mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-12-24 16:10:37 -06:00
Merge branch 'apifix' into develop
* apifix: Fix issues with API authentication. # Conflicts: # app/Api/V1/Controllers/BillController.php # app/Http/Middleware/HttpBinder.php # app/Transformers/AttachmentTransformer.php # app/Transformers/BillTransformer.php # app/Transformers/NoteTransformer.php # routes/api.php
This commit is contained in:
commit
d2a8819dd4
@ -52,12 +52,16 @@ class BillController extends Controller
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
|
||||
/** @var BillRepositoryInterface repository */
|
||||
$this->repository = app(BillRepositoryInterface::class);
|
||||
$user = Auth::guard('api')->user();
|
||||
$this->repository->setUser($user);
|
||||
parent::__construct();
|
||||
$this->middleware(
|
||||
function ($request, $next) {
|
||||
/** @var BillRepositoryInterface repository */
|
||||
$this->repository = app(BillRepositoryInterface::class);
|
||||
$this->repository->setUser(auth()->user());
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -104,10 +108,10 @@ class BillController extends Controller
|
||||
return Response::json($manager->createData($resource)->toArray());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Display the specified resource.
|
||||
*
|
||||
* @param \FireflyIII\Models\Bill $bill
|
||||
* @param Request $request
|
||||
* @param Bill $bill
|
||||
*
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*/
|
||||
|
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
/**
|
||||
* Authenticate.php
|
||||
* Copyright (c) 2017 thegrumpydictator@gmail.com
|
||||
* Copyright (c) 2018 thegrumpydictator@gmail.com
|
||||
*
|
||||
* This file is part of Firefly III.
|
||||
*
|
||||
@ -18,50 +18,93 @@
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace FireflyIII\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Session;
|
||||
use Illuminate\Auth\AuthenticationException;
|
||||
use Illuminate\Contracts\Auth\Factory as Auth;
|
||||
|
||||
/**
|
||||
* Class Authenticate.
|
||||
* Class Authenticate
|
||||
*/
|
||||
class Authenticate
|
||||
{
|
||||
/**
|
||||
* The authentication factory instance.
|
||||
*
|
||||
* @var \Illuminate\Contracts\Auth\Factory
|
||||
*/
|
||||
protected $auth;
|
||||
|
||||
/**
|
||||
* Create a new middleware instance.
|
||||
*
|
||||
* @param \Illuminate\Contracts\Auth\Factory $auth
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(Auth $auth)
|
||||
{
|
||||
$this->auth = $auth;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param string|null $guard
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param string[] ...$guards
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Illuminate\Auth\AuthenticationException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next, $guard = null)
|
||||
public function handle($request, Closure $next, ...$guards)
|
||||
{
|
||||
if (Auth::guard($guard)->guest()) {
|
||||
if ($request->ajax()) {
|
||||
return response('Unauthorized.', 401);
|
||||
}
|
||||
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
if (1 === intval(Auth::guard($guard)->user()->blocked)) {
|
||||
$message = strval(trans('firefly.block_account_logout'));
|
||||
if ('email_changed' === Auth::guard($guard)->user()->blocked_code) {
|
||||
$message = strval(trans('firefly.email_changed_logout'));
|
||||
}
|
||||
|
||||
Session::flash('logoutMessage', $message);
|
||||
Auth::guard($guard)->logout();
|
||||
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
$this->authenticate($guards);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the user is logged in to any of the given guards.
|
||||
*
|
||||
* @param array $guards
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @throws \Illuminate\Auth\AuthenticationException
|
||||
*/
|
||||
protected function authenticate(array $guards)
|
||||
{
|
||||
if (empty($guards)) {
|
||||
// go for default guard:
|
||||
if ($this->auth->check()) {
|
||||
// do an extra check on user object.
|
||||
$user = $this->auth->authenticate();
|
||||
if (1 === intval($user->blocked)) {
|
||||
$message = strval(trans('firefly.block_account_logout'));
|
||||
if ('email_changed' === $user->blocked_code) {
|
||||
$message = strval(trans('firefly.email_changed_logout'));
|
||||
}
|
||||
|
||||
app('session')->flash('logoutMessage', $message);
|
||||
$this->auth->logout();
|
||||
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
}
|
||||
|
||||
return $this->auth->authenticate();
|
||||
}
|
||||
|
||||
foreach ($guards as $guard) {
|
||||
if ($this->auth->guard($guard)->check()) {
|
||||
return $this->auth->shouldUse($guard);
|
||||
}
|
||||
}
|
||||
|
||||
throw new AuthenticationException('Unauthenticated.', $guards);
|
||||
}
|
||||
}
|
||||
|
@ -24,7 +24,7 @@ namespace FireflyIII\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use FireflyIII\Support\Domain;
|
||||
use Illuminate\Auth\SessionGuard;
|
||||
use Illuminate\Contracts\Auth\Factory as Auth;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Routing\Route;
|
||||
|
||||
@ -33,6 +33,12 @@ use Illuminate\Routing\Route;
|
||||
*/
|
||||
class HttpBinder
|
||||
{
|
||||
/**
|
||||
* The authentication factory instance.
|
||||
*
|
||||
* @var \Illuminate\Contracts\Auth\Factory
|
||||
*/
|
||||
protected $auth;
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
@ -40,21 +46,27 @@ class HttpBinder
|
||||
|
||||
/**
|
||||
* Binder constructor.
|
||||
*
|
||||
* @param \Illuminate\Contracts\Auth\Factory $auth
|
||||
*/
|
||||
public function __construct()
|
||||
public function __construct(Auth $auth)
|
||||
{
|
||||
$this->binders = Domain::getBindables();
|
||||
$this->auth = $auth;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param string[] ...$guards
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Illuminate\Auth\AuthenticationException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle($request, Closure $next, ...$guards)
|
||||
{
|
||||
$middleware = $request->route()->middleware();
|
||||
$guard = 'web';
|
||||
|
@ -29,7 +29,7 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
use Illuminate\Database\Eloquent\SoftDeletes;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Watson\Validating\ValidatingTrait;
|
||||
|
||||
use Illuminate\Contracts\Auth\Factory as Auth;
|
||||
/**
|
||||
* Class Bill.
|
||||
*/
|
||||
|
@ -72,7 +72,7 @@ class BillTransformer extends TransformerAbstract
|
||||
{
|
||||
$attachments = $bill->attachments()->get();
|
||||
|
||||
return $this->collection($attachments, new AttachmentTransformer,'attachment');
|
||||
return $this->collection($attachments, new AttachmentTransformer, 'attachment');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -84,7 +84,7 @@ class BillTransformer extends TransformerAbstract
|
||||
{
|
||||
$notes = $bill->notes()->get();
|
||||
|
||||
return $this->collection($notes, new NoteTransformer,'note');
|
||||
return $this->collection($notes, new NoteTransformer, 'note');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -20,7 +20,7 @@
|
||||
*/
|
||||
|
||||
Route::group(
|
||||
['namespace' => 'FireflyIII\Api\V1\Controllers', 'prefix' => 'bill', 'as' => 'api.v1.bills.'], function () {
|
||||
['middleware' => ['auth:api','bindings'], 'namespace' => 'FireflyIII\Api\V1\Controllers', 'prefix' => 'bill', 'as' => 'api.v1.bills.'], function () {
|
||||
|
||||
// Bills API routes:
|
||||
Route::get('', ['uses' => 'BillController@index', 'as' => 'index']);
|
||||
|
Loading…
Reference in New Issue
Block a user