Updated API auth handling of email confirmations
Email confirmations are now done within the guard during auth checking instead of at the middleware layer.
This commit is contained in:
parent
9b271e559f
commit
70f39757b1
3 changed files with 16 additions and 7 deletions
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace BookStack\Api;
|
||||
|
||||
use BookStack\Auth\Access\LoginService;
|
||||
use BookStack\Exceptions\ApiAuthException;
|
||||
use Illuminate\Auth\GuardHelpers;
|
||||
use Illuminate\Contracts\Auth\Authenticatable;
|
||||
|
@ -19,6 +20,11 @@ class ApiTokenGuard implements Guard
|
|||
*/
|
||||
protected $request;
|
||||
|
||||
/**
|
||||
* @var LoginService
|
||||
*/
|
||||
protected $loginService;
|
||||
|
||||
/**
|
||||
* The last auth exception thrown in this request.
|
||||
*
|
||||
|
@ -29,9 +35,10 @@ class ApiTokenGuard implements Guard
|
|||
/**
|
||||
* ApiTokenGuard constructor.
|
||||
*/
|
||||
public function __construct(Request $request)
|
||||
public function __construct(Request $request, LoginService $loginService)
|
||||
{
|
||||
$this->request = $request;
|
||||
$this->loginService = $loginService;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -95,6 +102,10 @@ class ApiTokenGuard implements Guard
|
|||
|
||||
$this->validateToken($token, $secret);
|
||||
|
||||
if ($this->loginService->awaitingEmailConfirmation($token->user)) {
|
||||
throw new ApiAuthException(trans('errors.email_confirmation_awaiting'));
|
||||
}
|
||||
|
||||
return $token->user;
|
||||
}
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@ use Illuminate\Http\Request;
|
|||
|
||||
class ApiAuthenticate
|
||||
{
|
||||
use ChecksForEmailConfirmation;
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
|
@ -37,7 +36,6 @@ class ApiAuthenticate
|
|||
// Return if the user is already found to be signed in via session-based auth.
|
||||
// This is to make it easy to browser the API via browser after just logging into the system.
|
||||
if (signedInUser() || session()->isStarted()) {
|
||||
$this->ensureEmailConfirmedIfRequested();
|
||||
if (!user()->can('access-api')) {
|
||||
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
||||
}
|
||||
|
@ -50,7 +48,6 @@ class ApiAuthenticate
|
|||
|
||||
// Validate the token and it's users API access
|
||||
auth()->authenticate();
|
||||
$this->ensureEmailConfirmedIfRequested();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -8,6 +8,7 @@ use BookStack\Auth\Access\ExternalBaseUserProvider;
|
|||
use BookStack\Auth\Access\Guards\LdapSessionGuard;
|
||||
use BookStack\Auth\Access\Guards\Saml2SessionGuard;
|
||||
use BookStack\Auth\Access\LdapService;
|
||||
use BookStack\Auth\Access\LoginService;
|
||||
use BookStack\Auth\Access\RegistrationService;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
|
||||
|
@ -21,7 +22,7 @@ class AuthServiceProvider extends ServiceProvider
|
|||
public function boot()
|
||||
{
|
||||
Auth::extend('api-token', function ($app, $name, array $config) {
|
||||
return new ApiTokenGuard($app['request']);
|
||||
return new ApiTokenGuard($app['request'], $app->make(LoginService::class));
|
||||
});
|
||||
|
||||
Auth::extend('ldap-session', function ($app, $name, array $config) {
|
||||
|
@ -30,7 +31,7 @@ class AuthServiceProvider extends ServiceProvider
|
|||
return new LdapSessionGuard(
|
||||
$name,
|
||||
$provider,
|
||||
$this->app['session.store'],
|
||||
$app['session.store'],
|
||||
$app[LdapService::class],
|
||||
$app[RegistrationService::class]
|
||||
);
|
||||
|
@ -42,7 +43,7 @@ class AuthServiceProvider extends ServiceProvider
|
|||
return new Saml2SessionGuard(
|
||||
$name,
|
||||
$provider,
|
||||
$this->app['session.store'],
|
||||
$app['session.store'],
|
||||
$app[RegistrationService::class]
|
||||
);
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue