firefly-iii/app/Http/Middleware/Authenticate.php

<?php

/**
 * Authenticate.php
 * Copyright (c) 2019 james@firefly-iii.org
 *
 * This file is part of Firefly III (https://github.com/firefly-iii).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace FireflyIII\Http\Middleware;

use Closure;
use FireflyIII\Exceptions\FireflyException;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Contracts\Auth\Factory as Auth;
use Illuminate\Database\QueryException;
use Illuminate\Http\Request;

/**
 * Class Authenticate
 */
class Authenticate
{
    /**
     * The authentication factory instance.
     *
     * @var Auth
     */
    protected $auth;

    /**
     * Create a new middleware instance.
     *
     * @param Auth $auth
     *
     * @return void
     */
    public function __construct(Auth $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param Request  $request
     * @param Closure  $next
     * @param string[] ...$guards
     *
     * @return mixed
     *
     * @throws FireflyException
     * @throws AuthenticationException
     */
    public function handle($request, Closure $next, ...$guards)
    {
        $this->authenticate($request, $guards);

        return $next($request);
    }


    /**
     * Determine if the user is logged in to any of the given guards.
     *
     * @param        $request
     * @param array  $guards
     *
     * @return mixed
     * @throws FireflyException
     * @throws AuthenticationException
     */
    protected function authenticate($request, array $guards)
    {

        if (empty($guards)) {
            try {
                // go for default guard:
                /** @noinspection PhpUndefinedMethodInspection */
                if ($this->auth->check()) {

                    // do an extra check on user object.
                    /** @noinspection PhpUndefinedMethodInspection */
                    $user = $this->auth->authenticate();
                    if (1 === (int)$user->blocked) {
                        $message = (string)trans('firefly.block_account_logout');
                        if ('email_changed' === $user->blocked_code) {
                            $message = (string)trans('firefly.email_changed_logout');
                        }
                        app('session')->flash('logoutMessage', $message);
                        /** @noinspection PhpUndefinedMethodInspection */
                        $this->auth->logout();

                        throw new AuthenticationException('Blocked account.', $guards);
                    }
                }
            } catch (QueryException $e) {
                // @codeCoverageIgnoreStart
                throw new FireflyException(
                    sprintf(
                        'It seems the database has not yet been initialized. Did you run the correct upgrade or installation commands? Error: %s',
                        $e->getMessage()
                    )
                );
                // @codeCoverageIgnoreEnd
            }

            /** @noinspection PhpUndefinedMethodInspection */
            return $this->auth->authenticate();
        }

        // @codeCoverageIgnoreStart
        foreach ($guards as $guard) {
            if ($this->auth->guard($guard)->check()) {
                /** @noinspection PhpVoidFunctionResultUsedInspection */
                return $this->auth->shouldUse($guard);
            }
        }

        throw new AuthenticationException('Unauthenticated.', $guards);
        // @codeCoverageIgnoreEnd
    }
}
Update middleware after upgrade to Laravel 5.2 2016-01-08 16:00:57 +01:00			`<?php`
Add newlines and strict types 2018-03-05 19:35:58 +01:00
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 12:41:23 +02:00			`/**`
			`* Authenticate.php`
Update email address 2020-01-31 07:32:04 +01:00			`* Copyright (c) 2019 james@firefly-iii.org`
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 12:41:23 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This file is part of Firefly III (https://github.com/firefly-iii).`
Some code cleanup and copyright cleanup. [skip ci] 2016-10-05 06:52:15 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is distributed in the hope that it will be useful,`
New copyright notice. 2017-10-21 08:40:00 +02:00			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* GNU Affero General Public License for more details.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 12:41:23 +02:00			`*/`
Update middleware after upgrade to Laravel 5.2 2016-01-08 16:00:57 +01:00
Update copyright statements. 2018-05-11 10:08:34 +02:00			`declare(strict_types=1);`

Update middleware after upgrade to Laravel 5.2 2016-01-08 16:00:57 +01:00			`namespace FireflyIII\Http\Middleware;`
Fresh L5 installation. 2015-02-06 04:39:52 +01:00
			`use Closure;`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`use FireflyIII\Exceptions\FireflyException;`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`use Illuminate\Auth\AuthenticationException;`
			`use Illuminate\Contracts\Auth\Factory as Auth;`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`use Illuminate\Database\QueryException;`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`use Illuminate\Http\Request;`
Some code cleanup Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-03-14 20:53:56 +01:00
Did some code cleanup. Comments and headers mostly. 2016-01-09 08:20:55 +01:00			`/**`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`* Class Authenticate`
Did some code cleanup. Comments and headers mostly. 2016-01-09 08:20:55 +01:00			`*/`
Code cleanup. 2015-02-11 07:35:10 +01:00			`class Authenticate`
			`{`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`/**`
			`* The authentication factory instance.`
			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @var Auth`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*/`
			`protected $auth;`

