extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2024-11-29 03:33:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
c45fb2f658
2FAuth/app/Http/Middleware/RejectIfSsoOnlyAndNotForAdmin.php
Bubka c00b04e192 Apply Pint fixes
2024-09-26 23:50:01 +02:00

43 lines
1.3 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Middleware;
use App\Facades\Settings;
use App\Models\User;
use Closure;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
class RejectIfSsoOnlyAndNotForAdmin
{
/**
* Reject the request when it aims to modify or impact a user account in those 2 conditions:
* - The impacted account does not have the Administrator role
* - Authentication is restricted to SSO only
*
* @param \Illuminate\Http\Request $request
* @return mixed
*/
public function handle($request, Closure $next)
{
if (Settings::get('useSsoOnly')) {
if ($email = $request->input('email', null)) {
$user = User::whereEmail($email)->first();
} else {
$user = Auth::user();
}
if ($user?->isAdministrator()) {
return $next($request);
}
Log::notice(sprintf('Request to %s rejected, only Admins can request it while authentication is restricted to SSO only', $request->getPathInfo()));
return response()->json(['message' => __('errors.unsupported_with_sso_only')], Response::HTTP_METHOD_NOT_ALLOWED);
}
return $next($request);
}
}
Reference in New Issue View Git Blame Copy Permalink