From 10b70d4a09f199bbad1a157d451010dae7360444 Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 15 Oct 2018 13:02:16 +0100 Subject: [PATCH] changes --- app/Http/Controllers/Auth/LoginController.php | 67 ++++++++++++++++++- .../Controllers/Auth/RegisterController.php | 2 +- .../Auth/ResetPasswordController.php | 2 +- app/Http/Controllers/HomeController.php | 2 +- app/Http/Controllers/ItemController.php | 5 +- app/Http/Controllers/SettingsController.php | 7 ++ app/Http/Controllers/TagController.php | 4 ++ app/Http/Controllers/UserController.php | 25 ++++++- app/Http/Kernel.php | 1 + app/Http/Middleware/CheckAllowed.php | 46 +++++++++++++ .../Middleware/RedirectIfAuthenticated.php | 2 +- app/User.php | 1 + resources/views/auth/login.blade.php | 16 +---- resources/views/users/index.blade.php | 2 + routes/web.php | 2 +- 15 files changed, 158 insertions(+), 26 deletions(-) create mode 100644 app/Http/Middleware/CheckAllowed.php diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 2488a467..2fce4158 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -5,6 +5,10 @@ namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use Illuminate\Foundation\Auth\AuthenticatesUsers; use App\User; +use Illuminate\Http\Request; +use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\Session; +use Illuminate\Support\Facades\URL; class LoginController extends Controller { @@ -35,16 +39,54 @@ class LoginController extends Controller */ public function __construct() { + Session::put('backUrl', URL::previous()); $this->middleware('guest')->except('logout'); } + + + /** + * Handle a login request to the application. + * + * @param \Illuminate\Http\Request $request + * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse + * + * @throws \Illuminate\Validation\ValidationException + */ + public function login(Request $request) + { + $current_user = User::currentUser(); + $request->merge(['email' => $current_user->email]); + //die(print_r($request->all())); + $this->validateLogin($request); + + // If the class is using the ThrottlesLogins trait, we can automatically throttle + // the login attempts for this application. We'll key this by the username and + // the IP address of the client making these requests into this application. + if ($this->hasTooManyLoginAttempts($request)) { + $this->fireLockoutEvent($request); + + return $this->sendLockoutResponse($request); + } + + if ($this->attemptLogin($request)) { + return $this->sendLoginResponse($request); + } + + // If the login attempt was unsuccessful we will increment the number of attempts + // to login and redirect the user back to the login form. Of course, when this + // user surpasses their maximum number of attempts they will get locked out. + $this->incrementLoginAttempts($request); + + return $this->sendFailedLoginResponse($request); + } + public function index() { - $data['users'] = User::all(); - return view('userselect', $data); } public function setUser(User $user) { + Auth::logout(); session(['current_user' => $user]); return redirect()->route('dash'); } @@ -53,4 +95,25 @@ class LoginController extends Controller { } + + /** + * Show the application's login form. + * + * @return \Illuminate\Http\Response + */ + public function showLoginForm() + { + return view('auth.login'); + } + + protected function authenticated(Request $request, $user) + { + return back(); + } + + public function redirectTo() + { + return Session::get('url.intended') ? Session::get('url.intended') : $this->redirectTo; + } + } diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index f77265ab..d5bfca5a 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -27,7 +27,7 @@ class RegisterController extends Controller * * @var string */ - protected $redirectTo = '/home'; + protected $redirectTo = '/'; /** * Create a new controller instance. diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php index cf726eec..2c863aa6 100644 --- a/app/Http/Controllers/Auth/ResetPasswordController.php +++ b/app/Http/Controllers/Auth/ResetPasswordController.php @@ -25,7 +25,7 @@ class ResetPasswordController extends Controller * * @var string */ - protected $redirectTo = '/home'; + protected $redirectTo = '/'; /** * Create a new controller instance. diff --git a/app/Http/Controllers/HomeController.php b/app/Http/Controllers/HomeController.php index a3af7dd8..374563c8 100644 --- a/app/Http/Controllers/HomeController.php +++ b/app/Http/Controllers/HomeController.php @@ -23,6 +23,6 @@ class HomeController extends Controller */ public function index() { - return view('home'); + return redirect()->route('dash'); } } diff --git a/app/Http/Controllers/ItemController.php b/app/Http/Controllers/ItemController.php index ee5200d0..63d8d5f6 100644 --- a/app/Http/Controllers/ItemController.php +++ b/app/Http/Controllers/ItemController.php @@ -11,7 +11,10 @@ use Illuminate\Support\Facades\Storage; class ItemController extends Controller { - + public function __construct() + { + $this->middleware('allowed'); + } /** * Display a listing of the resource on the dashboard. * diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 17217b28..b44e366d 100644 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -5,15 +5,22 