diff --git a/framework/core/js/admin/dist/app.js b/framework/core/js/admin/dist/app.js index 1373a9ee0..25aeed458 100644 --- a/framework/core/js/admin/dist/app.js +++ b/framework/core/js/admin/dist/app.js @@ -16951,15 +16951,6 @@ System.register('flarum/App', ['flarum/utils/ItemList', 'flarum/components/Alert }, function (error) { _this2.requestError = error; - if (error.response && error.response.errors && error.response.errors[0] && error.response.errors[0].code === 'invalid_access_token') { - _this2.modal.show(new ConfirmPasswordModal({ - deferredRequest: originalOptions, - deferred: deferred, - error: error - })); - return; - } - var children = undefined; switch (error.status) { @@ -18302,121 +18293,6 @@ System.register('flarum/components/Checkbox', ['flarum/Component', 'flarum/compo } }; });; -System.register('flarum/components/ConfirmPasswordModal', ['flarum/components/Modal', 'flarum/components/Button', 'flarum/utils/extractText'], function (_export) { - 'use strict'; - - var Modal, Button, extractText, ConfirmPasswordModal; - return { - setters: [function (_flarumComponentsModal) { - Modal = _flarumComponentsModal['default']; - }, function (_flarumComponentsButton) { - Button = _flarumComponentsButton['default']; - }, function (_flarumUtilsExtractText) { - extractText = _flarumUtilsExtractText['default']; - }], - execute: function () { - ConfirmPasswordModal = (function (_Modal) { - babelHelpers.inherits(ConfirmPasswordModal, _Modal); - - function ConfirmPasswordModal() { - babelHelpers.classCallCheck(this, ConfirmPasswordModal); - babelHelpers.get(Object.getPrototypeOf(ConfirmPasswordModal.prototype), 'constructor', this).apply(this, arguments); - } - - babelHelpers.createClass(ConfirmPasswordModal, [{ - key: 'init', - value: function init() { - babelHelpers.get(Object.getPrototypeOf(ConfirmPasswordModal.prototype), 'init', this).call(this); - - this.password = m.prop(''); - } - }, { - key: 'className', - value: function className() { - return 'ConfirmPasswordModal Modal--small'; - } - }, { - key: 'title', - value: function title() { - return app.translator.trans('core.forum.confirm_password.title'); - } - }, { - key: 'content', - value: function content() { - return m( - 'div', - { className: 'Modal-body' }, - m( - 'div', - { className: 'Form Form--centered' }, - m( - 'div', - { className: 'Form-group' }, - m('input', { - type: 'password', - className: 'FormControl', - bidi: this.password, - placeholder: extractText(app.translator.trans('core.forum.confirm_password.password_placeholder')), - disabled: this.loading }) - ), - m( - 'div', - { className: 'Form-group' }, - m( - Button, - { - type: 'submit', - className: 'Button Button--primary Button--block', - loading: this.loading }, - app.translator.trans('core.forum.confirm_password.submit_button') - ) - ) - ) - ); - } - }, { - key: 'onsubmit', - value: function onsubmit(e) { - var _this = this; - - e.preventDefault(); - - this.loading = true; - - app.session.login(app.session.user.email(), this.password(), { errorHandler: this.onerror.bind(this) }).then(function () { - _this.success = true; - _this.hide(); - app.request(_this.props.deferredRequest).then(function (response) { - return _this.props.deferred.resolve(response); - }, function (response) { - return _this.props.deferred.reject(response); - }); - })['catch'](this.loaded.bind(this)); - } - }, { - key: 'onerror', - value: function onerror(error) { - if (error.status === 401) { - error.alert.props.children = app.translator.trans('core.forum.log_in.invalid_login_message'); - } - - babelHelpers.get(Object.getPrototypeOf(ConfirmPasswordModal.prototype), 'onerror', this).call(this, error); - } - }, { - key: 'onhide', - value: function onhide() { - if (this.success) return; - - this.props.deferred.reject(this.props.error); - } - }]); - return ConfirmPasswordModal; - })(Modal); - - _export('default', ConfirmPasswordModal); - } - }; -});; System.register("flarum/components/DashboardPage", ["flarum/Component"], function (_export) { "use strict"; @@ -21934,10 +21810,13 @@ System.register('flarum/Model', [], function (_export) { this.pushData(data); + var request = { data: data }; + if (options.meta) request.meta = options.meta; + return app.request(babelHelpers._extends({ method: this.exists ? 