github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-23 05:46:09 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
622ea03c65
BookStack/app/Http/Middleware/AuthenticatedOrPendingMfa.php

42 lines
988 B
PHP
Raw Normal View History

Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system.
2021-08-03 05:02:25 +08:00
<?php
namespace BookStack\Http\Middleware;
use BookStack\Auth\Access\LoginService;
use BookStack\Auth\Access\Mfa\MfaSession;
use Closure;
class AuthenticatedOrPendingMfa
{
protected $loginService;
protected $mfaSession;
public function __construct(LoginService $loginService, MfaSession $mfaSession)
{
$this->loginService = $loginService;
$this->mfaSession = $mfaSession;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = auth()->user();
$loggedIn = $user !== null;
$lastAttemptUser = $this->loginService->getLastLoginAttemptUser();
if ($loggedIn || ($lastAttemptUser && $this->mfaSession->isPendingMfaSetup($lastAttemptUser))) {
return $next($request);
}
return redirect()->guest(url('/login'));
}
}
Reference in New Issue Copy Permalink