40 lines
992 B
PHP
40 lines
992 B
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use BookStack\Access\LoginService;
|
|
use BookStack\Access\Mfa\MfaSession;
|
|
use Closure;
|
|
|
|
class AuthenticatedOrPendingMfa
|
|
{
|
|
protected $loginService;
|
|
protected $mfaSession;
|
|
|
|
public function __construct(LoginService $loginService, MfaSession $mfaSession)
|
|
{
|
|
$this->loginService = $loginService;
|
|
$this->mfaSession = $mfaSession;
|
|
}
|
|
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
$user = auth()->user();
|
|
$loggedIn = $user !== null;
|
|
$lastAttemptUser = $this->loginService->getLastLoginAttemptUser();
|
|
|
|
if ($loggedIn || ($lastAttemptUser && $this->mfaSession->isPendingMfaSetup($lastAttemptUser))) {
|
|
return $next($request);
|
|
}
|
|
|
|
return redirect()->to(url('/login'));
|
|
}
|
|
}
|