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; use App\Setting; use App\SettingGroup; +use App\User; +use Illuminate\Support\Facades\Auth; use App\Http\Controllers\Controller; class SettingsController extends Controller { + public function __construct() + { + } + /** * @return \Illuminate\View\View */ public function index() { + User::checkAuthOrLogin(); $settings = SettingGroup::with([ 'settings', ])->orderBy('order', 'ASC')->get(); diff --git a/app/Http/Controllers/TagController.php b/app/Http/Controllers/TagController.php index aa0a4880..6bac8a04 100644 --- a/app/Http/Controllers/TagController.php +++ b/app/Http/Controllers/TagController.php @@ -8,6 +8,10 @@ use DB; class TagController extends Controller { + public function __construct() + { + $this->middleware('allowed'); + } /** * Display a listing of the resource. * diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 93991244..a6bae1fa 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -6,9 +6,14 @@ use Illuminate\Http\Request; use App\Http\Controllers\Controller; use App\User; use Illuminate\Support\Str; +use Illuminate\Support\Facades\Auth; class UserController extends Controller { + public function __construct() + { + $this->middleware('allowed')->except(['selectUser']); + } /** * Display a listing of the resource. * @@ -31,6 +36,14 @@ class UserController extends Controller return view('users.create', $data); } + public function selectUser() + { + Auth::logout(); + $data['users'] = User::all(); + return view('userselect', $data); + + } + /** * Store a newly created resource in storage. * @@ -53,7 +66,7 @@ class UserController extends Controller $password = $request->input('password'); if(!empty($password)) { - $user->password = bcrypt(); + $user->password = bcrypt($password); } if($request->hasFile('file')) { @@ -149,8 +162,14 @@ class UserController extends Controller * @param int $id * @return \Illuminate\Http\Response */ - public function destroy($id) + public function destroy(User $user) { - // + if($user->id !== 1) { + $user->delete(); + $route = route('dash', [], false); + return redirect($route) + ->with('success',__('app.alert.success.user_deleted')); + + } } } diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 93bf68bf..e9e665a6 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -51,6 +51,7 @@ class Kernel extends HttpKernel * @var array */ protected $routeMiddleware = [ + 'allowed' => \App\Http\Middleware\CheckAllowed::class, 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, diff --git a/app/Http/Middleware/CheckAllowed.php b/app/Http/Middleware/CheckAllowed.php new file mode 100644 index 00000000..249967e1 --- /dev/null +++ b/app/Http/Middleware/CheckAllowed.php @@ -0,0 +1,46 @@ +id !== 1) { + return redirect()->route('dash'); + } + } + + if($route == 'dash') { + if((bool)$current_user->public_front === true) return $next($request); + } + + if(empty($current_user->password)) return $next($request); + + // Check if user is logged in as $current_user + if (Auth::check()) { + $loggedin_user = Auth::user(); + if($loggedin_user->id === $current_user->id) return $next($request); + } + + return Auth::authenticate(); + + } +} diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php index e4cec9c8..0d289bde 100644 --- a/app/Http/Middleware/RedirectIfAuthenticated.php +++ b/app/Http/Middleware/RedirectIfAuthenticated.php @@ -18,7 +18,7 @@ class RedirectIfAuthenticated public function handle($request, Closure $next, $guard = null) { if (Auth::guard($guard)->check()) { - return redirect('/home'); + return redirect()->intended(); } return $next($request); diff --git a/app/User.php b/app/User.php index cce5315e..3461616d 100644 --- a/app/User.php +++ b/app/User.php @@ -56,4 +56,5 @@ class User extends Authenticatable } + } diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php index 07924ce6..33605813 100644 --- a/resources/views/auth/login.blade.php +++ b/resources/views/auth/login.blade.php @@ -5,26 +5,12 @@
-
Login
+
Login as {{ \App\User::currentUser()->name }}
{{ csrf_field() }} -
- - -
- - - @if ($errors->has('email')) - - {{ $errors->first('email') }} - - @endif -
-
-
diff --git a/resources/views/users/index.blade.php b/resources/views/users/index.blade.php index 815f9a94..de475a70 100644 --- a/resources/views/users/index.blade.php +++ b/resources/views/users/index.blade.php @@ -41,9 +41,11 @@ target }} href="{!! route('users.edit', [$user->id], false) !!}" title="{{ __('user.settings.edit') }} {!! $user->title !!}"> + @if($user->id !== 1) {!! Form::open(['method' => 'DELETE','route' => ['users.destroy', $user->id],'style'=>'display:inline']) !!} {!! Form::close() !!} + @endif @endforeach diff --git a/routes/web.php b/routes/web.php index 77d421d7..58d4b62a 100644 --- a/routes/web.php +++ b/routes/web.php @@ -12,7 +12,7 @@ */ Route::get('/userselect/{user}', 'Auth\LoginController@setUser')->name('user.set'); -Route::get('/userselect', 'Auth\LoginController@index')->name('user.select'); +Route::get('/userselect', 'UserController@selectUser')->name('user.select'); Route::get('/autologin/{uuid}', 'Auth\LoginController@autologin')->name('user.autologin'); Route::get('/', 'ItemController@dash')->name('dash');