RedirectResponse|\Illuminate\Http\Response|JsonResponse * @return RedirectResponse|\Illuminate\Http\Response|JsonResponse
* *
* @throws ValidationException
*/ */
public function login(Request $request) public function login(Request $request)
{ {
@@ -133,7 +141,6 @@ class LoginController extends Controller
return redirect(route('register')); // @codeCoverageIgnore return redirect(route('register')); // @codeCoverageIgnore
} }
// is allowed to? // is allowed to?
$singleUserMode = app('fireflyconfig')->get('single_user_mode', config('firefly.configuration.single_user_mode'))->data; $singleUserMode = app('fireflyconfig')->get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
$allowRegistration = true; $allowRegistration = true;
@@ -162,9 +169,9 @@ class LoginController extends Controller
* *
* @param Request $request * @param Request $request
* *
* @throws ValidationException
* @return Response * @return Response
* *
* @throws ValidationException
*/ */
protected function sendFailedLoginResponse(Request $request) protected function sendFailedLoginResponse(Request $request)
{ {

8
app/Http/Controllers/Auth/RegisterController.php
View File

@@ -24,6 +24,7 @@ declare(strict_types=1);
namespace FireflyIII\Http\Controllers\Auth; namespace FireflyIII\Http\Controllers\Auth;
use FireflyIII\Events\RegisteredUser; use FireflyIII\Events\RegisteredUser;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Controllers\Controller;
use FireflyIII\Support\Http\Controllers\CreateStuff; use FireflyIII\Support\Http\Controllers\CreateStuff;
use FireflyIII\Support\Http\Controllers\RequestInformation; use FireflyIII\Support\Http\Controllers\RequestInformation;
@@ -63,6 +64,13 @@ class RegisterController extends Controller
{ {
parent::__construct(); parent::__construct();
$this->middleware('guest'); $this->middleware('guest');
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
if ('eloquent' !== $loginProvider || 'web' !== $authGuard) {
throw new FireflyException('Using external identity provider. Cannot continue.');
}
} }
/** /**

10
app/Http/Controllers/Auth/ResetPasswordController.php
View File

@@ -23,6 +23,7 @@ declare(strict_types=1);
namespace FireflyIII\Http\Controllers\Auth; namespace FireflyIII\Http\Controllers\Auth;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Controllers\Controller;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Contracts\View\Factory; use Illuminate\Contracts\View\Factory;
@@ -60,6 +61,13 @@ class ResetPasswordController extends Controller
{ {
parent::__construct(); parent::__construct();
$this->middleware('guest'); $this->middleware('guest');
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
if ('eloquent' !== $loginProvider || 'web' !== $authGuard) {
throw new FireflyException('Using external identity provider. Cannot continue.');
}
} }
/** /**
@@ -67,9 +75,9 @@ class ResetPasswordController extends Controller
* *
* @param Request $request * @param Request $request
* *
* @return Factory|JsonResponse|RedirectResponse|View
* @throws \Illuminate\Validation\ValidationException * @throws \Illuminate\Validation\ValidationException
* *
* @return Factory|JsonResponse|RedirectResponse|View
*/ */
public function reset(Request $request) public function reset(Request $request)
{ {

16
app/Http/Controllers/Auth/TwoFactorController.php
View File

@@ -22,6 +22,7 @@ declare(strict_types=1);
namespace FireflyIII\Http\Controllers\Auth; namespace FireflyIII\Http\Controllers\Auth;
use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Controllers\Controller;
use FireflyIII\User; use FireflyIII\User;
use Illuminate\Http\RedirectResponse; use Illuminate\Http\RedirectResponse;
@@ -35,6 +36,21 @@ use Preferences;
*/ */
class TwoFactorController extends Controller class TwoFactorController extends Controller
{ {
/**
* Create a new controller instance.
*/
public function __construct()
{
parent::__construct();
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
if ('eloquent' !== $loginProvider || 'web' !== $authGuard) {
throw new FireflyException('Using external identity provider. Cannot continue.');
}
}
/** /**
* What to do if 2FA lost? * What to do if 2FA lost?
* *

