BookStack/app/Http/Middleware/Authenticate.php
Dan Brown ff1ee2d71f
Updated flow to ensure /register/confirm route is used where needed
Was accidentally skipped during previous updates. Will now be used on
saml, ldap & standard registration where required.
Uses session to know if the email was just sent and, if so, show the
confirmation route.
2020-09-05 17:26:48 +01:00

54 lines
1.3 KiB
PHP

<?php
namespace BookStack\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class Authenticate
{
use ChecksForEmailConfirmation;
/**
* Handle an incoming request.
*/
public function handle(Request $request, Closure $next)
{
if ($this->awaitingEmailConfirmation()) {
return $this->emailConfirmationErrorResponse($request);
}
if (!hasAppAccess()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest(url('/login'));
}
}
return $next($request);
}
/**
* Provide an error response for when the current user's email is not confirmed
* in a system which requires it.
*/
protected function emailConfirmationErrorResponse(Request $request)
{
if ($request->wantsJson()) {
return response()->json([
'error' => [
'code' => 401,
'message' => trans('errors.email_confirmation_awaiting')
]
], 401);
}
if (session()->get('sent-email-confirmation') === true) {
return redirect('/register/confirm');
}
return redirect('/register/confirm/awaiting');
}
}