Add an "always authenticate" setting

2018-01-27 21:27:53 +01:00
parent 7abdbe8e38
commit 239f953e36
4 changed files with 33 additions and 2 deletions
--- a/app/Foundation/Providers/RouteServiceProvider.php
+++ b/app/Foundation/Providers/RouteServiceProvider.php
@@ -13,7 +13,9 @@ namespace CachetHQ\Cachet\Foundation\Providers;

 use Barryvdh\Cors\HandleCors;
 use CachetHQ\Cachet\Http\Middleware\Acceptable;
+use CachetHQ\Cachet\Http\Middleware\Authenticate;
 use CachetHQ\Cachet\Http\Middleware\Timezone;
+use CachetHQ\Cachet\Http\Routes\AuthRoutes;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Cookie\Middleware\EncryptCookies;
 use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
@@ -127,6 +129,10 @@ class RouteServiceProvider extends ServiceProvider
            SubstituteBindings::class,
        ];

+        if ($this->app['config']->get('setting.always_authenticate', false) && !$routes instanceof AuthRoutes) {
+            $middleware[] = Authenticate::class;
+        }
+
        $router->group(['middleware' => $middleware], function (Router $router) use ($routes) {
            $routes->map($router);
        });
--- a/config/security.php
+++ b/config/security.php
@@ -22,4 +22,15 @@ return [
    */
    'evil' => ['(?<!\w)on\w*', 'style', 'xmlns', 'formaction', 'form', 'xlink:href', 'FSCommand', 'seekSegmentTime'],

+    /*
+    |--------------------------------------------------------------------------
+    | Always authenticate
+    |--------------------------------------------------------------------------
+    |
+    | Whether to lock down Cachet and only allow viewing pages
+    | when authenticated.
+    |
+    */
+    'always_authenticate' => true,
+
 ];
--- a/resources/lang/en/forms.php
+++ b/resources/lang/en/forms.php
@@ -177,8 +177,10 @@ return [
            'incident-date-format' => 'Incident timestamp format',
        ],
        'security' => [
-            'allowed-domains'      => 'Allowed domains',
-            'allowed-domains-help' => 'Comma separated. The domain set above is automatically allowed by default.',
+            'allowed-domains'           => 'Allowed domains',
+            'allowed-domains-help'      => 'Comma separated. The domain set above is automatically allowed by default.',
+            'always-authenticate'       => 'Always authenticate',
+            'always-authenticate-help'  => 'Require login to view any Cachet page',
        ],
        'stylesheet' => [
            'custom-css' => 'Custom Stylesheet',
--- a/resources/views/dashboard/settings/security.blade.php
+++ b/resources/views/dashboard/settings/security.blade.php
@@ -15,6 +15,18 @@
                    <input type="hidden" name="_token" value="{{ csrf_token() }}">
                    @include('dashboard.partials.errors')
                    <fieldset>
+                        <div class="row">
+                            <div class="col-xs-12">
+                                <label>{{ trans('forms.settings.security.always-authenticate') }}</label>
+                                <div class="checkbox">
+                                    <label>
+                                        <input type="hidden" value="0" name="always_authenticate">
+                                        <input type="checkbox" value="1" name="always_authenticate" {{ Config::get('setting.always_authenticate') ? 'checked' : null }}>
+                                        {{ trans('forms.settings.security.always-authenticate-help') }}
+                                    </label>
+                                </div>
+                            </div>
+                        </div>
                        <div class="row">
                            <div class="col-xs-12">
                                <div class="form-group">