beenull/Heimdall
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

changes

Browse source
This commit is contained in:
Chris 2018-10-15 13:02:16 +01:00
parent cb9e014cf3
commit 10b70d4a09
15 changed files with 158 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
app/Http/Controllers/Auth/LoginController.php
View file

@ -5,6 +5,10 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\URL;
class LoginController extends Controller
{
@ -35,16 +39,54 @@ class LoginController extends Controller
*/
public function __construct()
{
Session::put('backUrl', URL::previous());
$this->middleware('guest')->except('logout');
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*
* @throws \Illuminate\Validation\ValidationException
*/
public function login(Request $request)
{
$current_user = User::currentUser();
$request->merge(['email' => $current_user->email]);
//die(print_r($request->all()));
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
public function index()
{
$data['users'] = User::all();
return view('userselect', $data);
}
public function setUser(User $user)
{
Auth::logout();
session(['current_user' => $user]);
return redirect()->route('dash');
}
@ -53,4 +95,25 @@ class LoginController extends Controller
{
}
/**
* Show the application's login form.
*
* @return \Illuminate\Http\Response
*/
public function showLoginForm()
{
return view('auth.login');
}
protected function authenticated(Request $request, $user)
{
return back();
}
public function redirectTo()
{
return Session::get('url.intended') ? Session::get('url.intended') : $this->redirectTo;
}
}

2
app/Http/Controllers/Auth/RegisterController.php
View file

@ -27,7 +27,7 @@ class RegisterController extends Controller
*
* @var string
*/
protected $redirectTo = '/home';
protected $redirectTo = '/';
/**
* Create a new controller instance.

2
app/Http/Controllers/Auth/ResetPasswordController.php
View file

@ -25,7 +25,7 @@ class ResetPasswordController extends Controller
*
* @var string
*/
protected $redirectTo = '/home';
protected $redirectTo = '/';
/**
* Create a new controller instance.

2
app/Http/Controllers/HomeController.php
View file

@ -23,6 +23,6 @@ class HomeController extends Controller
*/
public function index()
{
return view('home');
return redirect()->route('dash');
}
}

5
app/Http/Controllers/ItemController.php
View file

@ -11,7 +11,10 @@ use Illuminate\Support\Facades\Storage;
class ItemController extends Controller
{
public function __construct()
{
$this->middleware('allowed');
}
/**
* Display a listing of the resource on the dashboard.
*

7
app/Http/Controllers/SettingsController.php
View file

@ -5,15 +5,22 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Setting;
use App\SettingGroup;
use App\User;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
class SettingsController extends Controller
{
public function __construct()
{
}
/**
* @return \Illuminate\View\View
*/
public function index()
{
User::checkAuthOrLogin();
$settings = SettingGroup::with([
'settings',
])->orderBy('order', 'ASC')->get();

4
app/Http/Controllers/TagController.php
View file

@ -8,6 +8,10 @@ use DB;
class TagController extends Controller
{
public function __construct()
{
$this->middleware('allowed');
}
/**
* Display a listing of the resource.
*

25
app/Http/Controllers/UserController.php
View file

@ -6,9 +6,14 @@ use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\User;
use Illuminate\Support\Str;
use Illuminate\Support\Facades\Auth;
class UserController extends Controller
{
public function __construct()
{
$this->middleware('allowed')->except(['selectUser']);
}
/**
* Display a listing of the resource.
*
@ -31,6 +36,14 @@ class UserController extends Controller
return view('users.create', $data);
}
public function selectUser()
{
Auth::logout();
$data['users'] = User::all();
return view('userselect', $data);
}
/**
* Store a newly created resource in storage.
*
@ -53,7 +66,7 @@ class UserController extends Controller
$password = $request->input('password');
if(!empty($password)) {
$user->password = bcrypt();
$user->password = bcrypt($password);
}
if($request->hasFile('file')) {
@ -149,8 +162,14 @@ class UserController extends Controller
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy($id)
public function destroy(User $user)
{
//
if($user->id !== 1) {
$user->delete();
$route = route('dash', [], false);
return redirect($route)
->with('success',__('app.alert.success.user_deleted'));
}
}
}

1
app/Http/Kernel.php
View file

@ -51,6 +51,7 @@ class Kernel extends HttpKernel
* @var array
*/
protected $routeMiddleware = [
'allowed' => \App\Http\Middleware\CheckAllowed::class,
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,

46
app/Http/Middleware/CheckAllowed.php Normal file
View file

@ -0,0 +1,46 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
use App\User;
use Illuminate\Support\Facades\Route;
use Session;
class CheckAllowed
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$route = Route::currentRouteName();
$current_user = User::currentUser();
if(str_is('users*', $route)) {
if($current_user->id !== 1) {
return redirect()->route('dash');
}
}
if($route == 'dash') {
if((bool)$current_user->public_front === true) return $next($request);
}
if(empty($current_user->password)) return $next($request);
// Check if user is logged in as $current_user
if (Auth::check()) {
$loggedin_user = Auth::user();
if($loggedin_user->id === $current_user->id) return $next($request);
}
return Auth::authenticate();
}
}

2
app/Http/Middleware/RedirectIfAuthenticated.php
View file

@ -18,7 +18,7 @@ class RedirectIfAuthenticated
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/home');
return redirect()->intended();
}
return $next($request);

1
app/User.php
View file

@ -56,4 +56,5 @@ class User extends Authenticatable
}
}

16
resources/views/auth/login.blade.php
View file

@ -5,26 +5,12 @@
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading">Login</div>
<div class="panel-heading">Login as {{ \App\User::currentUser()->name }}</div>
<div class="panel-body">
<form class="form-horizontal" method="POST" action="{{ route('login') }}">
{{ csrf_field() }}
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ old('email') }}" required autofocus>
@if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>

2
resources/views/users/index.blade.php
View file

@ -41,9 +41,11 @@
</td>
<td class="text-center"><a{{ $user->target }} href="{!! route('users.edit', [$user->id], false) !!}" title="{{ __('user.settings.edit') }} {!! $user->title !!}"><i class="fas fa-edit"></i></a></td>
<td class="text-center">
@if($user->id !== 1)
{!! Form::open(['method' => 'DELETE','route' => ['users.destroy', $user->id],'style'=>'display:inline']) !!}
<button class="link" type="submit"><i class="fa fa-trash-alt"></i></button>
{!! Form::close() !!}
@endif
</td>
</tr>
@endforeach

2
routes/web.php
View file

@ -12,7 +12,7 @@
*/
Route::get('/userselect/{user}', 'Auth\LoginController@setUser')->name('user.set');
Route::get('/userselect', 'Auth\LoginController@index')->name('user.select');
Route::get('/userselect', 'UserController@selectUser')->name('user.select');
Route::get('/autologin/{uuid}', 'Auth\LoginController@autologin')->name('user.autologin');
Route::get('/', 'ItemController@dash')->name('dash');