			`/**`
			`* Create a new middleware instance.`
			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @param Auth $auth`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*`
			`* @return void`
			`*/`
			`public function __construct(Auth $auth)`
			`{`
			`$this->auth = $auth;`
			`}`

Code cleanup. 2015-02-11 07:35:10 +01:00			`/**`
			`* Handle an incoming request.`
			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @param Request $request`
			`* @param Closure $next`
			`* @param string[] ...$guards`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @return mixed`
			`*`
Code cleanup 2021-03-21 09:15:40 +01:00			`* @throws FireflyException`
			`* @throws AuthenticationException`
Code cleanup. 2015-02-11 07:35:10 +01:00			`*/`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`public function handle($request, Closure $next, ...$guards)`
Code cleanup. 2015-02-11 07:35:10 +01:00			`{`
Upgrade Firefly III to PHP 7.2 and Laravel 5.7 2018-09-19 16:50:16 +02:00			`$this->authenticate($request, $guards);`
Logout blocked accounts. 2016-02-07 07:36:31 +01:00
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`return $next($request);`
			`}`

Various code cleanup. 2018-07-08 12:08:53 +02:00
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`/**`
			`* Determine if the user is logged in to any of the given guards.`
			`*`
Code cleaning stuff. 2019-02-13 17:38:41 +01:00			`* @param $request`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @param array $guards`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @return mixed`
Code cleanup 2021-03-21 09:15:40 +01:00			`* @throws FireflyException`
			`* @throws AuthenticationException`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*/`
Upgrade Firefly III to PHP 7.2 and Laravel 5.7 2018-09-19 16:50:16 +02:00			`protected function authenticate($request, array $guards)`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`{`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`if (empty($guards)) {`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`try {`
			`// go for default guard:`
Improve code quality. 2018-07-09 19:24:08 +02:00			`/** @noinspection PhpUndefinedMethodInspection */`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`if ($this->auth->check()) {`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`// do an extra check on user object.`
Improve code quality. 2018-07-09 19:24:08 +02:00			`/** @noinspection PhpUndefinedMethodInspection */`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`$user = $this->auth->authenticate();`
Code cleanup 2021-03-21 09:15:40 +01:00			`if (1 === (int)$user->blocked) {`
			`$message = (string)trans('firefly.block_account_logout');`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`if ('email_changed' === $user->blocked_code) {`
Code cleanup 2021-03-21 09:15:40 +01:00			`$message = (string)trans('firefly.email_changed_logout');`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`}`
			`app('session')->flash('logoutMessage', $message);`
Improve code quality. 2018-07-09 19:24:08 +02:00			`/** @noinspection PhpUndefinedMethodInspection */`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`$this->auth->logout();`

			`throw new AuthenticationException('Blocked account.', $guards);`
			`}`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`}`
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`} catch (QueryException $e) {`
Fix tests, improve coverage. 2018-06-02 06:11:13 +02:00			`// @codeCoverageIgnoreStart`
Various code optimalisations. 2018-07-08 07:59:58 +02:00			`throw new FireflyException(`
			`sprintf(`
			`'It seems the database has not yet been initialized. Did you run the correct upgrade or installation commands? Error: %s',`
			`$e->getMessage()`
			`)`
			`);`
Fix tests, improve coverage. 2018-06-02 06:11:13 +02:00			`// @codeCoverageIgnoreEnd`
New code for email address change in profile. See #857 2017-09-26 08:52:16 +02:00			`}`
Some code cleanup. 2018-07-13 15:50:42 +02:00
Improve code quality. 2018-07-09 19:24:08 +02:00			`/** @noinspection PhpUndefinedMethodInspection */`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`return $this->auth->authenticate();`
			`}`
Code cleanup. Moving closer to new release. 2016-05-20 17:53:03 +02:00
Improve test coverage. 2018-03-03 17:16:47 +01:00			`// @codeCoverageIgnoreStart`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`foreach ($guards as $guard) {`
			`if ($this->auth->guard($guard)->check()) {`
Improve code quality. 2018-07-09 19:24:08 +02:00			`/** @noinspection PhpVoidFunctionResultUsedInspection */`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`return $this->auth->shouldUse($guard);`
			`}`
Improve the cron controller. Force blocked users to logout. 2015-07-24 13:17:47 +02:00			`}`

Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`throw new AuthenticationException('Unauthenticated.', $guards);`
Improve test coverage. 2018-03-03 17:16:47 +01:00			`// @codeCoverageIgnoreEnd`
Code cleanup. 2015-02-11 07:35:10 +01:00			`}`
Fresh L5 installation. 2015-02-06 04:39:52 +01:00			`}`