mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-11-25 10:20:29 -06:00
Fix logout for #3184
This commit is contained in:
parent
a63b8322db
commit
48b5f749a1
@ -177,6 +177,13 @@ LOGIN_PROVIDER=eloquent
|
|||||||
# This function is available in Firefly III v5.3.0 and higher.
|
# This function is available in Firefly III v5.3.0 and higher.
|
||||||
AUTHENTICATION_GUARD=web
|
AUTHENTICATION_GUARD=web
|
||||||
|
|
||||||
|
#
|
||||||
|
# Likewise, it's impossible to log out users who's authentication is handled by an external system.
|
||||||
|
# Enter a custom URL here that will force a logout (your authentication provider can tell you).
|
||||||
|
# Setting this variable only works when AUTHENTICATION_GUARD != web
|
||||||
|
#
|
||||||
|
CUSTOM_LOGOUT_URI=
|
||||||
|
|
||||||
# LDAP connection configuration
|
# LDAP connection configuration
|
||||||
# OpenLDAP, FreeIPA or ActiveDirectory
|
# OpenLDAP, FreeIPA or ActiveDirectory
|
||||||
# # If you use Docker or similar, you can set this variable from a file by appending it with _FILE
|
# # If you use Docker or similar, you can set this variable from a file by appending it with _FILE
|
||||||
|
@ -176,4 +176,35 @@ class LoginController extends Controller
|
|||||||
throw $exception;
|
throw $exception;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Log the user out of the application.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
*
|
||||||
|
* @return \Illuminate\Http\Response
|
||||||
|
*/
|
||||||
|
public function logout(Request $request)
|
||||||
|
{
|
||||||
|
$authGuard = config('firefly.authentication_guard');
|
||||||
|
$logoutUri = config('firefly.custom_logout_uri');
|
||||||
|
if ('remote_user_guard' === $authGuard && '' !== $logoutUri) {
|
||||||
|
return redirect($logoutUri);
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->guard()->logout();
|
||||||
|
|
||||||
|
$request->session()->invalidate();
|
||||||
|
|
||||||
|
$request->session()->regenerateToken();
|
||||||
|
|
||||||
|
if ($response = $this->loggedOut($request)) {
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $request->wantsJson()
|
||||||
|
? new \Illuminate\Http\Response('', 204)
|
||||||
|
: redirect('/');
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -61,6 +61,8 @@ class ProfileController extends Controller
|
|||||||
{
|
{
|
||||||
use RequestInformation, CreateStuff;
|
use RequestInformation, CreateStuff;
|
||||||
|
|
||||||
|
protected bool $externalIdentity;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ProfileController constructor.
|
* ProfileController constructor.
|
||||||
*
|
*
|
||||||
@ -78,6 +80,9 @@ class ProfileController extends Controller
|
|||||||
return $next($request);
|
return $next($request);
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
$loginProvider = config('firefly.login_provider');
|
||||||
|
$authGuard = config('firefly.authentication_guard');
|
||||||
|
$this->externalIdentity = 'eloquent' === $loginProvider || 'remote_user_guard' === $authGuard;
|
||||||
|
|
||||||
$this->middleware(IsDemoUser::class)->except(['index']);
|
$this->middleware(IsDemoUser::class)->except(['index']);
|
||||||
$this->middleware(IsSandStormUser::class)->except('index');
|
$this->middleware(IsSandStormUser::class)->except('index');
|
||||||
@ -92,13 +97,10 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function changeEmail(Request $request)
|
public function changeEmail(Request $request)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$title = auth()->user()->email;
|
$title = auth()->user()->email;
|
||||||
@ -118,13 +120,10 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function changePassword(Request $request)
|
public function changePassword(Request $request)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$title = auth()->user()->email;
|
$title = auth()->user()->email;
|
||||||
@ -137,10 +136,17 @@ class ProfileController extends Controller
|
|||||||
/**
|
/**
|
||||||
* View that generates a 2FA code for the user.
|
* View that generates a 2FA code for the user.
|
||||||
*
|
*
|
||||||
|
* @param Request $request
|
||||||
|
*
|
||||||
* @return Factory|View
|
* @return Factory|View
|
||||||
*/
|
*/
|
||||||
public function code()
|
public function code(Request $request)
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
$domain = $this->getDomain();
|
$domain = $this->getDomain();
|
||||||
$secret = null;
|
$secret = null;
|
||||||
|
|
||||||
@ -192,10 +198,9 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function confirmEmailChange(UserRepositoryInterface $repository, string $token)
|
public function confirmEmailChange(UserRepositoryInterface $repository, string $token)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
|
throw new FireflyException(trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
}
|
}
|
||||||
// find preference with this token value.
|
// find preference with this token value.
