mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-09 23:15:45 -06:00
This is the two factor middleware. #219
This commit is contained in:
parent
a29eb9b993
commit
83f200f5a2
64
app/Http/Middleware/AuthenticateTwoFactor.php
Normal file
64
app/Http/Middleware/AuthenticateTwoFactor.php
Normal file
@ -0,0 +1,64 @@
|
||||
<?php
|
||||
/**
|
||||
* AuthenticateTwoFactor.php
|
||||
* Copyright (C) 2016 Sander Dorigo
|
||||
*
|
||||
* This software may be modified and distributed under the terms
|
||||
* of the MIT license. See the LICENSE file for details.
|
||||
*/
|
||||
|
||||
declare(strict_types = 1);
|
||||
|
||||
namespace FireflyIII\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Preferences;
|
||||
use Session;
|
||||
|
||||
/**
|
||||
* Class AuthenticateTwoFactor
|
||||
*
|
||||
* @package FireflyIII\Http\Middleware
|
||||
*/
|
||||
class AuthenticateTwoFactor
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param string|null $guard
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next, $guard = null)
|
||||
{
|
||||
|
||||
// do the usual auth, again:
|
||||
if (Auth::guard($guard)->guest()) {
|
||||
if ($request->ajax()) {
|
||||
return response('Unauthorized.', 401);
|
||||
} else {
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
} else {
|
||||
|
||||
if (intval(Auth::user()->blocked) === 1) {
|
||||
Auth::guard($guard)->logout();
|
||||
Session::flash('logoutMessage', trans('firefly.block_account_logout'));
|
||||
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
}
|
||||
$twoFactorAuthEnabled = Preferences::get('twoFactorAuthEnabled', false)->data;
|
||||
$hasTwoFactorAuthSecret = !is_null(Preferences::get('twoFactorAuthSecret'));
|
||||
$isTwoFactorAuthenticated = Session::get('twofactor-authenticated');
|
||||
if ($twoFactorAuthEnabled && $hasTwoFactorAuthSecret && !$isTwoFactorAuthenticated) {
|
||||
return redirect(route('two-factor'));
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user