extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-05-31 07:16:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Control & Promote administrator status via a method rather than a prop

Browse Source
This commit is contained in:
Bubka 2024-01-26 18:14:02 +01:00
parent d96c943927
commit 8b397750e8
8 changed files with 43 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Extensions/RemoteUserProvider.php
View File

@ -63,7 +63,7 @@ class RemoteUserProvider implements UserProvider
Log::info(sprintf('Remote user %s created with email address %s', var_export($user->name, true), var_export($user->email, true))); Log::info(sprintf('Remote user %s created with email address %s', var_export($user->name, true), var_export($user->email, true)));
if (User::count() === 1) { if (User::count() === 1) {
$user->is_admin = true; $user->promoteToAdministrator();
$user->save(); $user->save();
} }
} else { } else {

13
app/Http/Controllers/Auth/LoginController.php
View File

@ -107,16 +107,21 @@ class LoginController extends Controller
{ {
$this->clearLoginAttempts($request); $this->clearLoginAttempts($request);
$name = $this->guard()->user()?->name; /**
* @var \App\Models\User|null
*/
$user = $this->guard()->user();
$name = $user?->name;
$this->authenticated($request, $this->guard()->user()); $this->authenticated($request, $this->guard()->user());
return response()->json([ return response()->json([
'message' => 'authenticated', 'message' => 'authenticated',
'id' => $user->id,
'name' => $name, 'name' => $name,
'email' => $this->guard()->user()->email, 'email' => $user->email,
'preferences' => $this->guard()->user()->preferences, 'preferences' => $user->preferences,
'is_admin' => $this->guard()->user()->is_admin, 'is_admin' => $user->isAdministrator(),
], Response::HTTP_OK); ], Response::HTTP_OK);
} }

10
app/Http/Controllers/Auth/RegisterController.php
View File

@ -43,13 +43,17 @@ class RegisterController extends Controller
event(new Registered($user = $this->create($validated))); event(new Registered($user = $this->create($validated)));
$this->guard()->login($user); $this->guard()->login($user);
/**
* @var \App\Models\User|null
*/
$user = $this->guard()->user();
return response()->json([ return response()->json([
'message' => 'account created', 'message' => 'account created',
'name' => $user->name, 'name' => $user->name,
'email' => $user->email, 'email' => $user->email,
'preferences' => $this->guard()->user()->preferences, 'preferences' => $user->preferences,
'is_admin' => $this->guard()->user()->is_admin, 'is_admin' => $user->isAdministrator(),
], 201); ], 201);
} }
@ -69,7 +73,7 @@ class RegisterController extends Controller
Log::info(sprintf('User ID #%s created', $user->id)); Log::info(sprintf('User ID #%s created', $user->id));
if (User::count() == 1) { if (User::count() == 1) {
$user->is_admin = true; $user->promoteToAdministrator();
$user->save(); $user->save();
Log::notice(sprintf('User ID #%s set as administrator', $user->id)); Log::notice(sprintf('User ID #%s set as administrator', $user->id));
} }

2
app/Http/Controllers/Auth/SocialiteController.php
View File

@ -56,7 +56,7 @@ class SocialiteController extends Controller
if (User::where('email', $socialiteEmail)->exists()) { if (User::where('email', $socialiteEmail)->exists()) {
return redirect('/error?err=sso_email_already_used'); return redirect('/error?err=sso_email_already_used');
} elseif (User::count() === 0) { } elseif (User::count() === 0) {
$user->is_admin = true; $user->promoteToAdministrator();
} elseif (Settings::get('disableRegistration')) { } elseif (Settings::get('disableRegistration')) {
return redirect('/error?err=sso_no_register'); return redirect('/error?err=sso_no_register');
} }

2
app/Http/Controllers/Auth/UserController.php
View File

@ -59,7 +59,7 @@ class UserController extends Controller
Log::info(sprintf('Deletion of user ID #%s requested', $user->id)); Log::info(sprintf('Deletion of user ID #%s requested', $user->id));
if ($user->is_admin && User::admins()->count() == 1) { if ($user->isAdministrator() && User::admins()->count() == 1) {
return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400); return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
} }

2
app/Http/Controllers/SystemController.php
View File

@ -45,7 +45,7 @@ class SystemController extends Controller
$infos['common']['Trusted proxies'] = config('2fauth.config.trustedProxies') ?: 'none'; $infos['common']['Trusted proxies'] = config('2fauth.config.trustedProxies') ?: 'none';
// Admin settings // Admin settings
if ($request->user()->is_admin == true) { if ($request->user()->isAdministrator()) {
$infos['admin_settings']['useEncryption'] = Settings::get('useEncryption'); $infos['admin_settings']['useEncryption'] = Settings::get('useEncryption');
$infos['admin_settings']['lastRadarScan'] = Carbon::parse(Settings::get('lastRadarScan'))->format('Y-m-d H:i:s'); $infos['admin_settings']['lastRadarScan'] = Carbon::parse(Settings::get('lastRadarScan'))->format('Y-m-d H:i:s');
$infos['admin_settings']['checkForUpdate'] = Settings::get('checkForUpdate'); $infos['admin_settings']['checkForUpdate'] = Settings::get('checkForUpdate');

2
app/Http/Middleware/AdminOnly.php
View File

@ -16,7 +16,7 @@ class AdminOnly
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if (! Auth::user()->is_admin) { if (! Auth::user()->isAdministrator()) {
throw new AuthorizationException; throw new AuthorizationException;
} }

22
app/Models/User.php
View File

@ -8,6 +8,7 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Illuminate\Support\Str;
use Laragear\WebAuthn\WebAuthnAuthentication; use Laragear\WebAuthn\WebAuthnAuthentication;
use Laravel\Passport\HasApiTokens; use Laravel\Passport\HasApiTokens;
@ -86,6 +87,27 @@ class User extends Authenticatable implements WebAuthnAuthenticatable
return $query->where('is_admin', true); return $query->where('is_admin', true);
} }
/**
* Determine if the user is an administrator.
*
* @return boolean
*/
public function isAdministrator()
{
return $this->is_admin;
}
/**
* Grant administrator permissions to the user.
*
* @param bool $promote
* @return void
*/
public function promoteToAdministrator(bool $promote = true)
{
$this->is_admin = $promote;
}
/** /**
* Send the password reset notification. * Send the password reset notification.
* *