Also whitelist the setup routes when enforcing auth

This commit is contained in:
Nico Stapelbroek
2018-01-27 22:22:31 +01:00
parent 9107035db8
commit b866ffea4e

View File

@@ -16,6 +16,8 @@ use CachetHQ\Cachet\Http\Middleware\Acceptable;
use CachetHQ\Cachet\Http\Middleware\Authenticate;
use CachetHQ\Cachet\Http\Middleware\Timezone;
use CachetHQ\Cachet\Http\Routes\AuthRoutes;
use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes;
use CachetHQ\Cachet\Http\Routes\SetupRoutes;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
@@ -43,6 +45,15 @@ class RouteServiceProvider extends ServiceProvider
*/
protected $namespace = 'CachetHQ\Cachet\Http\Controllers';
/**
* These are the route files that should always be available anonymously.
*
* When applying the always_authenticate feature, these routes will be skipped.
*
* @var string[]
*/
protected $whitelistedAuthRoutes = [AuthRoutes::class, SetupRoutes::class, ApiRoutes::class];
/**
* Define the route model bindings, pattern filters, etc.
*
@@ -129,7 +140,8 @@ class RouteServiceProvider extends ServiceProvider
SubstituteBindings::class,
];
if ($this->app['config']->get('setting.always_authenticate', false) && !$routes instanceof AuthRoutes) {
$applyAlwaysAuthenticate = $this->app['config']->get('setting.always_authenticate', false);
if ($applyAlwaysAuthenticate && !$this->isWhiteListedAuthRoute($routes)) {
$middleware[] = Authenticate::class;
}
@@ -159,4 +171,14 @@ class RouteServiceProvider extends ServiceProvider
$routes->map($router);
});
}
private function isWhiteListedAuthRoute($route)
{
foreach ($this->whitelistedAuthRoutes as $whitelistedRoute) {
if(is_a($route, $whitelistedRoute)) {
return true;
}
}
return false;
}
}