mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-11-26 10:13:38 +08:00
78e94bb003
- Updated auth system for mfa to not update intended URL so that the user is not redirected to mfa setup after eventual login. - Added notification for users setting up MFA, after setup when redirected back to login screen to advise that MFA setup was complete but they need to login again. - Updated some bits of wording to display better.
42 lines
985 B
PHP
42 lines
985 B
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use BookStack\Auth\Access\LoginService;
|
|
use BookStack\Auth\Access\Mfa\MfaSession;
|
|
use Closure;
|
|
|
|
class AuthenticatedOrPendingMfa
|
|
{
|
|
|
|
protected $loginService;
|
|
protected $mfaSession;
|
|
|
|
public function __construct(LoginService $loginService, MfaSession $mfaSession)
|
|
{
|
|
$this->loginService = $loginService;
|
|
$this->mfaSession = $mfaSession;
|
|
}
|
|
|
|
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
$user = auth()->user();
|
|
$loggedIn = $user !== null;
|
|
$lastAttemptUser = $this->loginService->getLastLoginAttemptUser();
|
|
|
|
if ($loggedIn || ($lastAttemptUser && $this->mfaSession->isPendingMfaSetup($lastAttemptUser))) {
|
|
return $next($request);
|
|
}
|
|
|
|
return redirect()->to(url('/login'));
|
|
}
|
|
}
|