firefly-iii/app/Http/Middleware/Authenticate.php

<?php

/**
 * Authenticate.php
 * Copyright (c) 2019 james@firefly-iii.org
 *
 * This file is part of Firefly III (https://github.com/firefly-iii).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace FireflyIII\Http\Middleware;

use FireflyIII\Exceptions\FireflyException;
use FireflyIII\User;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Contracts\Auth\Factory as Auth;
use Illuminate\Http\Request;

/**
 * Class Authenticate
 */
class Authenticate
{
    /**
     * The authentication factory instance.
     */
    protected Auth $auth;

    /**
     * Create a new middleware instance.
     */
    public function __construct(Auth $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param Request  $request
     * @param string[] ...$guards
     *
     * @return mixed
     *
     * @throws FireflyException
     * @throws AuthenticationException
     */
    public function handle($request, \Closure $next, ...$guards)
    {
        $this->authenticate($request, $guards);

        return $next($request);
    }

    /**
     * Determine if the user is logged in to any of the given guards.
     *
     * @param mixed $request
     *
     * @return mixed
     *
     * @throws FireflyException
     * @throws AuthenticationException
     *
     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
     */
    protected function authenticate($request, array $guards)
    {
        if (0 === count($guards)) {
            // go for default guard:
            // @noinspection PhpUndefinedMethodInspection
            if ($this->auth->check()) {
                // do an extra check on user object.
                /** @noinspection PhpUndefinedMethodInspection */
                /** @var User $user */
                $user = $this->auth->authenticate();
                $this->validateBlockedUser($user, $guards);
            }

            // @noinspection PhpUndefinedMethodInspection
            return $this->auth->authenticate();
        }

        foreach ($guards as $guard) {
            if ('api' !== $guard) {
                $this->auth->guard($guard)->authenticate();
            }
            $result = $this->auth->guard($guard)->check();
            if ($result) {
                $user = $this->auth->guard($guard)->user();
                $this->validateBlockedUser($user, $guards);

                // According to PHPstan the method returns void, but we'll see.
                return $this->auth->shouldUse($guard); // @phpstan-ignore-line
            }
        }

        throw new AuthenticationException('Unauthenticated.', $guards);
    }

    /**
     * @throws AuthenticationException
     */
    private function validateBlockedUser(?User $user, array $guards): void
    {
        if (null === $user) {
            app('log')->warning('User is null, throw exception?');
        }
        if (null !== $user) {
            // app('log')->debug(get_class($user));
            if (1 === (int) $user->blocked) {
                $message = (string) trans('firefly.block_account_logout');
                if ('email_changed' === $user->blocked_code) {
                    $message = (string) trans('firefly.email_changed_logout');
                }
                app('log')->warning('User is blocked, cannot use authentication method.');
                app('session')->flash('logoutMessage', $message);
                // @noinspection PhpUndefinedMethodInspection
                $this->auth->logout(); // @phpstan-ignore-line (thinks function is undefined)

                throw new AuthenticationException('Blocked account.', $guards);
            }
        }
    }
}
Update middleware after upgrade to Laravel 5.2 2016-01-08 16:00:57 +01:00			`<?php`
Add newlines and strict types 2018-03-05 19:35:58 +01:00
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 12:41:23 +02:00			`/**`
			`* Authenticate.php`
Update email address 2020-01-31 07:32:04 +01:00			`* Copyright (c) 2019 james@firefly-iii.org`
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 12:41:23 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This file is part of Firefly III (https://github.com/firefly-iii).`
Some code cleanup and copyright cleanup. [skip ci] 2016-10-05 06:52:15 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is distributed in the hope that it will be useful,`
New copyright notice. 2017-10-21 08:40:00 +02:00			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* GNU Affero General Public License for more details.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 12:41:23 +02:00			`*/`
Update middleware after upgrade to Laravel 5.2 2016-01-08 16:00:57 +01:00
Update copyright statements. 2018-05-11 10:08:34 +02:00			`declare(strict_types=1);`

Update middleware after upgrade to Laravel 5.2 2016-01-08 16:00:57 +01:00			`namespace FireflyIII\Http\Middleware;`
Fresh L5 installation. 2015-02-06 04:39:52 +01:00
Fix view for transaction controller. 2018-04-16 19:25:33 +02:00			`use FireflyIII\Exceptions\FireflyException;`
Various code cleanup. 2021-04-07 07:53:05 +02:00			`use FireflyIII\User;`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`use Illuminate\Auth\AuthenticationException;`
			`use Illuminate\Contracts\Auth\Factory as Auth;`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`use Illuminate\Http\Request;`
Some code cleanup Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-03-14 20:53:56 +01:00
Did some code cleanup. Comments and headers mostly. 2016-01-09 08:20:55 +01:00			`/**`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`* Class Authenticate`
Did some code cleanup. Comments and headers mostly. 2016-01-09 08:20:55 +01:00			`*/`
Code cleanup. 2015-02-11 07:35:10 +01:00			`class Authenticate`
			`{`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`/**`
			`* The authentication factory instance.`
			`*/`
Update translations and fix some code. 2023-02-22 19:54:19 +01:00			`protected Auth $auth;`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00
			`/**`
			`* Create a new middleware instance.`
			`*/`
			`public function __construct(Auth $auth)`
			`{`
			`$this->auth = $auth;`
			`}`

