mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-04-09 06:47:51 +00:00
Updated API auth handling of email confirmations
Email confirmations are now done within the guard during auth checking instead of at the middleware layer.
This commit is contained in:
Dan Brown
parent
9b271e559f
commit
70f39757b1
3 changed files with 16 additions and 7 deletions
app
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace BookStack\Api;
|
namespace BookStack\Api;
|
||||||
|
|
||||||
|
use BookStack\Auth\Access\LoginService;
|
||||||
use BookStack\Exceptions\ApiAuthException;
|
use BookStack\Exceptions\ApiAuthException;
|
||||||
use Illuminate\Auth\GuardHelpers;
|
use Illuminate\Auth\GuardHelpers;
|
||||||
use Illuminate\Contracts\Auth\Authenticatable;
|
use Illuminate\Contracts\Auth\Authenticatable;
|
||||||
|
|
@ -19,6 +20,11 @@ class ApiTokenGuard implements Guard
|
||||||
*/
|
*/
|
||||||
protected $request;
|
protected $request;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var LoginService
|
||||||
|
*/
|
||||||
|
protected $loginService;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The last auth exception thrown in this request.
|
* The last auth exception thrown in this request.
|
||||||
*
|
*
|
||||||
|
|
@ -29,9 +35,10 @@ class ApiTokenGuard implements Guard
|
||||||
/**
|
/**
|
||||||
* ApiTokenGuard constructor.
|
* ApiTokenGuard constructor.
|
||||||
*/
|
*/
|
||||||
public function __construct(Request $request)
|
public function __construct(Request $request, LoginService $loginService)
|
||||||
{
|
{
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
|
$this->loginService = $loginService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -95,6 +102,10 @@ class ApiTokenGuard implements Guard
|
||||||
|
|
||||||
$this->validateToken($token, $secret);
|
$this->validateToken($token, $secret);
|
||||||
|
|
||||||
|
if ($this->loginService->awaitingEmailConfirmation($token->user)) {
|
||||||
|
throw new ApiAuthException(trans('errors.email_confirmation_awaiting'));
|
||||||
|
}
|
||||||
|
|
||||||
return $token->user;
|
return $token->user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,6 @@ use Illuminate\Http\Request;
|
||||||
|
|
||||||
class ApiAuthenticate
|
class ApiAuthenticate
|
||||||
{
|
{
|
||||||
use ChecksForEmailConfirmation;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handle an incoming request.
|
* Handle an incoming request.
|
||||||
|
|
@ -37,7 +36,6 @@ class ApiAuthenticate
|
||||||
// Return if the user is already found to be signed in via session-based auth.
|
// Return if the user is already found to be signed in via session-based auth.
|
||||||
// This is to make it easy to browser the API via browser after just logging into the system.
|
// This is to make it easy to browser the API via browser after just logging into the system.
|
||||||
if (signedInUser() || session()->isStarted()) {
|
if (signedInUser() || session()->isStarted()) {
|
||||||
$this->ensureEmailConfirmedIfRequested();
|
|
||||||
if (!user()->can('access-api')) {
|
if (!user()->can('access-api')) {
|
||||||
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
|
||||||
}
|
}
|
||||||
|
|
@ -50,7 +48,6 @@ class ApiAuthenticate
|
||||||
|
|
||||||
// Validate the token and it's users API access
|
// Validate the token and it's users API access
|
||||||
auth()->authenticate();
|
auth()->authenticate();
|
||||||
$this->ensureEmailConfirmedIfRequested();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ use BookStack\Auth\Access\ExternalBaseUserProvider;
|
||||||
use BookStack\Auth\Access\Guards\LdapSessionGuard;
|
use BookStack\Auth\Access\Guards\LdapSessionGuard;
|
||||||
use BookStack\Auth\Access\Guards\Saml2SessionGuard;
|
use BookStack\Auth\Access\Guards\Saml2SessionGuard;
|
||||||
use BookStack\Auth\Access\LdapService;
|
use BookStack\Auth\Access\LdapService;
|
||||||
|
use BookStack\Auth\Access\LoginService;
|
||||||
use BookStack\Auth\Access\RegistrationService;
|
use BookStack\Auth\Access\RegistrationService;
|
||||||
use Illuminate\Support\ServiceProvider;
|
use Illuminate\Support\ServiceProvider;
|
||||||
|
|
||||||
|
|
@ -21,7 +22,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
public function boot()
|
public function boot()
|
||||||
{
|
{
|
||||||
Auth::extend('api-token', function ($app, $name, array $config) {
|
Auth::extend('api-token', function ($app, $name, array $config) {
|
||||||
return new ApiTokenGuard($app['request']);
|
return new ApiTokenGuard($app['request'], $app->make(LoginService::class));
|
||||||
});
|
});
|
||||||
|
|
||||||
Auth::extend('ldap-session', function ($app, $name, array $config) {
|
Auth::extend('ldap-session', function ($app, $name, array $config) {
|
||||||
|
|
@ -30,7 +31,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
return new LdapSessionGuard(
|
return new LdapSessionGuard(
|
||||||
$name,
|
$name,
|
||||||
$provider,
|
$provider,
|
||||||
$this->app['session.store'],
|
$app['session.store'],
|
||||||
$app[LdapService::class],
|
$app[LdapService::class],
|
||||||
$app[RegistrationService::class]
|
$app[RegistrationService::class]
|
||||||
);
|
);
|
||||||
|
|
@ -42,7 +43,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
return new Saml2SessionGuard(
|
return new Saml2SessionGuard(
|
||||||
$name,
|
$name,
|
||||||
$provider,
|
$provider,
|
||||||
$this->app['session.store'],
|
$app['session.store'],
|
||||||
$app[RegistrationService::class]
|
$app[RegistrationService::class]
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue