Respond with the correct responses on error
This commit is contained in:
Graham Campbell
@@ -13,7 +13,7 @@ namespace CachetHQ\Cachet\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Contracts\Auth\Guard;
|
||||
use Illuminate\Support\Facades\Response;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
|
||||
class Admin
|
||||
{
|
||||
@@ -45,9 +45,7 @@ class Admin
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if (!$this->auth->check() || ($this->auth->check() && !$this->auth->user()->isAdmin)) {
|
||||
return Response::view('errors.401', [
|
||||
'pageTitle' => trans('errors.unauthorized.title'),
|
||||
], 401);
|
||||
throw new UnauthorizedHttpException();
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
|
||||
@@ -15,6 +15,7 @@ use CachetHQ\Cachet\Models\User;
|
||||
use Closure;
|
||||
use Illuminate\Contracts\Auth\Guard;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
|
||||
class ApiAuthenticate
|
||||
{
|
||||
@@ -48,34 +49,19 @@ class ApiAuthenticate
|
||||
if ($this->auth->guest()) {
|
||||
if ($apiToken = $request->header('X-Cachet-Token')) {
|
||||
try {
|
||||
$user = User::findByApiToken($apiToken);
|
||||
|
||||
$this->auth->onceUsingId($user->id);
|
||||
$this->auth->onceUsingId(User::findByApiToken($apiToken)->id);
|
||||
} catch (ModelNotFoundException $e) {
|
||||
return $this->handleError();
|
||||
throw new UnauthorizedHttpException();
|
||||
}
|
||||
} elseif ($user = $request->getUser()) {
|
||||
} elseif ($request->getUser()) {
|
||||
if ($this->auth->onceBasic() !== null) {
|
||||
return $this->handleError();
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
} else {
|
||||
return $this->handleError();
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Common method for returning an unauthorized error.
|
||||
*
|
||||
* @return \Symfony\Component\HttpFoundation\Response
|
||||
*/
|
||||
protected function handleError()
|
||||
{
|
||||
return response()->json([
|
||||
'message' => 'You are not authorized to view this content.',
|
||||
'status_code' => 401,
|
||||
], 401);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ namespace CachetHQ\Cachet\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Contracts\Auth\Guard;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
|
||||
class Authenticate
|
||||
{
|
||||
@@ -44,11 +45,7 @@ class Authenticate
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if ($this->auth->guest()) {
|
||||
if ($request->ajax()) {
|
||||
return response('Unauthorized.', 401);
|
||||
} else {
|
||||
return redirect()->guest('auth/login');
|
||||
}
|
||||
throw new UnauthorizedHttpException();
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
|
||||
Reference in New Issue
Block a user