DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-11 22:07:29 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Logout user when their activated status is switched to off

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-03-29 13:44:53 +01:00
parent ab18ceb2f9
commit bdabbbd4e9
3 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Kernel.php
View file

@ -39,6 +39,7 @@ class Kernel extends HttpKernel
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\App\Http\Middleware\VerifyCsrfToken::class, \App\Http\Middleware\VerifyCsrfToken::class,
\App\Http\Middleware\CheckLocale::class, \App\Http\Middleware\CheckLocale::class,
\App\Http\Middleware\CheckUserIsActivated::class,
\App\Http\Middleware\CheckForTwoFactor::class, \App\Http\Middleware\CheckForTwoFactor::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
\App\Http\Middleware\AssetCountForSidebar::class, \App\Http\Middleware\AssetCountForSidebar::class,

15
app/Http/Middleware/Authenticate.php → app/Http/Middleware/CheckUserIsActivated.php
View file

@ -4,8 +4,9 @@ namespace App\Http\Middleware;
use Closure; use Closure;
use Illuminate\Contracts\Auth\Guard; use Illuminate\Contracts\Auth\Guard;
use Auth;
class Authenticate class CheckUserIsActivated
{ {
/** /**
* The Guard implementation. * The Guard implementation.
@ -34,14 +35,16 @@ class Authenticate
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if ($this->auth->guest()) {
if ($request->ajax()) { // If there is a user AND the user is NOT activated, send them to the login page
return response('Unauthorized.', 401); // This prevents people who still have active sessions logged in and their status gets toggled
} else { // to inactive (aka unable to login)
if (($request->user()) && (!$request->user()->isActivated())) {
Auth::logout();
return redirect()->guest('login'); return redirect()->guest('login');
} }
}
return $next($request); return $next($request);
} }
} }

2
resources/lang/en/auth/message.php
View file

@ -3,7 +3,7 @@
return array( return array(
'account_already_exists' => 'An account with the this email already exists.', 'account_already_exists' => 'An account with the this email already exists.',
'account_not_found' => 'The username or password is incorrect.', 'account_not_found' => 'The username or password is incorrect or this user is not approved to login.',
'account_not_activated' => 'This user account is not activated.', 'account_not_activated' => 'This user account is not activated.',
'account_suspended' => 'This user account is suspended.', 'account_suspended' => 'This user account is suspended.',
'account_banned' => 'This user account is banned.', 'account_banned' => 'This user account is banned.',