snipe-it/app/Http/Middleware/CheckForTwoFactor.php

<?php

namespace App\Http\Middleware;

use App\Models\Setting;
use Auth;
use Closure;

class CheckForTwoFactor
{
    /**
     * Routes to ignore for Two Factor Auth
     */
    const IGNORE_ROUTES = ['two-factor', 'two-factor-enroll', 'setup', 'logout'];

    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
     *
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        // Skip the logic if the user is on the two factor pages or the setup pages
        if (in_array($request->route()->getName(), self::IGNORE_ROUTES)) {
            return $next($request);
        }

        // Two-factor is enabled (either optional or required)
        if ($settings = Setting::getSettings()) {
            if (Auth::check() && ($settings->two_factor_enabled != '')) {
                // This user is already 2fa-authed
                if ($request->session()->get('2fa_authed')==Auth::user()->id) {
                    return $next($request);
                }

                // Two-factor is optional and the user has NOT opted in, let them through
                if (($settings->two_factor_enabled == '1') && (Auth::user()->two_factor_optin != '1')) {
                    return $next($request);
                }

                // Otherwise make sure they're enrolled and show them the 2FA code screen
                if ((Auth::user()->two_factor_secret != '') && (Auth::user()->two_factor_enrolled == '1')) {
                    return redirect()->route('two-factor')->with('info', 'Please enter your two-factor authentication code.');
                }

                return redirect()->route('two-factor-enroll')->with('success', 'Please enroll a device in two-factor authentication.');
            }
        }

        return $next($request);
    }
}
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`<?php`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`namespace App\Http\Middleware;`
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00
Minor code cleanup bits and bobs (#6805) * Add IDE Helper files * Cleanup imports - Alphabetises imports - Removes unused imports * Add Platform requirements * Move filling asset into block where asset exists * Remove duplicate array keys 2019-03-13 20:12:03 -07:00			`use App\Models\Setting;`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`use Auth;`
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`use Closure;`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00
			`class CheckForTwoFactor`
			`{`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`/**`
			`* Routes to ignore for Two Factor Auth`
			`*/`
			`const IGNORE_ROUTES = ['two-factor', 'two-factor-enroll', 'setup', 'logout'];`

Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`/**`
			`* Handle an incoming request.`
			`*`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`*`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
Get settings in middleware, makr available in views 2016-11-28 22:53:16 -08:00			`// Skip the logic if the user is on the two factor pages or the setup pages`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`if (in_array($request->route()->getName(), self::IGNORE_ROUTES)) {`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`return $next($request);`
			`}`

			`// Two-factor is enabled (either optional or required)`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`if ($settings = Setting::getSettings()) {`
			`if (Auth::check() && ($settings->two_factor_enabled != '')) {`
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`// This user is already 2fa-authed`
Fixes 2FA cookie -> user issue Signed-off-by: snipe <snipe@snipe.net> 2022-02-15 18:29:23 -08:00			`if ($request->session()->get('2fa_authed')==Auth::user()->id) {`
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`return $next($request);`
			`}`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`// Two-factor is optional and the user has NOT opted in, let them through`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`if (($settings->two_factor_enabled == '1') && (Auth::user()->two_factor_optin != '1')) {`
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`return $next($request);`
			`}`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`// Otherwise make sure they're enrolled and show them the 2FA code screen`
Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`if ((Auth::user()->two_factor_secret != '') && (Auth::user()->two_factor_enrolled == '1')) {`
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`return redirect()->route('two-factor')->with('info', 'Please enter your two-factor authentication code.');`
			`}`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00
Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 09:08:13 -08:00			`return redirect()->route('two-factor-enroll')->with('success', 'Please enroll a device in two-factor authentication.');`
			`}`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`}`

Added: Caching of settings (#6378) * Fixed missing oauth tables during setup. * Cache settings Cache the setting to reduce unnecessary database calls 2018-11-01 19:59:50 -07:00			`return $next($request);`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`}`
			`}`