Code cleanup. 2015-02-11 07:35:10 +01:00			`/**`
			`* Handle an incoming request.`
			`*`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`* @param Request $request`
			`* @param string[] ...$guards`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @return mixed`
			`*`
Code cleanup 2021-03-21 09:15:40 +01:00			`* @throws FireflyException`
			`* @throws AuthenticationException`
Code cleanup. 2015-02-11 07:35:10 +01:00			`*/`
Code cleanup. 2023-12-20 19:35:52 +01:00			`public function handle($request, \Closure $next, ...$guards)`
Code cleanup. 2015-02-11 07:35:10 +01:00			`{`
Upgrade Firefly III to PHP 7.2 and Laravel 5.7 2018-09-19 16:50:16 +02:00			`$this->authenticate($request, $guards);`
Logout blocked accounts. 2016-02-07 07:36:31 +01:00
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`return $next($request);`
			`}`
Code cleanup. 2021-03-28 11:46:23 +02:00
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`/**`
			`* Determine if the user is logged in to any of the given guards.`
			`*`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`* @param mixed $request`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00			`* @return mixed`
Code cleanup. 2023-12-20 19:35:52 +01:00			`*`
Code cleanup 2021-03-21 09:15:40 +01:00			`* @throws FireflyException`
			`* @throws AuthenticationException`
Code cleanup. 2023-12-20 19:35:52 +01:00			`*`
Fix various phpstan things 2023-11-29 06:30:35 +01:00			`* @SuppressWarnings(PHPMD.UnusedFormalParameter)`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`*/`
Upgrade Firefly III to PHP 7.2 and Laravel 5.7 2018-09-19 16:50:16 +02:00			`protected function authenticate($request, array $guards)`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`{`
Various code fixes. 2022-11-04 05:11:05 +01:00			`if (0 === count($guards)) {`
Fix https://github.com/firefly-iii/firefly-iii/issues/6788 2023-01-01 14:25:52 +01:00			`// go for default guard:`
Code cleanup. 2023-12-20 19:35:52 +01:00			`// @noinspection PhpUndefinedMethodInspection`
Fix https://github.com/firefly-iii/firefly-iii/issues/6788 2023-01-01 14:25:52 +01:00			`if ($this->auth->check()) {`
			`// do an extra check on user object.`
Improve code quality. 2018-07-09 19:24:08 +02:00			`/** @noinspection PhpUndefinedMethodInspection */`
Fix https://github.com/firefly-iii/firefly-iii/issues/6788 2023-01-01 14:25:52 +01:00			`/** @var User $user */`
			`$user = $this->auth->authenticate();`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`$this->validateBlockedUser($user, $guards);`
New code for email address change in profile. See #857 2017-09-26 08:52:16 +02:00			`}`
Some code cleanup. 2018-07-13 15:50:42 +02:00
Code cleanup. 2023-12-20 19:35:52 +01:00			`// @noinspection PhpUndefinedMethodInspection`
Update translations and fix some code. 2023-02-22 19:54:19 +01:00			`return $this->auth->authenticate();`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`}`
Various code cleanup. 2021-04-07 07:28:43 +02:00
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`foreach ($guards as $guard) {`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`if ('api' !== $guard) {`
Update packages and meta data. 2023-01-04 20:40:57 +01:00			`$this->auth->guard($guard)->authenticate();`
			`}`
			`$result = $this->auth->guard($guard)->check();`
			`if ($result) {`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`$user = $this->auth->guard($guard)->user();`
			`$this->validateBlockedUser($user, $guards);`
Code cleanup. 2023-12-20 19:35:52 +01:00
Various bug fixes and code cleanup. 2022-12-31 06:57:05 +01:00			`// According to PHPstan the method returns void, but we'll see.`
			`return $this->auth->shouldUse($guard); // @phpstan-ignore-line`
Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`}`
Improve the cron controller. Force blocked users to logout. 2015-07-24 13:17:47 +02:00			`}`

Fix issues with API authentication. 2018-02-09 14:47:37 +01:00			`throw new AuthenticationException('Unauthenticated.', $guards);`
Code cleanup. 2015-02-11 07:35:10 +01:00			`}`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00
			`/**`
			`* @throws AuthenticationException`
			`*/`
			`private function validateBlockedUser(?User $user, array $guards): void`
			`{`
			`if (null === $user) {`
Remove static references 2023-10-29 06:31:13 +01:00			`app('log')->warning('User is null, throw exception?');`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`}`
			`if (null !== $user) {`
Remove static references 2023-10-29 06:33:43 +01:00			`// app('log')->debug(get_class($user));`
Code cleanup 2024-12-22 08:43:12 +01:00			`if (1 === (int) $user->blocked) {`
			`$message = (string) trans('firefly.block_account_logout');`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`if ('email_changed' === $user->blocked_code) {`
Code cleanup 2024-12-22 08:43:12 +01:00			`$message = (string) trans('firefly.email_changed_logout');`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`}`
Remove static references 2023-10-29 06:31:13 +01:00			`app('log')->warning('User is blocked, cannot use authentication method.');`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`app('session')->flash('logoutMessage', $message);`
Code cleanup. 2023-12-20 19:35:52 +01:00			`// @noinspection PhpUndefinedMethodInspection`
Expand authentication validation in API. 2023-01-14 07:53:00 +01:00			`$this->auth->logout(); // @phpstan-ignore-line (thinks function is undefined)`

			`throw new AuthenticationException('Blocked account.', $guards);`
			`}`
			`}`
			`}`
Fresh L5 installation. 2015-02-06 04:39:52 +01:00			`}`