extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-06-20 03:38:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply Demo restrictions on more routes

Browse Source
This commit is contained in:
Bubka 2022-03-28 13:48:29 +02:00
parent cdfda1591b
commit a786efc6e8
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@ -71,7 +71,7 @@ class Kernel extends HttpKernel
'auth' => \App\Http\Middleware\Authenticate::class, 'auth' => \App\Http\Middleware\Authenticate::class,
'guest' => \App\Http\Middleware\RejectIfAuthenticated::class, 'guest' => \App\Http\Middleware\RejectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'AvoidResetPassword' => \App\Http\Middleware\AvoidPasswordResetInDemo::class, 'disableInDemoMode' => \App\Http\Middleware\DisableInDemoMode::class,
]; ];
/** /**

4
app/Http/Middleware/AvoidPasswordResetInDemo.php → app/Http/Middleware/DisableInDemoMode.php
View File

@ -6,7 +6,7 @@ use Closure;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
class AvoidPasswordResetInDemo class DisableInDemoMode
{ {
/** /**
* Handle an incoming request. * Handle an incoming request.
@ -21,7 +21,7 @@ class AvoidPasswordResetInDemo
if( config('2fauth.config.isDemoApp') ) { if( config('2fauth.config.isDemoApp') ) {
Log::notice('Cannot request a password reset in Demo mode'); Log::notice('Cannot request a password reset in Demo mode');
return response()->json(['message' => __('auth.forms.no_reset_password_in_demo')], Response::HTTP_UNAUTHORIZED); return response()->json(['message' => __('auth.forms.disabled_in_demo')], Response::HTTP_UNAUTHORIZED);
} }
return $next($request); return $next($request);

2
resources/lang/en/auth.php
View File

@ -82,7 +82,7 @@ return [
'forgot_your_password' => 'Forgot your password?', 'forgot_your_password' => 'Forgot your password?',
'request_password_reset' => 'Reset it', 'request_password_reset' => 'Reset it',
'reset_password' => 'Reset password', 'reset_password' => 'Reset password',
'no_reset_password_in_demo' => 'No reset in Demo mode', 'disabled_in_demo' => 'Feature disabled in Demo mode',
'new_password' => 'New password', 'new_password' => 'New password',
'current_password' => [ 'current_password' => [
'label' => 'Current password', 'label' => 'Current password',

6
routes/web.php
View File

@ -16,9 +16,9 @@ use App\Http\Controllers\Auth\WebAuthnRecoveryController;
/** /**
* Routes that only work for unauthenticated user (return an error otherwise) * Routes that only work for unauthenticated user (return an error otherwise)
*/ */
Route::group(['middleware' => 'guest'], function () { Route::group(['middleware' => ['guest', 'disableInDemoMode']], function () {
Route::post('user', 'Auth\RegisterController@register')->name('user.register'); Route::post('user', 'Auth\RegisterController@register')->name('user.register');
Route::post('user/password/lost', 'Auth\ForgotPasswordController@sendResetLinkEmail')->middleware('AvoidResetPassword')->name('user.password.lost');; Route::post('user/password/lost', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('user.password.lost');;
Route::post('user/password/reset', 'Auth\ResetPasswordController@reset')->name('user.password.reset'); Route::post('user/password/reset', 'Auth\ResetPasswordController@reset')->name('user.password.reset');
Route::post('webauthn/login/options', [WebAuthnLoginController::class, 'options'])->name('webauthn.login.options'); Route::post('webauthn/login/options', [WebAuthnLoginController::class, 'options'])->name('webauthn.login.options');
Route::post('webauthn/lost', [WebAuthnDeviceLostController::class, 'sendRecoveryEmail'])->name('webauthn.lost'); Route::post('webauthn/lost', [WebAuthnDeviceLostController::class, 'sendRecoveryEmail'])->name('webauthn.lost');
@ -40,7 +40,7 @@ Route::group(['middleware' => ['guest', 'throttle:10,1']], function () {
*/ */
Route::group(['middleware' => 'behind-auth'], function () { Route::group(['middleware' => 'behind-auth'], function () {
Route::put('user', 'Auth\UserController@update')->name('user.update'); Route::put('user', 'Auth\UserController@update')->name('user.update');
Route::patch('user/password', 'Auth\PasswordController@update')->name('user.password.update'); Route::patch('user/password', 'Auth\PasswordController@update')->name('user.password.update')->middleware('disableInDemoMode');
Route::get('user/logout', 'Auth\LoginController@logout')->name('user.logout'); Route::get('user/logout', 'Auth\LoginController@logout')->name('user.logout');
Route::delete('user', 'Auth\UserController@delete')->name('user.delete')->middleware('disableInDemoMode'); Route::delete('user', 'Auth\UserController@delete')->name('user.delete')->middleware('disableInDemoMode');