IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2024-11-21 16:38:36 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix logout for #3184

Browse Source
This commit is contained in:
James Cole 2020-06-11 17:55:38 +02:00
parent a63b8322db
commit 48b5f749a1
6 changed files with 119 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env.example
View File

@ -177,6 +177,13 @@ LOGIN_PROVIDER=eloquent
# This function is available in Firefly III v5.3.0 and higher.
AUTHENTICATION_GUARD=web
#
# Likewise, it's impossible to log out users who's authentication is handled by an external system.
# Enter a custom URL here that will force a logout (your authentication provider can tell you).
# Setting this variable only works when AUTHENTICATION_GUARD != web
#
CUSTOM_LOGOUT_URI=
# LDAP connection configuration
# OpenLDAP, FreeIPA or ActiveDirectory
# # If you use Docker or similar, you can set this variable from a file by appending it with _FILE

31
app/Http/Controllers/Auth/LoginController.php
View File

@ -176,4 +176,35 @@ class LoginController extends Controller
throw $exception;
}
/**
* Log the user out of the application.
*
* @param \Illuminate\Http\Request $request
*
* @return \Illuminate\Http\Response
*/
public function logout(Request $request)
{
$authGuard = config('firefly.authentication_guard');
$logoutUri = config('firefly.custom_logout_uri');
if ('remote_user_guard' === $authGuard && '' !== $logoutUri) {
return redirect($logoutUri);
}
$this->guard()->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
if ($response = $this->loggedOut($request)) {
return $response;
}
return $request->wantsJson()
? new \Illuminate\Http\Response('', 204)
: redirect('/');
}
}

106
app/Http/Controllers/ProfileController.php
View File

@ -61,6 +61,8 @@ class ProfileController extends Controller
{
use RequestInformation, CreateStuff;
protected bool $externalIdentity;
/**
* ProfileController constructor.
*
@ -78,6 +80,9 @@ class ProfileController extends Controller
return $next($request);
}
);
$loginProvider = config('firefly.login_provider');
$authGuard = config('firefly.authentication_guard');
$this->externalIdentity = 'eloquent' === $loginProvider || 'remote_user_guard' === $authGuard;
$this->middleware(IsDemoUser::class)->except(['index']);
$this->middleware(IsSandStormUser::class)->except('index');
@ -92,13 +97,10 @@ class ProfileController extends Controller
*/
public function changeEmail(Request $request)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
// @codeCoverageIgnoreStart
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
// @codeCoverageIgnoreEnd
}
$title = auth()->user()->email;
@ -118,13 +120,10 @@ class ProfileController extends Controller
*/
public function changePassword(Request $request)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
// @codeCoverageIgnoreStart
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
// @codeCoverageIgnoreEnd
}
$title = auth()->user()->email;
@ -137,10 +136,17 @@ class ProfileController extends Controller
/**
* View that generates a 2FA code for the user.
*
* @param Request $request
*
* @return Factory|View
*/
public function code()
public function code(Request $request)
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
$domain = $this->getDomain();
$secret = null;
@ -192,10 +198,9 @@ class ProfileController extends Controller
*/
public function confirmEmailChange(UserRepositoryInterface $repository, string $token)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
if ($this->externalIdentity) {
// @codeCoverageIgnoreStart
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
throw new FireflyException(trans('firefly.external_user_mgt_disabled'));
// @codeCoverageIgnoreEnd
}
// find preference with this token value.
@ -229,15 +234,14 @@ class ProfileController extends Controller
*
* @param Request $request
*
* @return Factory|View
* @return \Illuminate\Contracts\Foundation\Application|RedirectResponse|Redirector
*/
public function deleteAccount(Request $request)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
// @codeCoverageIgnoreStart
$request->session()->flash('warning', trans('firefly.delete_local_info_only', ['login_provider' => e($loginProvider)]));
// @codeCoverageIgnoreEnd
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
$title = auth()->user()->email;
$subTitle = (string) trans('firefly.delete_account');
@ -251,8 +255,13 @@ class ProfileController extends Controller
*
* @return RedirectResponse|Redirector
*/
public function deleteCode()
public function deleteCode(Request $request)
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
/** @var UserRepositoryInterface $repository */
$repository = app(UserRepositoryInterface::class);
@ -271,8 +280,14 @@ class ProfileController extends Controller
*
* @return RedirectResponse|Redirector
*/
public function enable2FA()
public function enable2FA(Request $request)
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
/** @var User $user */
$user = auth()->user();
$enabledMFA = null !== $user->mfa_secret;
@ -329,6 +344,12 @@ class ProfileController extends Controller
*/
public function newBackupCodes()
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
// generate recovery codes:
$recovery = app(Recovery::class);
$recoveryCodes = $recovery->lowercase()
@ -354,13 +375,10 @@ class ProfileController extends Controller
*/
public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
// @codeCoverageIgnoreStart
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
// @codeCoverageIgnoreEnd
}
/** @var User $user */
@ -408,13 +426,10 @@ class ProfileController extends Controller
*/
public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
// @codeCoverageIgnoreStart
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
// @codeCoverageIgnoreEnd
}
// the request has already validated both new passwords must be equal.
@ -446,6 +461,12 @@ class ProfileController extends Controller
*/
public function postCode(TokenFormRequest $request)
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
/** @var User $user */
$user = auth()->user();
/** @var UserRepositoryInterface $repository */
@ -485,6 +506,12 @@ class ProfileController extends Controller
*/
public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request)
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
if (!Hash::check($request->get('password'), auth()->user()->password)) {
session()->flash('error', (string) trans('firefly.invalid_password'));
@ -506,8 +533,14 @@ class ProfileController extends Controller
*
* @return RedirectResponse|Redirector
*/
public function regenerate()
public function regenerate(Request $request)
{
if ($this->externalIdentity) {
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
return redirect(route('profile.index'));
}
/** @var User $user */
$user = auth()->user();
$token = $user->generateAccessToken();
@ -530,11 +563,8 @@ class ProfileController extends Controller
*/
public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash)
{
$loginProvider = config('firefly.login_provider');
if ('eloquent' !== $loginProvider) {
// @codeCoverageIgnoreStart
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
// @codeCoverageIgnoreEnd
if ($this->externalIdentity) {
throw new FireflyException(trans('firefly.external_user_mgt_disabled'));
}
// find preference with this token value.

