mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-09-14 05:22:02 +00:00
49 lines
1.4 KiB
PHP
49 lines
1.4 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use BookStack\Auth\Access\Mfa\MfaSession;
|
|
use Closure;
|
|
|
|
class EnforceMfaRequirements
|
|
{
|
|
protected $mfaSession;
|
|
|
|
/**
|
|
* EnforceMfaRequirements constructor.
|
|
*/
|
|
public function __construct(MfaSession $mfaSession)
|
|
{
|
|
$this->mfaSession = $mfaSession;
|
|
}
|
|
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
if (
|
|
!$this->mfaSession->isVerified()
|
|
&& !$request->is('mfa/verify*', 'uploads/images/user/*')
|
|
&& $this->mfaSession->requiredForCurrentUser()
|
|
) {
|
|
// return redirect('/mfa/verify');
|
|
}
|
|
|
|
// TODO - URI wildcard exceptions above allow access to the 404 page of this user
|
|
// which could then expose content. Either need to lock that down (Tricky to do image thing)
|
|
// or prevent any level of auth until verified.
|
|
|
|
// TODO - Need to redirect to setup if not configured AND ONLY IF NO OPTIONS CONFIGURED
|
|
// Might need to change up such routes to start with /configure/ for such identification.
|
|
// (Can't allow access to those if already configured)
|
|
// TODO - Store mfa_pass into session for future requests?
|
|
|
|
return $next($request);
|
|
}
|
|
}
|