25
app/Http/Controllers/ProfileController.php
View File

@@ -82,6 +82,7 @@ class ProfileController extends Controller
$loginProvider = config('firefly.login_provider'); $loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard'); $authGuard = config('firefly.authentication_guard');
$this->externalIdentity = 'eloquent' !== $loginProvider || 'web' !== $authGuard; $this->externalIdentity = 'eloquent' !== $loginProvider || 'web' !== $authGuard;
$this->externalIdentity = true;
$this->middleware(IsDemoUser::class)->except(['index']); $this->middleware(IsDemoUser::class)->except(['index']);
} }
@@ -222,9 +223,9 @@ class ProfileController extends Controller
* @param UserRepositoryInterface $repository * @param UserRepositoryInterface $repository
* @param string $token * @param string $token
* *
* @throws FireflyException
* @return RedirectResponse|Redirector * @return RedirectResponse|Redirector
* *
* @throws FireflyException
*/ */
public function confirmEmailChange(UserRepositoryInterface $repository, string $token) public function confirmEmailChange(UserRepositoryInterface $repository, string $token)
{ {
@@ -338,10 +339,13 @@ class ProfileController extends Controller
public function index() public function index()
{ {
/** @var User $user */ /** @var User $user */
$user = auth()->user(); $user = auth()->user();
$loginProvider = config('firefly.login_provider'); $externalIdentity = $this->externalIdentity;
// check if client token thing exists (default one) $count = DB::table('oauth_clients')->where('personal_access_client', 1)->whereNull('user_id')->count();
$count = DB::table('oauth_clients')->where('personal_access_client', 1)->whereNull('user_id')->count(); $subTitle = $user->email;
$userId = $user->id;
$enabled2FA = null !== $user->mfa_secret;
$mfaBackupCount = count(app('preferences')->get('mfa_recovery', [])->data);
$this->createOAuthKeys(); $this->createOAuthKeys();
@@ -350,19 +354,14 @@ class ProfileController extends Controller
$repository = app(ClientRepository::class); $repository = app(ClientRepository::class);
$repository->createPersonalAccessClient(null, config('app.name') . ' Personal Access Client', 'http://localhost'); $repository->createPersonalAccessClient(null, config('app.name') . ' Personal Access Client', 'http://localhost');
} }
$subTitle = $user->email;
$userId = $user->id;
$enabled2FA = null !== $user->mfa_secret;
$mfaBackupCount = count(app('preferences')->get('mfa_recovery', [])->data);
// get access token or create one.
$accessToken = app('preferences')->get('access_token', null); $accessToken = app('preferences')->get('access_token', null);
if (null === $accessToken) { if (null === $accessToken) {
$token = $user->generateAccessToken(); $token = $user->generateAccessToken();
$accessToken = app('preferences')->set('access_token', $token); $accessToken = app('preferences')->set('access_token', $token);
} }
return view('profile.index', compact('subTitle', 'mfaBackupCount', 'userId', 'accessToken', 'enabled2FA', 'loginProvider')); return view('profile.index', compact('subTitle', 'mfaBackupCount', 'userId', 'accessToken', 'enabled2FA', 'externalIdentity'));
} }
/** /**
@@ -381,7 +380,7 @@ class ProfileController extends Controller
$recoveryCodes = $recovery->lowercase() $recoveryCodes = $recovery->lowercase()
->setCount(8) // Generate 8 codes ->setCount(8) // Generate 8 codes
->setBlocks(2) // Every code must have 7 blocks ->setBlocks(2) // Every code must have 7 blocks
->setChars(6) // Each block must have 16 chars ->setChars(6) // Each block must have 16 chars
->toArray(); ->toArray();
$codes = implode("\r\n", $recoveryCodes); $codes = implode("\r\n", $recoveryCodes);
@@ -583,9 +582,9 @@ class ProfileController extends Controller
* @param string $token * @param string $token
* @param string $hash * @param string $hash
* *
* @throws FireflyException
* @return RedirectResponse|Redirector * @return RedirectResponse|Redirector
* *
* @throws FireflyException
*/ */
public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash) public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash)
{ {