'PATCH' : 'POST', url: app.forum.attribute('apiUrl') + this.apiEndpoint(), - data: { data: data } + data: request }, options)).then( // If everything went well, we'll make sure the store knows that this // model exists now (if it didn't already), and we'll push the data that diff --git a/framework/core/js/forum/dist/app.js b/framework/core/js/forum/dist/app.js index eea99fcbe..2ce4a1acc 100644 --- a/framework/core/js/forum/dist/app.js +++ b/framework/core/js/forum/dist/app.js @@ -18608,15 +18608,6 @@ System.register('flarum/App', ['flarum/utils/ItemList', 'flarum/components/Alert }, function (error) { _this2.requestError = error; - if (error.response && error.response.errors && error.response.errors[0] && error.response.errors[0].code === 'invalid_access_token') { - _this2.modal.show(new ConfirmPasswordModal({ - deferredRequest: originalOptions, - deferred: deferred, - error: error - })); - return; - } - var children = undefined; switch (error.status) { @@ -19577,6 +19568,13 @@ System.register('flarum/components/ChangeEmailModal', ['flarum/components/Modal' * @type {function} */ this.email = m.prop(app.session.user.email()); + + /** + * The value of the password input. + * + * @type {function} + */ + this.password = m.prop(''); } }, { key: 'className', @@ -19631,8 +19629,15 @@ System.register('flarum/components/ChangeEmailModal', ['flarum/components/Modal' { className: 'Form-group' }, m('input', { type: 'email', name: 'email', className: 'FormControl', placeholder: app.session.user.email(), - value: this.email(), - onchange: m.withAttr('value', this.email), + bidi: this.email, + disabled: this.loading }) + ), + m( + 'div', + { className: 'Form-group' }, + m('input', { type: 'password', name: 'password', className: 'FormControl', + placeholder: app.translator.trans('core.forum.change_email.confirm_password_label'), + bidi: this.password, disabled: this.loading }) ), m( @@ -19666,14 +19671,21 @@ System.register('flarum/components/ChangeEmailModal', ['flarum/components/Modal' this.loading = true; - app.session.user.save({ email: this.email() }, { errorHandler: this.onerror.bind(this) }).then(function () { + app.session.user.save({ email: this.email() }, { + errorHandler: this.onerror.bind(this), + meta: { password: this.password() } + }).then(function () { return _this.success = true; })['catch'](function () {}).then(this.loaded.bind(this)); + } + }, { + key: 'onerror', + value: function onerror(error) { + if (error.status === 401) { + error.alert.props.children = app.translator.trans('core.forum.change_email.incorrect_password_message'); + } - // The save method will update the cached email address on the user model... - // But in the case of a "sudo" password prompt, we'll still want to have - // the old email address on file for the purposes of logging in. - app.session.user.pushAttributes({ email: oldEmail }); + babelHelpers.get(Object.getPrototypeOf(ChangeEmailModal.prototype), 'onerror', this).call(this, error); } }]); return ChangeEmailModal; @@ -20826,121 +20838,6 @@ System.register('flarum/components/ComposerButton', ['flarum/components/Button'] } }; });; -System.register('flarum/components/ConfirmPasswordModal', ['flarum/components/Modal', 'flarum/components/Button', 'flarum/utils/extractText'], function (_export) { - 'use strict'; - - var Modal, Button, extractText, ConfirmPasswordModal; - return { - setters: [function (_flarumComponentsModal) { - Modal = _flarumComponentsModal['default']; - }, function (_flarumComponentsButton) { - Button = _flarumComponentsButton['default']; - }, function (_flarumUtilsExtractText) { - extractText = _flarumUtilsExtractText['default']; - }], - execute: function () { - ConfirmPasswordModal = (function (_Modal) { - babelHelpers.inherits(ConfirmPasswordModal, _Modal); - - function ConfirmPasswordModal() { - babelHelpers.classCallCheck(this, ConfirmPasswordModal); - babelHelpers.get(Object.getPrototypeOf(ConfirmPasswordModal.prototype), 'constructor', this).apply(this, arguments); - } - - babelHelpers.createClass(ConfirmPasswordModal, [{ - key: 'init', - value: function init() { - babelHelpers.get(Object.getPrototypeOf(ConfirmPasswordModal.prototype), 'init', this).call(this); - - this.password = m.prop(''); - } - }, { - key: 'className', - value: function className() { - return 'ConfirmPasswordModal Modal--small'; - } - }, { - key: 'title', - value: function title() { - return app.translator.trans('core.forum.confirm_password.title'); - } - }, { - key: 'content', - value: function content() { - return m( - 'div', - { className: 'Modal-body' }, - m( - 'div', - { className: 'Form Form--centered' }, - m( - 'div', - { className: 'Form-group' }, - m('input', { - type: 'password', - className: 'FormControl', - bidi: this.password, - placeholder: extractText(app.translator.trans('core.forum.confirm_password.password_placeholder')), - disabled: this.loading }) - ), - m( - 'div', - { className: 'Form-group' }, - m( - Button, - { - type: 'submit', - className: 'Button Button--primary Button--block', - loading: this.loading }, - app.translator.trans('core.forum.confirm_password.submit_button') - ) - ) - ) - ); - } - }, { - key: 'onsubmit', - value: function onsubmit(e) { - var _this = this; - - e.preventDefault(); - - this.loading = true; - - app.session.login(app.session.user.email(), this.password(), { errorHandler: this.onerror.bind(this) }).then(function () { - _this.success = true; - _this.hide(); - app.request(_this.props.deferredRequest).then(function (response) { - return _this.props.deferred.resolve(response); - }, function (response) { - return _this.props.deferred.reject(response); - }); - })['catch'](this.loaded.bind(this)); - } - }, { - key: 'onerror', - value: function onerror(error) { - if (error.status === 401) { - error.alert.props.children = app.translator.trans('core.forum.log_in.invalid_login_message'); - } - - babelHelpers.get(Object.getPrototypeOf(ConfirmPasswordModal.prototype), 'onerror', this).call(this, error); - } - }, { - key: 'onhide', - value: function onhide() { - if (this.success) return; - - this.props.deferred.reject(this.props.error); - } - }]); - return ConfirmPasswordModal; - })(Modal); - - _export('default', ConfirmPasswordModal); - } - }; -});; System.register('flarum/components/DiscussionComposer', ['flarum/components/ComposerBody', 'flarum/utils/extractText'], function (_export) { /** @@ -31111,10 +31008,13 @@ System.register('flarum/Model', [], function (_export) { this.pushData(data); + var request = { data: data }; + if (options.meta) request.meta = options.meta; + return app.request(babelHelpers._extends({ method: this.exists ? 'PATCH' : 'POST', url: app.forum.attribute('apiUrl') + this.apiEndpoint(), - data: { data: data } + data: request }, options)).then( // If everything went well, we'll make sure the store knows that this // model exists now (if it didn't already), and we'll push the data that diff --git a/framework/core/js/forum/src/components/ChangeEmailModal.js b/framework/core/js/forum/src/components/ChangeEmailModal.js index d5cd4cf36..68b2d4311 100644 --- a/framework/core/js/forum/src/components/ChangeEmailModal.js +++ b/framework/core/js/forum/src/components/ChangeEmailModal.js @@ -22,6 +22,13 @@ export default class ChangeEmailModal extends Modal { * @type {function} */ this.email = m.prop(app.session.user.email()); + + /** + * The value of the password input. + * + * @type {function} + */ + this.password = m.prop(''); } className() { @@ -54,8 +61,13 @@ export default class ChangeEmailModal extends Modal {
