diff options
Diffstat (limited to 'app/Middleware/PostAuthenticationMiddleware.php')
| -rw-r--r-- | app/Middleware/PostAuthenticationMiddleware.php | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/app/Middleware/PostAuthenticationMiddleware.php b/app/Middleware/PostAuthenticationMiddleware.php new file mode 100644 index 00000000..8287c10e --- /dev/null +++ b/app/Middleware/PostAuthenticationMiddleware.php @@ -0,0 +1,36 @@ +<?php + +namespace Kanboard\Middleware; + +use Kanboard\Core\Controller\BaseMiddleware; + +/** + * Class PostAuthenticationMiddleware + * + * @package Kanboard\Middleware + * @author Frederic Guillot + */ +class PostAuthenticationMiddleware extends BaseMiddleware +{ + /** + * Execute middleware + */ + public function execute() + { + $controller = strtolower($this->router->getController()); + $action = strtolower($this->router->getAction()); + $ignore = ($controller === 'twofactor' && in_array($action, array('code', 'check'))) || ($controller === 'auth' && $action === 'logout'); + + if ($ignore === false && $this->userSession->hasPostAuthentication() && ! $this->userSession->isPostAuthenticationValidated()) { + $this->setNextMiddleware(null); + + if ($this->request->isAjax()) { + $this->response->text('Not Authorized', 401); + } + + $this->response->redirect($this->helper->url->to('twofactor', 'code')); + } + + $this->next(); + } +} |