mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-04 14:22:00 +01:00
43 lines
1.3 KiB
PHP
43 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Facades\Settings;
|
|
use App\Models\User;
|
|
use Closure;
|
|
use Illuminate\Http\Response;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Log;
|
|
|
|
class RejectIfSsoOnlyAndNotForAdmin
|
|
{
|
|
/**
|
|
* Reject the request when it aims to modify or impact a user account in those 2 conditions:
|
|
* - The impacted account does not have the Administrator role
|
|
* - Authentication is restricted to SSO only
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
if (Settings::get('useSsoOnly')) {
|
|
if ($email = $request->input('email', null)) {
|
|
$user = User::whereEmail($email)->first();
|
|
} else {
|
|
$user = Auth::user();
|
|
}
|
|
|
|
if ($user?->isAdministrator()) {
|
|
return $next($request);
|
|
}
|
|
|
|
Log::notice(sprintf('Request to %s rejected, only Admins can request it while authentication is restricted to SSO only', $request->getPathInfo()));
|
|
|
|
return response()->json(['message' => __('errors.unsupported_with_sso_only')], Response::HTTP_METHOD_NOT_ALLOWED);
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
}
|