+
+
+
@@ -85,14 +97,20 @@ export default class ChangeEmailModal extends Modal { this.loading = true; - app.session.user.save({email: this.email()}, {errorHandler: this.onerror.bind(this)}) + app.session.user.save({email: this.email()}, { + errorHandler: this.onerror.bind(this), + meta: {password: this.password()} + }) .then(() => this.success = true) .catch(() => {}) .then(this.loaded.bind(this)); + } - // The save method will update the cached email address on the user model... - // But in the case of a "sudo" password prompt, we'll still want to have - // the old email address on file for the purposes of logging in. - app.session.user.pushAttributes({email: oldEmail}); + onerror(error) { + if (error.status === 401) { + error.alert.props.children = app.translator.trans('core.forum.change_email.incorrect_password_message'); + } + + super.onerror(error); } } diff --git a/framework/core/js/lib/App.js b/framework/core/js/lib/App.js index ea19be3d6..1c8345441 100644 --- a/framework/core/js/lib/App.js +++ b/framework/core/js/lib/App.js @@ -252,15 +252,6 @@ export default class App { m.request(options).then(response => deferred.resolve(response), error => { this.requestError = error; - if (error.response && error.response.errors && error.response.errors[0] && error.response.errors[0].code === 'invalid_access_token') { - this.modal.show(new ConfirmPasswordModal({ - deferredRequest: originalOptions, - deferred, - error - })); - return; - } - let children; switch (error.status) { diff --git a/framework/core/js/lib/Model.js b/framework/core/js/lib/Model.js index 3a6ba4053..03e23662a 100644 --- a/framework/core/js/lib/Model.js +++ b/framework/core/js/lib/Model.js @@ -154,10 +154,13 @@ export default class Model { this.pushData(data); + const request = {data}; + if (options.meta) request.meta = options.meta; + return app.request(Object.assign({ method: this.exists ? 'PATCH' : 'POST', url: app.forum.attribute('apiUrl') + this.apiEndpoint(), - data: {data} + data: request }, options)).then( // If everything went well, we'll make sure the store knows that this // model exists now (if it didn't already), and we'll push the data that diff --git a/framework/core/js/lib/components/ConfirmPasswordModal.js b/framework/core/js/lib/components/ConfirmPasswordModal.js deleted file mode 100644 index 31ac07b91..000000000 --- a/framework/core/js/lib/components/ConfirmPasswordModal.js +++ /dev/null @@ -1,73 +0,0 @@ -import Modal from 'flarum/components/Modal'; -import Button from 'flarum/components/Button'; -import extractText from 'flarum/utils/extractText'; - -export default class ConfirmPasswordModal extends Modal { - init() { - super.init(); - - this.password = m.prop(''); - } - - className() { - return 'ConfirmPasswordModal Modal--small'; - } - - title() { - return app.translator.trans('core.forum.confirm_password.title'); - } - - content() { - return ( -
-
-
- -
- -
- -
-
-
- ); - } - - onsubmit(e) { - e.preventDefault(); - - this.loading = true; - - app.session.login(app.session.user.email(), this.password(), {errorHandler: this.onerror.bind(this)}) - .then(() => { - this.success = true; - this.hide(); - app.request(this.props.deferredRequest).then(response => this.props.deferred.resolve(response), response => this.props.deferred.reject(response)); - }) - .catch(this.loaded.bind(this)); - } - - onerror(error) { - if (error.status === 401) { - error.alert.props.children = app.translator.trans('core.forum.log_in.invalid_login_message'); - } - - super.onerror(error); - } - - onhide() { - if (this.success) return; - - this.props.deferred.reject(this.props.error); - } -} diff --git a/framework/core/src/Admin/Middleware/RequireAdministrateAbility.php b/framework/core/src/Admin/Middleware/RequireAdministrateAbility.php index 8bf08abc0..66430c0e3 100644 --- a/framework/core/src/Admin/Middleware/RequireAdministrateAbility.php +++ b/framework/core/src/Admin/Middleware/RequireAdministrateAbility.php @@ -10,63 +10,21 @@ namespace Flarum\Admin\Middleware; -use Exception; use Flarum\Core\Access\AssertPermissionTrait; -use Flarum\Forum\Controller\LogInController; -use Illuminate\Contracts\View\Factory; use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ServerRequestInterface as Request; -use Zend\Diactoros\Response\HtmlResponse; use Zend\Stratigility\MiddlewareInterface; class RequireAdministrateAbility implements MiddlewareInterface { use AssertPermissionTrait; - /** - * @var LogInController - */ - private $logInController; - - /** - * @var Factory - */ - private $view; - - /** - * @param LogInController $logInController - * @param Factory $view - */ - public function __construct(LogInController $logInController, Factory $view) - { - $this->logInController = $logInController; - $this->view = $view; - } - /** * {@inheritdoc} */ public function __invoke(Request $request, Response $response, callable $out = null) { - try { - $this->assertAdminAndSudo($request); - } catch (Exception $e) { - if ($request->getMethod() === 'POST') { - $response = $this->logInController->handle($request); - - if ($response->getStatusCode() === 200) { - return $response - ->withStatus(302) - ->withHeader('location', app('Flarum\Admin\UrlGenerator')->toRoute('index')); - } - } - - return new HtmlResponse( - $this->view->make('flarum.admin::login') - ->with('token', $request->getAttribute('session')->get('csrf_token')) - ->render() - ); - } + $this->assertAdmin($request->getAttribute('actor')); return $out ? $out($request, $response) : $response; } diff --git a/framework/core/src/Api/Controller/DeleteDiscussionController.php b/framework/core/src/Api/Controller/DeleteDiscussionController.php index 043261f1d..06a20c04b 100644 --- a/framework/core/src/Api/Controller/DeleteDiscussionController.php +++ b/framework/core/src/Api/Controller/DeleteDiscussionController.php @@ -10,15 +10,12 @@ namespace Flarum\Api\Controller; -use Flarum\Core\Access\AssertPermissionTrait; use Flarum\Core\Command\DeleteDiscussion; use Illuminate\Contracts\Bus\Dispatcher; use Psr\Http\Message\ServerRequestInterface; class DeleteDiscussionController extends AbstractDeleteController { - use AssertPermissionTrait; - /** * @var Dispatcher */ @@ -41,8 +38,6 @@ class DeleteDiscussionController extends AbstractDeleteController $actor = $request->getAttribute('actor'); $input = $request->getParsedBody(); - $this->assertSudo($request); - $this->bus->dispatch( new DeleteDiscussion($id, $actor, $input) ); diff --git a/framework/core/src/Api/Controller/DeleteGroupController.php b/framework/core/src/Api/Controller/DeleteGroupController.php index 593300fa7..6f9ab7435 100644 --- a/framework/core/src/Api/Controller/DeleteGroupController.php +++ b/framework/core/src/Api/Controller/DeleteGroupController.php @@ -10,15 +10,12 @@ namespace Flarum\Api\Controller; -use Flarum\Core\Access\AssertPermissionTrait; use Flarum\Core\Command\DeleteGroup; use Illuminate\Contracts\Bus\Dispatcher; use Psr\Http\Message\ServerRequestInterface; class DeleteGroupController extends AbstractDeleteController { - use AssertPermissionTrait; - /** * @var Dispatcher */ @@ -37,8 +34,6 @@ class DeleteGroupController extends AbstractDeleteController */ protected function delete(ServerRequestInterface $request) { - $this->assertSudo($request); - $this->bus->dispatch( new