| | <?php |
| |
|
| | namespace Kanboard\Middleware; |
| |
|
| | use Kanboard\Core\Controller\AccessForbiddenException; |
| | use Kanboard\Core\Controller\BaseMiddleware; |
| | use Kanboard\Core\Security\Role; |
| |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | class AuthenticationMiddleware extends BaseMiddleware |
| | { |
| | |
| | |
| | |
| | public function execute() |
| | { |
| | if (! $this->authenticationManager->checkCurrentSession()) { |
| | $this->response->redirect($this->helper->url->to('AuthController', 'login')); |
| | return; |
| | } |
| |
|
| | if (! $this->isPublicAccess()) { |
| | $this->handleAuthentication(); |
| | } |
| |
|
| | $this->next(); |
| | } |
| |
|
| | protected function handleAuthentication() |
| | { |
| | if (! $this->userSession->isLogged() && ! $this->authenticationManager->preAuthentication()) { |
| | $this->nextMiddleware = null; |
| |
|
| | if ($this->request->isAjax()) { |
| | $this->response->text('Not Authorized', 401); |
| | } else { |
| | session_set('redirectAfterLogin', $this->request->getUri()); |
| | $this->response->redirect($this->helper->url->to('AuthController', 'login')); |
| | } |
| | } |
| | } |
| |
|
| | protected function isPublicAccess() |
| | { |
| | if ($this->applicationAuthorization->isAllowed($this->router->getController(), $this->router->getAction(), Role::APP_PUBLIC)) { |
| | $this->nextMiddleware = null; |
| | return true; |
| | } |
| |
|
| | return false; |
| | } |
| | } |
| |
|