|
||||||
@ -229,15 +234,14 @@ class ProfileController extends Controller
|
|||||||
*
|
*
|
||||||
* @param Request $request
|
* @param Request $request
|
||||||
*
|
*
|
||||||
* @return Factory|View
|
* @return \Illuminate\Contracts\Foundation\Application|RedirectResponse|Redirector
|
||||||
*/
|
*/
|
||||||
public function deleteAccount(Request $request)
|
public function deleteAccount(Request $request)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
$request->session()->flash('warning', trans('firefly.delete_local_info_only', ['login_provider' => e($loginProvider)]));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
$title = auth()->user()->email;
|
$title = auth()->user()->email;
|
||||||
$subTitle = (string) trans('firefly.delete_account');
|
$subTitle = (string) trans('firefly.delete_account');
|
||||||
@ -251,8 +255,13 @@ class ProfileController extends Controller
|
|||||||
*
|
*
|
||||||
* @return RedirectResponse|Redirector
|
* @return RedirectResponse|Redirector
|
||||||
*/
|
*/
|
||||||
public function deleteCode()
|
public function deleteCode(Request $request)
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
/** @var UserRepositoryInterface $repository */
|
/** @var UserRepositoryInterface $repository */
|
||||||
$repository = app(UserRepositoryInterface::class);
|
$repository = app(UserRepositoryInterface::class);
|
||||||
|
|
||||||
@ -271,8 +280,14 @@ class ProfileController extends Controller
|
|||||||
*
|
*
|
||||||
* @return RedirectResponse|Redirector
|
* @return RedirectResponse|Redirector
|
||||||
*/
|
*/
|
||||||
public function enable2FA()
|
public function enable2FA(Request $request)
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$enabledMFA = null !== $user->mfa_secret;
|
$enabledMFA = null !== $user->mfa_secret;
|
||||||
@ -329,6 +344,12 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function newBackupCodes()
|
public function newBackupCodes()
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
|
|
||||||
// generate recovery codes:
|
// generate recovery codes:
|
||||||
$recovery = app(Recovery::class);
|
$recovery = app(Recovery::class);
|
||||||
$recoveryCodes = $recovery->lowercase()
|
$recoveryCodes = $recovery->lowercase()
|
||||||
@ -354,13 +375,10 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository)
|
public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
@ -408,13 +426,10 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)
|
public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
$request->session()->flash('error', trans('firefly.login_provider_local_only', ['login_provider' => e($loginProvider)]));
|
|
||||||
|
|
||||||
return redirect(route('profile.index'));
|
return redirect(route('profile.index'));
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// the request has already validated both new passwords must be equal.
|
// the request has already validated both new passwords must be equal.
|
||||||
@ -446,6 +461,12 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function postCode(TokenFormRequest $request)
|
public function postCode(TokenFormRequest $request)
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
/** @var UserRepositoryInterface $repository */
|
/** @var UserRepositoryInterface $repository */
|
||||||
@ -485,6 +506,12 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request)
|
public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request)
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
|
|
||||||
if (!Hash::check($request->get('password'), auth()->user()->password)) {
|
if (!Hash::check($request->get('password'), auth()->user()->password)) {
|
||||||
session()->flash('error', (string) trans('firefly.invalid_password'));
|
session()->flash('error', (string) trans('firefly.invalid_password'));
|
||||||
|
|
||||||
@ -506,8 +533,14 @@ class ProfileController extends Controller
|
|||||||
*
|
*
|
||||||
* @return RedirectResponse|Redirector
|
* @return RedirectResponse|Redirector
|
||||||
*/
|
*/
|
||||||
public function regenerate()
|
public function regenerate(Request $request)
|
||||||
{
|
{
|
||||||
|
if ($this->externalIdentity) {
|
||||||
|
$request->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
|
||||||
|
|
||||||
|
return redirect(route('profile.index'));
|
||||||
|
}
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
$token = $user->generateAccessToken();
|
$token = $user->generateAccessToken();
|
||||||
@ -530,11 +563,8 @@ class ProfileController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash)
|
public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash)
|
||||||
{
|
{
|
||||||
$loginProvider = config('firefly.login_provider');
|
if ($this->externalIdentity) {
|
||||||
if ('eloquent' !== $loginProvider) {
|
throw new FireflyException(trans('firefly.external_user_mgt_disabled'));
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
throw new FireflyException('Cannot confirm email change when authentication provider is not local.');
|
|
||||||
// @codeCoverageIgnoreEnd
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// find preference with this token value.
|
// find preference with this token value.