DeleteGroup(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor')) ); diff --git a/framework/core/src/Api/Controller/DeletePostController.php b/framework/core/src/Api/Controller/DeletePostController.php index b32751a28..7e31838f9 100644 --- a/framework/core/src/Api/Controller/DeletePostController.php +++ b/framework/core/src/Api/Controller/DeletePostController.php @@ -10,15 +10,12 @@ namespace Flarum\Api\Controller; -use Flarum\Core\Access\AssertPermissionTrait; use Flarum\Core\Command\DeletePost; use Illuminate\Contracts\Bus\Dispatcher; use Psr\Http\Message\ServerRequestInterface; class DeletePostController extends AbstractDeleteController { - use AssertPermissionTrait; - /** * @var Dispatcher */ @@ -37,8 +34,6 @@ class DeletePostController extends AbstractDeleteController */ protected function delete(ServerRequestInterface $request) { - $this->assertSudo($request); - $this->bus->dispatch( new DeletePost(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor')) ); diff --git a/framework/core/src/Api/Controller/DeleteUserController.php b/framework/core/src/Api/Controller/DeleteUserController.php index 306e5567a..cb214e531 100644 --- a/framework/core/src/Api/Controller/DeleteUserController.php +++ b/framework/core/src/Api/Controller/DeleteUserController.php @@ -10,15 +10,12 @@ namespace Flarum\Api\Controller; -use Flarum\Core\Access\AssertPermissionTrait; use Flarum\Core\Command\DeleteUser; use Illuminate\Contracts\Bus\Dispatcher; use Psr\Http\Message\ServerRequestInterface; class DeleteUserController extends AbstractDeleteController { - use AssertPermissionTrait; - /** * @var Dispatcher */ @@ -37,8 +34,6 @@ class DeleteUserController extends AbstractDeleteController */ protected function delete(ServerRequestInterface $request) { - $this->assertSudo($request); - $this->bus->dispatch( new DeleteUser(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor')) ); diff --git a/framework/core/src/Api/Controller/SetPermissionController.php b/framework/core/src/Api/Controller/SetPermissionController.php index b709f08bb..783157b94 100644 --- a/framework/core/src/Api/Controller/SetPermissionController.php +++ b/framework/core/src/Api/Controller/SetPermissionController.php @@ -25,7 +25,7 @@ class SetPermissionController implements ControllerInterface */ public function handle(ServerRequestInterface $request) { - $this->assertAdminAndSudo($request); + $this->assertAdmin($request->getAttribute('actor')); $body = $request->getParsedBody(); $permission = array_get($body, 'permission'); diff --git a/framework/core/src/Api/Controller/SetSettingsController.php b/framework/core/src/Api/Controller/SetSettingsController.php index d829639f5..e5006a25b 100644 --- a/framework/core/src/Api/Controller/SetSettingsController.php +++ b/framework/core/src/Api/Controller/SetSettingsController.php @@ -47,7 +47,7 @@ class SetSettingsController implements ControllerInterface */ public function handle(ServerRequestInterface $request) { - $this->assertAdminAndSudo($request); + $this->assertAdmin($request->getAttribute('actor')); $settings = $request->getParsedBody(); diff --git a/framework/core/src/Api/Controller/UninstallExtensionController.php b/framework/core/src/Api/Controller/UninstallExtensionController.php index cc44e974b..f2519cdd2 100644 --- a/framework/core/src/Api/Controller/UninstallExtensionController.php +++ b/framework/core/src/Api/Controller/UninstallExtensionController.php @@ -33,7 +33,7 @@ class UninstallExtensionController extends AbstractDeleteController protected function delete(ServerRequestInterface $request) { - $this->assertAdminAndSudo($request); + $this->assertAdmin($request->getAttribute('actor')); $name = array_get($request->getQueryParams(), 'name'); diff --git a/framework/core/src/Api/Controller/UpdateExtensionController.php b/framework/core/src/Api/Controller/UpdateExtensionController.php index 