Make sure the two factor auth pages are not accessible when already authenticated using two factor.

2025-02-25 18:45:27 -06:00 · 2016-03-19 16:29:01 +01:00 · 2016-03-19 16:29:01 +01:00 · dc172476e1
commit dc172476e1
parent 6fc7763380
2 changed files with 50 additions and 0 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -9,6 +9,7 @@ use FireflyIII\Http\Middleware\Binder;
 use FireflyIII\Http\Middleware\EncryptCookies;
 use FireflyIII\Http\Middleware\Range;
 use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
+use FireflyIII\Http\Middleware\RedirectIfTwoFactorAuthenticated;
 use FireflyIII\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
@ -67,6 +68,7 @@ class Kernel extends HttpKernel
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                Authenticate::class,
+                RedirectIfTwoFactorAuthenticated::class,
            ],
            'web-auth-range'         => [
                EncryptCookies::class,
--- a/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php
@ -0,0 +1,48 @@
+<?php
+/**
+ * RedirectIfTwoFactorAuthenticated.php
+ * Copyright (C) 2016 Sander Dorigo
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+declare(strict_types = 1);
+
+namespace FireflyIII\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Auth;
+use Preferences;
+use Session;
+/**
+ * Class RedirectIfTwoFactorAuthenticated
+ *
+ * @package FireflyIII\Http\Middleware
+ */
+class RedirectIfTwoFactorAuthenticated
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure                 $next
+     * @param  string|null              $guard
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next, $guard = null)
+    {
+        if (Auth::guard($guard)->check()) {
+
+            $twoFactorAuthEnabled     = Preferences::get('twoFactorAuthEnabled', false)->data;
+            $hasTwoFactorAuthSecret   = !is_null(Preferences::get('twoFactorAuthSecret'));
+            $isTwoFactorAuthenticated = Session::get('twofactor-authenticated');
+            if ($twoFactorAuthEnabled && $hasTwoFactorAuthSecret && $isTwoFactorAuthenticated) {
+                return redirect('/');
+            }
+        }
+
+        return $next($request);
+    }
+}