|
||||||
|
@ -83,14 +83,14 @@ use FireflyIII\TransactionRules\Triggers\AmountMore;
|
|||||||
use FireflyIII\TransactionRules\Triggers\BudgetIs;
|
use FireflyIII\TransactionRules\Triggers\BudgetIs;
|
||||||
use FireflyIII\TransactionRules\Triggers\CategoryIs;
|
use FireflyIII\TransactionRules\Triggers\CategoryIs;
|
||||||
use FireflyIII\TransactionRules\Triggers\CurrencyIs;
|
use FireflyIII\TransactionRules\Triggers\CurrencyIs;
|
||||||
use FireflyIII\TransactionRules\Triggers\ForeignCurrencyIs;
|
|
||||||
use FireflyIII\TransactionRules\Triggers\DateIs;
|
|
||||||
use FireflyIII\TransactionRules\Triggers\DateBefore;
|
|
||||||
use FireflyIII\TransactionRules\Triggers\DateAfter;
|
use FireflyIII\TransactionRules\Triggers\DateAfter;
|
||||||
|
use FireflyIII\TransactionRules\Triggers\DateBefore;
|
||||||
|
use FireflyIII\TransactionRules\Triggers\DateIs;
|
||||||
use FireflyIII\TransactionRules\Triggers\DescriptionContains;
|
use FireflyIII\TransactionRules\Triggers\DescriptionContains;
|
||||||
use FireflyIII\TransactionRules\Triggers\DescriptionEnds;
|
use FireflyIII\TransactionRules\Triggers\DescriptionEnds;
|
||||||
use FireflyIII\TransactionRules\Triggers\DescriptionIs;
|
use FireflyIII\TransactionRules\Triggers\DescriptionIs;
|
||||||
use FireflyIII\TransactionRules\Triggers\DescriptionStarts;
|
use FireflyIII\TransactionRules\Triggers\DescriptionStarts;
|
||||||
|
use FireflyIII\TransactionRules\Triggers\ForeignCurrencyIs;
|
||||||
use FireflyIII\TransactionRules\Triggers\FromAccountContains;
|
use FireflyIII\TransactionRules\Triggers\FromAccountContains;
|
||||||
use FireflyIII\TransactionRules\Triggers\FromAccountEnds;
|
use FireflyIII\TransactionRules\Triggers\FromAccountEnds;
|
||||||
use FireflyIII\TransactionRules\Triggers\FromAccountIs;
|
use FireflyIII\TransactionRules\Triggers\FromAccountIs;
|
||||||
@ -162,6 +162,8 @@ return [
|
|||||||
'disable_frame_header' => env('DISABLE_FRAME_HEADER', false),
|
'disable_frame_header' => env('DISABLE_FRAME_HEADER', false),
|
||||||
'disable_csp_header' => env('DISABLE_CSP_HEADER', false),
|
'disable_csp_header' => env('DISABLE_CSP_HEADER', false),
|
||||||
'login_provider' => envNonEmpty('LOGIN_PROVIDER', 'eloquent'),
|
'login_provider' => envNonEmpty('LOGIN_PROVIDER', 'eloquent'),
|
||||||
|
'authentication_guard' => envNonEmpty('AUTHENTICATION_GUARD', 'web'),
|
||||||
|
'custom_logout_uri' => envNonEmpty('CUSTOM_LOGOUT_URI', ''),
|
||||||
'cer_provider' => envNonEmpty('CER_PROVIDER', 'fixer'),
|
'cer_provider' => envNonEmpty('CER_PROVIDER', 'fixer'),
|
||||||
'update_endpoint' => 'https://version.firefly-iii.org/index.json',
|
'update_endpoint' => 'https://version.firefly-iii.org/index.json',
|
||||||
'send_telemetry' => env('SEND_TELEMETRY', false),
|
'send_telemetry' => env('SEND_TELEMETRY', false),
|
||||||
|
@ -48,6 +48,6 @@ return [
|
|||||||
|
|
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
'compiled' => realpath(storage_path('framework/views/v1')),
|
'compiled' => realpath(storage_path(sprintf('framework/views/%s', env('FIREFLY_III_LAYOUT', 'v1')))),
|
||||||
|
|
||||||
];
|
];
|
||||||
|
@ -655,7 +655,8 @@ return [
|
|||||||
'login_with_new_email' => 'You can now login with your new email address.',
|
'login_with_new_email' => 'You can now login with your new email address.',
|
||||||
'login_with_old_email' => 'You can now login with your old email address again.',
|
'login_with_old_email' => 'You can now login with your old email address again.',
|
||||||
'login_provider_local_only' => 'This action is not available when authenticating through ":login_provider".',
|
'login_provider_local_only' => 'This action is not available when authenticating through ":login_provider".',
|
||||||
'delete_local_info_only' => "Because you authenticate through ':login_provider', this will only delete local Firefly III information.",
|
'external_user_mgt_disabled' => 'This action is not available when Firefly III isn\'t responsible for user management or authentication handling.',
|
||||||
|
'delete_local_info_only' => "Because Firefly III isn't responsible for user management or authentication handling, this function will only delete local Firefly III information.",
|
||||||
'profile_oauth_clients' => 'OAuth Clients',
|
'profile_oauth_clients' => 'OAuth Clients',
|
||||||
'profile_oauth_no_clients' => 'You have not created any OAuth clients.',
|
'profile_oauth_no_clients' => 'You have not created any OAuth clients.',
|
||||||
'profile_oauth_clients_header' => 'Clients',
|
'profile_oauth_clients_header' => 'Clients',
|
||||||
|
Loading…
Reference in New Issue
Block a user