9b271e559f
- Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system.
46 lines
1.1 KiB
PHP
46 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
|
|
class Authenticate
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*/
|
|
public function handle(Request $request, Closure $next)
|
|
{
|
|
if (!hasAppAccess()) {
|
|
if ($request->ajax()) {
|
|
return response('Unauthorized.', 401);
|
|
}
|
|
return redirect()->guest(url('/login'));
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
/**
|
|
* Provide an error response for when the current user's email is not confirmed
|
|
* in a system which requires it.
|
|
*/
|
|
protected function emailConfirmationErrorResponse(Request $request)
|
|
{
|
|
if ($request->wantsJson()) {
|
|
return response()->json([
|
|
'error' => [
|
|
'code' => 401,
|
|
'message' => trans('errors.email_confirmation_awaiting'),
|
|
],
|
|
], 401);
|
|
}
|
|
|
|
if (session()->get('sent-email-confirmation') === true) {
|
|
return redirect('/register/confirm');
|
|
}
|
|
|
|
return redirect('/register/confirm/awaiting');
|
|
}
|
|
}
|