16
config/firefly.php
View File

@ -83,14 +83,14 @@ use FireflyIII\TransactionRules\Triggers\AmountMore;
use FireflyIII\TransactionRules\Triggers\BudgetIs;
use FireflyIII\TransactionRules\Triggers\CategoryIs;
use FireflyIII\TransactionRules\Triggers\CurrencyIs;
use FireflyIII\TransactionRules\Triggers\ForeignCurrencyIs;
use FireflyIII\TransactionRules\Triggers\DateIs;
use FireflyIII\TransactionRules\Triggers\DateBefore;
use FireflyIII\TransactionRules\Triggers\DateAfter;
use FireflyIII\TransactionRules\Triggers\DateBefore;
use FireflyIII\TransactionRules\Triggers\DateIs;
use FireflyIII\TransactionRules\Triggers\DescriptionContains;
use FireflyIII\TransactionRules\Triggers\DescriptionEnds;
use FireflyIII\TransactionRules\Triggers\DescriptionIs;
use FireflyIII\TransactionRules\Triggers\DescriptionStarts;
use FireflyIII\TransactionRules\Triggers\ForeignCurrencyIs;
use FireflyIII\TransactionRules\Triggers\FromAccountContains;
use FireflyIII\TransactionRules\Triggers\FromAccountEnds;
use FireflyIII\TransactionRules\Triggers\FromAccountIs;
@ -142,10 +142,10 @@ return [
],
'encryption' => null === env('USE_ENCRYPTION') || true === env('USE_ENCRYPTION'),
'version' => '5.3.0',
'api_version' => '1.1.0',
'db_version' => 14,
'maxUploadSize' => 15242880,
'version' => '5.3.0',
'api_version' => '1.1.0',
'db_version' => 14,
'maxUploadSize' => 15242880,
'send_error_message' => env('SEND_ERROR_MESSAGE', true),
'site_owner' => env('SITE_OWNER', ''),
'send_registration_mail' => env('SEND_REGISTRATION_MAIL', true),
@ -162,6 +162,8 @@ return [
'disable_frame_header' => env('DISABLE_FRAME_HEADER', false),
'disable_csp_header' => env('DISABLE_CSP_HEADER', false),
'login_provider' => envNonEmpty('LOGIN_PROVIDER', 'eloquent'),
'authentication_guard' => envNonEmpty('AUTHENTICATION_GUARD', 'web'),
'custom_logout_uri' => envNonEmpty('CUSTOM_LOGOUT_URI', ''),
'cer_provider' => envNonEmpty('CER_PROVIDER', 'fixer'),
'update_endpoint' => 'https://version.firefly-iii.org/index.json',
'send_telemetry' => env('SEND_TELEMETRY', false),

2
config/view.php
View File

@ -48,6 +48,6 @@ return [
|
*/
'compiled' => realpath(storage_path('framework/views/v1')),
'compiled' => realpath(storage_path(sprintf('framework/views/%s', env('FIREFLY_III_LAYOUT', 'v1')))),
];

5
resources/lang/en_US/firefly.php
View File

@ -655,7 +655,8 @@ return [
'login_with_new_email' => 'You can now login with your new email address.',
'login_with_old_email' => 'You can now login with your old email address again.',
'login_provider_local_only' => 'This action is not available when authenticating through ":login_provider".',
'delete_local_info_only' => "Because you authenticate through ':login_provider', this will only delete local Firefly III information.",
'external_user_mgt_disabled' => 'This action is not available when Firefly III isn\'t responsible for user management or authentication handling.',
'delete_local_info_only' => "Because Firefly III isn't responsible for user management or authentication handling, this function will only delete local Firefly III information.",
'profile_oauth_clients' => 'OAuth Clients',
'profile_oauth_no_clients' => 'You have not created any OAuth clients.',
'profile_oauth_clients_header' => 'Clients',
@ -1667,6 +1668,6 @@ return [
'debug_submit_instructions' => 'If you are running into problems, you can use the information in this box as debug information. Please copy-and-paste into a new or existing <a href="https://github.com/firefly-iii/firefly-iii/issues">GitHub issue</a>. It will generate a beautiful table that can be used to quickly diagnose your problem.',
'debug_pretty_table' => 'If you copy/paste the box below into a GitHub issue it will generate a table. Please do not surround this text with backticks or quotes.',
'debug_additional_data' => 'You may also share the content of the box below. You can also copy-and-paste this into a new or existing <a href="https://github.com/firefly-iii/firefly-iii/issues">GitHub issue</a>. However, the content of this box may contain private information such as account names, transaction details or email addresses.',
];