BookStack/app/Http/Middleware/Authenticate.php

<?php

namespace BookStack\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class Authenticate
{
    use ChecksForEmailConfirmation;

    /**
     * Handle an incoming request.
     */
    public function handle(Request $request, Closure $next)
    {
        if ($this->awaitingEmailConfirmation()) {
            return $this->emailConfirmationErrorResponse($request);
        }

        if (!hasAppAccess()) {
            if ($request->ajax()) {
                return response('Unauthorized.', 401);
            } else {
                return redirect()->guest(url('/login'));
            }
        }

        return $next($request);
    }

    /**
     * Provide an error response for when the current user's email is not confirmed
     * in a system which requires it.
     */
    protected function emailConfirmationErrorResponse(Request $request)
    {
        if ($request->wantsJson()) {
            return response()->json([
                'error' => [
                    'code'    => 401,
                    'message' => trans('errors.email_confirmation_awaiting'),
                ],
            ], 401);
        }

        if (session()->get('sent-email-confirmation') === true) {
            return redirect('/register/confirm');
        }

        return redirect('/register/confirm/awaiting');
    }
}
Initial commit 2015-07-12 19:01:42 +00:00			`<?php`

Change application namespace to BookStack 2015-09-10 18:31:09 +00:00			`namespace BookStack\Http\Middleware;`
Initial commit 2015-07-12 19:01:42 +00:00
			`use Closure;`
Change email confirmation from own middle to trait Email confirmation middleware caused more mess than good, As caused priority issues and it depended on auth actions. Instead its now a trai used on auth middlewares. Also used 'EncryptCookies' middleware on API instead of custom decryption in custom middleware since we'd need to do replicate all the same actions anyway. Shouldn't have too much effect since it only actions over cookies that exist, of which none should be there for most API requests. Also split out some large guard functions to be a little more readable and appease codeclimate. 2019-12-30 15:46:12 +00:00			`use Illuminate\Http\Request;`
Initial commit 2015-07-12 19:01:42 +00:00
			`class Authenticate`
			`{`
Change email confirmation from own middle to trait Email confirmation middleware caused more mess than good, As caused priority issues and it depended on auth actions. Instead its now a trai used on auth middlewares. Also used 'EncryptCookies' middleware on API instead of custom decryption in custom middleware since we'd need to do replicate all the same actions anyway. Shouldn't have too much effect since it only actions over cookies that exist, of which none should be there for most API requests. Also split out some large guard functions to be a little more readable and appease codeclimate. 2019-12-30 15:46:12 +00:00			`use ChecksForEmailConfirmation;`

Initial commit 2015-07-12 19:01:42 +00:00			`/**`
			`* Handle an incoming request.`
			`*/`
Linked new API token system into middleware Base logic in place but needs review and refactor to see if can better fit into Laravel using 'Guard' system. Currently has issues due to cookies in use from active session on API. 2019-12-30 02:16:07 +00:00			`public function handle(Request $request, Closure $next)`
Initial commit 2015-07-12 19:01:42 +00:00			`{`
Change email confirmation from own middle to trait Email confirmation middleware caused more mess than good, As caused priority issues and it depended on auth actions. Instead its now a trai used on auth middlewares. Also used 'EncryptCookies' middleware on API instead of custom decryption in custom middleware since we'd need to do replicate all the same actions anyway. Shouldn't have too much effect since it only actions over cookies that exist, of which none should be there for most API requests. Also split out some large guard functions to be a little more readable and appease codeclimate. 2019-12-30 15:46:12 +00:00			`if ($this->awaitingEmailConfirmation()) {`
			`return $this->emailConfirmationErrorResponse($request);`
			`}`

Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00			`if (!hasAppAccess()) {`
Initial commit 2015-07-12 19:01:42 +00:00			`if ($request->ajax()) {`
			`return response('Unauthorized.', 401);`
			`} else {`
Replaced use of custom 'baseUrl' helper with 'url' Also changed up how base URL setting was being done by manipulating incoming request URLs instead of altering then on generation. 2019-08-04 13:26:39 +00:00			`return redirect()->guest(url('/login'));`
Initial commit 2015-07-12 19:01:42 +00:00			`}`
			`}`

			`return $next($request);`
			`}`
Added API listing filtering & cleaned ApiAuthenticate returns API listing endpoint filter can be found via &filter[name]=my+book query parameters. There are a range of operators that can be used such as &filter[id:gte]=4 2020-01-01 16:33:47 +00:00
			`/**`
			`* Provide an error response for when the current user's email is not confirmed`
			`* in a system which requires it.`
			`*/`
			`protected function emailConfirmationErrorResponse(Request $request)`
			`{`
			`if ($request->wantsJson()) {`
			`return response()->json([`
			`'error' => [`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`'code' => 401,`
			`'message' => trans('errors.email_confirmation_awaiting'),`
			`],`
Added API listing filtering & cleaned ApiAuthenticate returns API listing endpoint filter can be found via &filter[name]=my+book query parameters. There are a range of operators that can be used such as &filter[id:gte]=4 2020-01-01 16:33:47 +00:00			`], 401);`
			`}`

Updated flow to ensure /register/confirm route is used where needed Was accidentally skipped during previous updates. Will now be used on saml, ldap & standard registration where required. Uses session to know if the email was just sent and, if so, show the confirmation route. 2020-09-05 16:26:48 +00:00			`if (session()->get('sent-email-confirmation') === true) {`
			`return redirect('/register/confirm');`
			`}`

Added API listing filtering & cleaned ApiAuthenticate returns API listing endpoint filter can be found via &filter[name]=my+book query parameters. There are a range of operators that can be used such as &filter[id:gte]=4 2020-01-01 16:33:47 +00:00			`return redirect('/register/confirm/awaiting');`
			`}`
Initial commit 2015-07-12 19:01:42 +00:00			`}`