51
resources/views/v1/profile/index.twig
View File

@@ -18,12 +18,14 @@
<li role="presentation"> <li role="presentation">
<a href="#cmd" aria-controls="profile" role="tab" data-toggle="tab">{{ 'command_line_token'|_ }}</a> <a href="#cmd" aria-controls="profile" role="tab" data-toggle="tab">{{ 'command_line_token'|_ }}</a>
</li> </li>
{% if false == externalIdentity %}
<li role="presentation"> <li role="presentation">
<a href="#oauth" aria-controls="messages" role="tab" data-toggle="tab">{{ 'oauth'|_ }}</a> <a href="#oauth" aria-controls="messages" role="tab" data-toggle="tab">{{ 'oauth'|_ }}</a>
</li> </li>
<li role="presentation"> <li role="presentation">
<a href="#mfa" aria-controls="settings" role="tab" data-toggle="tab">{{ 'pref_two_factor_auth'|_ }}</a> <a href="#mfa" aria-controls="settings" role="tab" data-toggle="tab">{{ 'pref_two_factor_auth'|_ }}</a>
</li> </li>
{% endif %}
<li role="presentation"> <li role="presentation">
<a href="#delete" aria-controls="settings" role="tab" data-toggle="tab">{{ 'delete_stuff_header'|_ }}</a> <a href="#delete" aria-controls="settings" role="tab" data-toggle="tab">{{ 'delete_stuff_header'|_ }}</a>
</li> </li>
@@ -40,19 +42,24 @@
<div class="row"> <div class="row">
<div class="col-lg-6"> <div class="col-lg-6">
<ul> <ul>
{% if false == externalIdentity %}
<li> <li>
<a href="{{ route('profile.change-email') }}">{{ 'change_your_email'|_ }}</a> <a href="{{ route('profile.change-email') }}">{{ 'change_your_email'|_ }}</a>
</li> </li>
<li> <li>
<a href="{{ route('profile.change-password') }}">{{ 'change_your_password'|_ }}</a> <a href="{{ route('profile.change-password') }}">{{ 'change_your_password'|_ }}</a>
</li> </li>
{% endif %}
<li><a href="{{ route('logout') }}">{{ 'logout'|_ }}</a></li> <li><a href="{{ route('logout') }}">{{ 'logout'|_ }}</a></li>
{% if false == externalIdentity %}
<li> <li>
<a href="{{ route('profile.logout-others') }}">{{ 'logout_other_sessions'|_ }}</a> <a href="{{ route('profile.logout-others') }}">{{ 'logout_other_sessions'|_ }}</a>
</li> </li>
<li><a class="text-danger" <li><a class="text-danger"
href="{{ route('profile.delete-account') }}">{{ 'delete_account'|_ }}</a> href="{{ route('profile.delete-account') }}">{{ 'delete_account'|_ }}</a>
</li> </li>
{% endif %}
</ul> </ul>
</div> </div>
</div> </div>
@@ -60,11 +67,6 @@
</div> </div>
</div> </div>
<!-- OAuth -->
<div role="tabpanel" class="tab-pane" id="oauth">
<div id="passport_clients"></div>
</div>
<!-- command line options --> <!-- command line options -->
<div role="tabpanel" class="tab-pane" id="cmd"> <div role="tabpanel" class="tab-pane" id="cmd">
<div class="box box-default"> <div class="box box-default">
@@ -91,6 +93,12 @@
</div> </div>
</div> </div>
{% if false == externalIdentity %}
<!-- OAuth -->
<div role="tabpanel" class="tab-pane" id="oauth">
<div id="passport_clients"></div>
</div>
<!-- MFA --> <!-- MFA -->
<div role="tabpanel" class="tab-pane" id="mfa"> <div role="tabpanel" class="tab-pane" id="mfa">
<div class="box box-default"> <div class="box box-default">
@@ -124,6 +132,7 @@
</div> </div>
</div> </div>
</div> </div>
{% endif %}
<!-- delete stuff --> <!-- delete stuff -->
<div role="tabpanel" class="tab-pane" id="delete"> <div role="tabpanel" class="tab-pane" id="delete">
@@ -246,38 +255,6 @@
</div> </div>
</div> </div>
{#
<!-- all tabs -->
<!-- command line opt -->
</div>
</div>
</div>
#}
<div class="row">
<div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12">
</div>
</div>
<div class="row">
<div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12">
</div>
</div>
{# #}
{% endblock %} {% endblock %}
{% block scripts %} {% block scripts %}
<script type="text/javascript" nonce="{{ JS_NONCE }}"> <script type="text/javascript" nonce="{{ JS_NONCE }}">