716dc8108..222c17d4e 100644 --- a/framework/core/src/Api/Controller/UpdateExtensionController.php +++ b/framework/core/src/Api/Controller/UpdateExtensionController.php @@ -37,7 +37,7 @@ class UpdateExtensionController implements ControllerInterface */ public function handle(ServerRequestInterface $request) { - $this->assertAdminAndSudo($request); + $this->assertAdmin($request->getAttribute('actor')); $enabled = array_get($request->getParsedBody(), 'enabled'); $name = array_get($request->getQueryParams(), 'name'); diff --git a/framework/core/src/Api/Controller/UpdateUserController.php b/framework/core/src/Api/Controller/UpdateUserController.php index ca675951c..6c6fecdaf 100644 --- a/framework/core/src/Api/Controller/UpdateUserController.php +++ b/framework/core/src/Api/Controller/UpdateUserController.php @@ -10,16 +10,14 @@ namespace Flarum\Api\Controller; -use Flarum\Core\Access\AssertPermissionTrait; use Flarum\Core\Command\EditUser; +use Flarum\Core\Exception\PermissionDeniedException; use Illuminate\Contracts\Bus\Dispatcher; use Psr\Http\Message\ServerRequestInterface; use Tobscure\JsonApi\Document; class UpdateUserController extends AbstractResourceController { - use AssertPermissionTrait; - /** * {@inheritdoc} */ @@ -52,7 +50,15 @@ class UpdateUserController extends AbstractResourceController $actor = $request->getAttribute('actor'); $data = array_get($request->getParsedBody(), 'data', []); - $this->assertSudo($request); + // Require the user's current password if they are attempting to change + // their own email address. + if (isset($data['attributes']['email']) && $actor->id == $id) { + $password = array_get($request->getParsedBody(), 'meta.password'); + + if (! $actor->checkPassword($password)) { + throw new PermissionDeniedException; + } + } return $this->bus->dispatch( new EditUser($id, $actor, $data) diff --git a/framework/core/src/Core/Access/AssertPermissionTrait.php b/framework/core/src/Core/Access/AssertPermissionTrait.php index 093c71801..4b5a98ea5 100644 --- a/framework/core/src/Core/Access/AssertPermissionTrait.php +++ b/framework/core/src/Core/Access/AssertPermissionTrait.php @@ -10,11 +10,9 @@ namespace Flarum\Core\Access; -use DateTime; use Flarum\Api\Exception\InvalidAccessTokenException; use Flarum\Core\Exception\PermissionDeniedException; use Flarum\Core\User; -use Psr\Http\Message\ServerRequestInterface; trait AssertPermissionTrait { @@ -66,28 +64,4 @@ trait AssertPermissionTrait { $this->assertCan($actor, 'administrate'); } - - /** - * @param ServerRequestInterface $request - * @throws InvalidAccessTokenException - */ - protected function assertSudo(ServerRequestInterface $request) - { - $session = $request->getAttribute('session'); - - if ($session && $session->get('sudo_expiry') < new DateTime) { - throw new InvalidAccessTokenException; - } - } - - /** - * @param ServerRequestInterface $request - * @throws PermissionDeniedException - */ - protected function assertAdminAndSudo(ServerRequestInterface $request) - { - $this->assertAdmin($request->getAttribute('actor')); - - $this->assertSudo($request); - } } diff --git a/framework/core/src/Http/SessionAuthenticator.php b/framework/core/src/Http/SessionAuthenticator.php index 427ff924a..703af2d01 100644 --- a/framework/core/src/Http/SessionAuthenticator.php +++ b/framework/core/src/Http/SessionAuthenticator.php @@ -23,7 +23,6 @@ class SessionAuthenticator { $session->migrate(); $session->set('user_id', $userId); - $session->set('sudo_expiry', new DateTime('+30 minutes')); } /** diff --git a/framework/core/views/login.blade.php b/framework/core/views/login.blade.php deleted file mode 100644 index 8f98689ad..000000000 --- a/framework/core/views/login.blade.php +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - Log In - - - - - -

Log In

- -
- - -
- - -
- -
- - -
- -
- -
-
- -