2016-10-29 05:50:55 -07:00
|
|
|
<?php
|
2018-11-01 19:59:50 -07:00
|
|
|
|
2016-10-29 05:50:55 -07:00
|
|
|
namespace App\Http\Middleware;
|
2016-11-06 09:08:13 -08:00
|
|
|
|
2019-03-13 20:12:03 -07:00
|
|
|
use App\Models\Setting;
|
2024-05-29 04:38:15 -07:00
|
|
|
use Illuminate\Support\Facades\Auth;
|
2016-11-06 09:08:13 -08:00
|
|
|
use Closure;
|
2016-10-29 05:50:55 -07:00
|
|
|
|
|
|
|
class CheckForTwoFactor
|
|
|
|
{
|
2018-11-01 19:59:50 -07:00
|
|
|
/**
|
|
|
|
* Routes to ignore for Two Factor Auth
|
|
|
|
*/
|
2023-02-06 12:44:02 -08:00
|
|
|
public const IGNORE_ROUTES = ['two-factor', 'two-factor-enroll', 'setup', 'logout'];
|
2018-11-01 19:59:50 -07:00
|
|
|
|
2016-10-29 05:50:55 -07:00
|
|
|
/**
|
|
|
|
* Handle an incoming request.
|
|
|
|
*
|
2018-11-01 19:59:50 -07:00
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
|
* @param \Closure $next
|
|
|
|
*
|
2016-10-29 05:50:55 -07:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function handle($request, Closure $next)
|
|
|
|
{
|
2016-11-28 22:53:16 -08:00
|
|
|
// Skip the logic if the user is on the two factor pages or the setup pages
|
2022-05-13 14:22:27 -07:00
|
|
|
|
|
|
|
// TODO - what we have below only works because our ROUTE uri's look _exactly_ like the route *names*.
|
|
|
|
// The problem is that, in the new(-ish) Laravel routing system, the route-name doesn't match if the route _verb_ is wrong.
|
|
|
|
// so we can have a blade that POST's to a route('two-factor') - but that route *name* is only matched when the method is GET
|
|
|
|
// because we attached the name to the GET, not to the POST (as route names *SHOULD* be unique in Laravel)
|
|
|
|
// there has got to be a better way to do this, but this is the best I could come up with for now.
|
|
|
|
if (in_array($request->route()->getName(), self::IGNORE_ROUTES) || in_array($request->route()->uri(), self::IGNORE_ROUTES)) {
|
2016-10-29 05:50:55 -07:00
|
|
|
return $next($request);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Two-factor is enabled (either optional or required)
|
2018-11-01 19:59:50 -07:00
|
|
|
if ($settings = Setting::getSettings()) {
|
|
|
|
if (Auth::check() && ($settings->two_factor_enabled != '')) {
|
2016-11-06 09:08:13 -08:00
|
|
|
// This user is already 2fa-authed
|
2022-02-15 18:29:23 -08:00
|
|
|
if ($request->session()->get('2fa_authed')==Auth::user()->id) {
|
2016-11-06 09:08:13 -08:00
|
|
|
return $next($request);
|
|
|
|
}
|
2016-10-29 05:50:55 -07:00
|
|
|
|
2016-11-06 09:08:13 -08:00
|
|
|
// Two-factor is optional and the user has NOT opted in, let them through
|
2018-11-01 19:59:50 -07:00
|
|
|
if (($settings->two_factor_enabled == '1') && (Auth::user()->two_factor_optin != '1')) {
|
2016-11-06 09:08:13 -08:00
|
|
|
return $next($request);
|
|
|
|
}
|
2016-10-29 05:50:55 -07:00
|
|
|
|
2016-11-06 09:08:13 -08:00
|
|
|
// Otherwise make sure they're enrolled and show them the 2FA code screen
|
2018-11-01 19:59:50 -07:00
|
|
|
if ((Auth::user()->two_factor_secret != '') && (Auth::user()->two_factor_enrolled == '1')) {
|
2016-11-06 09:08:13 -08:00
|
|
|
return redirect()->route('two-factor')->with('info', 'Please enter your two-factor authentication code.');
|
|
|
|
}
|
2016-10-29 05:50:55 -07:00
|
|
|
|
2016-11-06 09:08:13 -08:00
|
|
|
return redirect()->route('two-factor-enroll')->with('success', 'Please enroll a device in two-factor authentication.');
|
|
|
|
}
|
2016-10-29 05:50:55 -07:00
|
|
|
}
|
|
|
|
|
2018-11-01 19:59:50 -07:00
|
|
|
return $next($request);
|
2016-10-29 05:50:55 -07:00
|
|
|
}
|
|
|
|
}
|