blob: a31198a5d0183d13b6e3e0e3a1861292e83ace00 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
<?php
namespace Kanboard\Middleware;
use Kanboard\Core\Controller\AccessForbiddenException;
use Kanboard\Core\Controller\BaseMiddleware;
use Kanboard\Core\Security\Role;
/**
* Class AuthenticationMiddleware
*
* @package Kanboard\Middleware
* @author Frederic Guillot
*/
class AuthenticationMiddleware extends BaseMiddleware
{
/**
* Execute middleware
*/
public function execute()
{
if (! $this->authenticationManager->checkCurrentSession()) {
throw AccessForbiddenException::getInstance()->withoutLayout();
}
if (! $this->isPublicAccess()) {
$this->handleAuthentication();
}
$this->next();
}
protected function handleAuthentication()
{
if (! $this->userSession->isLogged() && ! $this->authenticationManager->preAuthentication()) {
$this->setNextMiddleware(null);
if ($this->request->isAjax()) {
$this->response->text('Not Authorized', 401);
} else {
$this->sessionStorage->redirectAfterLogin = $this->request->getUri();
$this->response->redirect($this->helper->url->to('auth', 'login'));
}
}
}
private function isPublicAccess()
{
if ($this->applicationAuthorization->isAllowed($this->router->getController(), $this->router->getAction(), Role::APP_PUBLIC)) {
$this->setNextMiddleware(null);
return true;
}
return false;
}
}
|