Updated API auth handling of email confirmations

Email confirmations are now done within the guard during auth checking instead of at the middleware layer.
2024-11-24 20:02:35 +01:00 · 2021-08-05 22:07:08 +01:00 · 2021-08-05 22:07:08 +01:00 · 70f39757b1
commit 70f39757b1
parent 9b271e559f
3 changed files with 16 additions and 7 deletions
--- a/app/Api/ApiTokenGuard.php
+++ b/app/Api/ApiTokenGuard.php
@ -2,6 +2,7 @@

 namespace BookStack\Api;

+use BookStack\Auth\Access\LoginService;
 use BookStack\Exceptions\ApiAuthException;
 use Illuminate\Auth\GuardHelpers;
 use Illuminate\Contracts\Auth\Authenticatable;
@ -19,6 +20,11 @@ class ApiTokenGuard implements Guard
     */
    protected $request;

+    /**
+     * @var LoginService
+     */
+    protected $loginService;
+
    /**
     * The last auth exception thrown in this request.
     *
@ -29,9 +35,10 @@ class ApiTokenGuard implements Guard
    /**
     * ApiTokenGuard constructor.
     */
-    public function __construct(Request $request)
+    public function __construct(Request $request, LoginService $loginService)
    {
        $this->request = $request;
+        $this->loginService = $loginService;
    }

    /**
@ -95,6 +102,10 @@ class ApiTokenGuard implements Guard

        $this->validateToken($token, $secret);

+        if ($this->loginService->awaitingEmailConfirmation($token->user)) {
+            throw new ApiAuthException(trans('errors.email_confirmation_awaiting'));
+        }
+
        return $token->user;
    }

--- a/app/Http/Middleware/ApiAuthenticate.php
+++ b/app/Http/Middleware/ApiAuthenticate.php
@ -9,7 +9,6 @@ use Illuminate\Http\Request;

 class ApiAuthenticate
 {
-    use ChecksForEmailConfirmation;

    /**
     * Handle an incoming request.
@ -37,7 +36,6 @@ class ApiAuthenticate
        // Return if the user is already found to be signed in via session-based auth.
        // This is to make it easy to browser the API via browser after just logging into the system.
        if (signedInUser() || session()->isStarted()) {
-            $this->ensureEmailConfirmedIfRequested();
            if (!user()->can('access-api')) {
                throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
            }
@ -50,7 +48,6 @@ class ApiAuthenticate

        // Validate the token and it's users API access
        auth()->authenticate();
-        $this->ensureEmailConfirmedIfRequested();
    }

    /**
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -8,6 +8,7 @@ use BookStack\Auth\Access\ExternalBaseUserProvider;
 use BookStack\Auth\Access\Guards\LdapSessionGuard;
 use BookStack\Auth\Access\Guards\Saml2SessionGuard;
 use BookStack\Auth\Access\LdapService;
+use BookStack\Auth\Access\LoginService;
 use BookStack\Auth\Access\RegistrationService;
 use Illuminate\Support\ServiceProvider;

@ -21,7 +22,7 @@ class AuthServiceProvider extends ServiceProvider
    public function boot()
    {
        Auth::extend('api-token', function ($app, $name, array $config) {
-            return new ApiTokenGuard($app['request']);
+            return new ApiTokenGuard($app['request'], $app->make(LoginService::class));
        });

        Auth::extend('ldap-session', function ($app, $name, array $config) {
@ -30,7 +31,7 @@ class AuthServiceProvider extends ServiceProvider
            return new LdapSessionGuard(
                $name,
                $provider,
-                $this->app['session.store'],
+                $app['session.store'],
                $app[LdapService::class],
                $app[RegistrationService::class]
            );
@ -42,7 +43,7 @@ class AuthServiceProvider extends ServiceProvider
            return new Saml2SessionGuard(
                $name,
                $provider,
-                $this->app['session.store'],
+                $app['session.store'],
                $app[RegistrationService::class]
            );
        });