Make sure the /javascript/ url’s are ignored.

2025-10-29 06:34:37 +00:00 · 2017-02-12 16:50:35 +01:00
parent 3399b133ae
commit ec146d4cbe
10 changed files with 172 additions and 22 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -80,6 +80,26 @@ class LoginController extends Controller
        return $this->sendFailedLoginResponse($request, $errorMessage);
    }

+    /**
+     * @param Request $request
+     *
+     * @return $this|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     */
+    public function logout(Request $request)
+    {
+        if (intval(getenv('SANDSTORM')) === 1) {
+            return view('error')->with('message', strval(trans('firefly.sandstorm_not_available')));
+        }
+
+        $this->guard()->logout();
+
+        $request->session()->flush();
+
+        $request->session()->regenerate();
+
+        return redirect('/');
+    }
+
    /**
     * Show the application login form.
     *
--- a/app/Http/Controllers/HomeController.php
+++ b/app/Http/Controllers/HomeController.php
@@ -91,7 +91,7 @@ class HomeController extends Controller
    public function flush(Request $request)
    {
        Preferences::mark();
-        $request->session()->forget(['start', 'end', 'viewRange', 'range', 'is_custom_range']);
+        $request->session()->forget(['start', 'end','_previous', 'viewRange', 'range', 'is_custom_range']);
        Artisan::call('cache:clear');

        return redirect(route('index'));
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -21,6 +21,7 @@ use FireflyIII\Http\Middleware\Range;
 use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
 use FireflyIII\Http\Middleware\RedirectIfTwoFactorAuthenticated;
 use FireflyIII\Http\Middleware\Sandstorm;
+use FireflyIII\Http\Middleware\StartFireflySession;
 use FireflyIII\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Illuminate\Auth\Middleware\Authorize;
@@ -29,7 +30,6 @@ use Illuminate\Foundation\Http\Kernel as HttpKernel;
 use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
 use Illuminate\Routing\Middleware\SubstituteBindings;
 use Illuminate\Routing\Middleware\ThrottleRequests;
-use Illuminate\Session\Middleware\StartSession;
 use Illuminate\View\Middleware\ShareErrorsFromSession;

 /**
@@ -51,7 +51,6 @@ class Kernel extends HttpKernel
        = [
            'Illuminate\Foundation\Bootstrap\LoadEnvironmentVariables',
            'Illuminate\Foundation\Bootstrap\LoadConfiguration',
-            //'FireflyIII\Bootstrap\ConfigureLogging',
            'Illuminate\Foundation\Bootstrap\HandleExceptions',
            'Illuminate\Foundation\Bootstrap\RegisterFacades',
            'Illuminate\Foundation\Bootstrap\RegisterProviders',
@@ -80,11 +79,11 @@ class Kernel extends HttpKernel
            // does not check login
            // does not check 2fa
            // does not check activation
-            'web'                              => [
+            'web'                   => [
                Sandstorm::class,
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
-                StartSession::class,
+                StartFireflySession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
@@ -92,11 +91,11 @@ class Kernel extends HttpKernel


            // MUST NOT be logged in. Does not care about 2FA or confirmation.
-            'user-not-logged-in'               => [
+            'user-not-logged-in'    => [
                Sandstorm::class,
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
-                StartSession::class,
+                StartFireflySession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
@@ -105,11 +104,11 @@ class Kernel extends HttpKernel
            // MUST be logged in.
            // MUST NOT have 2FA
            // don't care about confirmation:
-            'user-logged-in-no-2fa'            => [
+            'user-logged-in-no-2fa' => [
                Sandstorm::class,
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
-                StartSession::class,
+                StartFireflySession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
@@ -120,11 +119,11 @@ class Kernel extends HttpKernel
            // MUST be logged in
            // don't care about 2fa
            // don't care about confirmation.
-            'user-simple-auth'                 => [
+            'user-simple-auth'      => [
                Sandstorm::class,
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
-                StartSession::class,
+                StartFireflySession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
@@ -135,11 +134,11 @@ class Kernel extends HttpKernel
            // MUST have 2fa
            // MUST be confirmed.
            // (this group includes the other Firefly middleware)
-            'user-full-auth'                   => [
+            'user-full-auth'        => [
                Sandstorm::class,
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
-                StartSession::class,
+                StartFireflySession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
@@ -153,11 +152,11 @@ class Kernel extends HttpKernel
            // MUST be confirmed.
            // MUST have owner role
            // (this group includes the other Firefly middleware)
-            'admin'                            => [
+            'admin'                 => [
                Sandstorm::class,
                EncryptCookies::class,
                AddQueuedCookiesToResponse::class,
-                StartSession::class,
+                StartFireflySession::class,
                ShareErrorsFromSession::class,
                VerifyCsrfToken::class,
                SubstituteBindings::class,
--- a/app/Http/Middleware/StartFireflySession.php
+++ b/app/Http/Middleware/StartFireflySession.php
@@ -0,0 +1,55 @@
+<?php
+/**
+ * StartFireflySession.php
+ * Copyright (c) 2017 thegrumpydictator@gmail.com
+ * This software may be modified and distributed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.
+ *
+ * See the LICENSE file for details.
+ */
+
+declare(strict_types = 1);
+
+namespace FireflyIII\Http\Middleware;
+
+use Illuminate\Http\Request;
+use Illuminate\Session\Middleware\StartSession;
+use Illuminate\Session\SessionManager;
+use Log;
+
+/**
+ * Class StartFireflySession
+ *
+ * @package FireflyIII\Http\Middleware
+ */
+class StartFireflySession extends StartSession
+{
+
+    /**
+     * Create a new session middleware.
+     *
+     * @param  \Illuminate\Session\SessionManager $manager
+     */
+    public function __construct(SessionManager $manager)
+    {
+        parent::__construct($manager);
+    }
+
+    /**
+     * Store the current URL for the request if necessary.
+     *
+     * @param  \Illuminate\Http\Request              $request
+     * @param  \Illuminate\Contracts\Session\Session $session
+     *
+     * @return void
+     */
+    protected function storeCurrentUrl(Request $request, $session)
+    {
+        $fullUrl = $request->fullUrl();
+        if ($request->method() === 'GET' && $request->route() && !$request->ajax()) {
+            if (strpos($fullUrl, '/javascript/') === false) {
+                $session->setPreviousUrl($fullUrl);
+            }
+        }
+    }
+
+}
--- a/app/Providers/FireflySessionProvider.php
+++ b/app/Providers/FireflySessionProvider.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * FireflySessionProvider.php
+ * Copyright (c) 2017 thegrumpydictator@gmail.com
+ * This software may be modified and distributed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.
+ *
+ * See the LICENSE file for details.
+ */
+
+declare(strict_types = 1);
+
+namespace FireflyIII\Providers;
+
+use FireflyIII\Http\Middleware\StartFireflySession;
+use Illuminate\Session\SessionManager;
+use Illuminate\Support\ServiceProvider;
+
+class FireflySessionProvider extends ServiceProvider
+{
+    /**
+     * Register the service provider.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->registerSessionManager();
+
+        $this->registerSessionDriver();
+
+        $this->app->singleton(StartFireflySession::class);
+    }
+
+    /**
+     * Register the session driver instance.
+     *
+     * @return void
+     */
+    protected function registerSessionDriver()
+    {
+        $this->app->singleton(
+            'session.store', function ($app) {
+            // First, we will create the session manager which is responsible for the
+            // creation of the various session drivers when they are needed by the
+            // application instance, and will resolve them on a lazy load basis.
+            return $app->make('session')->driver();
+        }
+        );
+    }
+
+    /**
+     * Register the session manager instance.
+     *
+     * @return void
+     */
+    protected function registerSessionManager()
+    {
+        $this->app->singleton(
+            'session', function ($app) {
+            return new SessionManager($app);
+        }
+        );
+    }
+}
--- a/config/app.php
+++ b/config/app.php
@@ -46,7 +46,7 @@ return [
        Illuminate\Queue\QueueServiceProvider::class,
        Illuminate\Redis\RedisServiceProvider::class,
        Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
-        Illuminate\Session\SessionServiceProvider::class,
+        FireflyIII\Providers\FireflySessionProvider::class,
        Illuminate\Translation\TranslationServiceProvider::class,
        Illuminate\Validation\ValidationServiceProvider::class,
        Illuminate\View\ViewServiceProvider::class,
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@@ -959,4 +959,7 @@ return [
    'import_finished_intro'                => 'The import has finished! You can now see the new transactions in Firefly.',
    'import_finished_text_without_link'    => 'It seems there is no tag that points to all your imported transactions. Please look for your imported data in the menu on the left, under "Transactions".',
    'import_finished_text_with_link'       => 'You can find a list of your imported transactions on the page of the <a href="tags/show/:tag">tag that was created for this import</a>.',
+
+    // sandstorm.io errors and messages:
+    'sandstorm_not_available' => 'This function is not available when you are using Firefly III within a Sandstorm.io environment.',
 ];
--- a/resources/views/error.twig
+++ b/resources/views/error.twig
@@ -10,7 +10,12 @@

    <div class="row">
        <div class="col-lg-12 col-md-12 col-sm-12">
-            {{ message |default('General unknown errror') }}
+            <p>{{ message |default('General unknown errror') }}</p>
+        </div>
+    </div>
+    <div class="row">
+        <div class="col-lg-12 col-md-12 col-sm-12">
+            <p><a href="{{ route('index') }}">Follow this link back to the index.</a></p>
        </div>
    </div>
 {% endblock %}
--- a/resources/views/partials/menu-sidebar.twig
+++ b/resources/views/partials/menu-sidebar.twig
@@ -148,10 +148,11 @@
        </a>

        <ul class="treeview-menu">
-            {% if not SANDSTORM %}
+
            <li class="{{ activeRoutePartial('profile') }}">
                <a class="{{ activeRouteStrict('profile.index') }}" href="{{ route('profile.index') }}"><i class="fa fa-user fa-fw"></i> {{ 'profile'|_ }}</a>
            </li>
+            {% if not SANDSTORM %}
            {% endif %}
            <li class="{{ activeRoutePartial('preferences') }}">
                <a class="{{ activeRouteStrict('preferences.index') }}" href="{{ route('preferences.index') }}"><i class="fa fa-gear fa-fw"></i> {{ 'preferences'|_ }}</a>
@@ -173,7 +174,6 @@


    <!-- other options -->
-
    {% if not SANDSTORM %}
    <li>
        <a href="{{ route('logout') }}">
--- a/test.sh
+++ b/test.sh
@@ -51,9 +51,6 @@ fi
 # enable testing config
 cp $TESTINGENV $ORIGINALENV

-# clear cache:
-php artisan cache:clear
-
 # reset database (optional)
 if [[ $resetTestFlag == "true" ]]
 then
@@ -85,6 +82,13 @@ echo "Copy test database over original"
 # take database from copy:
 cp $DATABASECOPY $DATABASE

+echo "clear caches and what-not.."
+php artisan cache:clear
+php artisan config:clear
+php artisan route:clear
+php artisan twig:clean
+php artisan view:clear
+
 # run PHPUnit
 if [[ $testflag == "" ]]
 then