diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index ecfa351e1d..ed55b534eb 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -2,7 +2,30 @@ namespace FireflyIII\Http; +use FireflyIII\Http\Middleware\Authenticate; +use FireflyIII\Http\Middleware\AuthenticateTwoFactor; +use FireflyIII\Http\Middleware\Binder; +use FireflyIII\Http\Middleware\EncryptCookies; +use FireflyIII\Http\Middleware\IsAdmin; +use FireflyIII\Http\Middleware\Range; +use FireflyIII\Http\Middleware\RedirectIfAuthenticated; +use FireflyIII\Http\Middleware\RedirectIfTwoFactorAuthenticated; +use FireflyIII\Http\Middleware\Sandstorm; +use FireflyIII\Http\Middleware\StartFireflySession; +use FireflyIII\Http\Middleware\TrimStrings; +use FireflyIII\Http\Middleware\TrustProxies; +use FireflyIII\Http\Middleware\VerifyCsrfToken; +use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth; +use Illuminate\Auth\Middleware\Authorize; +use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; use Illuminate\Foundation\Http\Kernel as HttpKernel; +use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode; +use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull; +use Illuminate\Foundation\Http\Middleware\ValidatePostSize; +use Illuminate\Routing\Middleware\SubstituteBindings; +use Illuminate\Routing\Middleware\ThrottleRequests; +use Illuminate\View\Middleware\ShareErrorsFromSession; + class Kernel extends HttpKernel { @@ -13,35 +36,120 @@ class Kernel extends HttpKernel * * @var array */ - protected $middleware = [ - \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, - \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, - \FireflyIII\Http\Middleware\TrimStrings::class, - \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, - \FireflyIII\Http\Middleware\TrustProxies::class, - ]; + protected $middleware + = [ + CheckForMaintenanceMode::class, + ValidatePostSize::class, + TrimStrings::class, + ConvertEmptyStringsToNull::class, + TrustProxies::class, + ]; /** * The application's route middleware groups. * * @var array */ - protected $middlewareGroups = [ - 'web' => [ - \FireflyIII\Http\Middleware\EncryptCookies::class, - \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, - \Illuminate\Session\Middleware\StartSession::class, - // \Illuminate\Session\Middleware\AuthenticateSession::class, - \Illuminate\View\Middleware\ShareErrorsFromSession::class, - \FireflyIII\Http\Middleware\VerifyCsrfToken::class, - \Illuminate\Routing\Middleware\SubstituteBindings::class, - ], + protected $middlewareGroups + = [ + // does not check login + // does not check 2fa + // does not check activation + 'web' => [ + Sandstorm::class, + EncryptCookies::class, + AddQueuedCookiesToResponse::class, + StartFireflySession::class, + ShareErrorsFromSession::class, + VerifyCsrfToken::class, + SubstituteBindings::class, + ], + + + // MUST NOT be logged in. Does not care about 2FA or confirmation. + 'user-not-logged-in' => [ + Sandstorm::class, + EncryptCookies::class, + AddQueuedCookiesToResponse::class, + StartFireflySession::class, + ShareErrorsFromSession::class, + VerifyCsrfToken::class, + SubstituteBindings::class, + RedirectIfAuthenticated::class, + ], + // MUST be logged in. + // MUST NOT have 2FA + // don't care about confirmation: + 'user-logged-in-no-2fa' => [ + Sandstorm::class, + EncryptCookies::class, + AddQueuedCookiesToResponse::class, + StartFireflySession::class, + ShareErrorsFromSession::class, + VerifyCsrfToken::class, + SubstituteBindings::class, + Authenticate::class, + RedirectIfTwoFactorAuthenticated::class, + ], + + // MUST be logged in + // don't care about 2fa + // don't care about confirmation. + 'user-simple-auth' => [ + Sandstorm::class, + EncryptCookies::class, + AddQueuedCookiesToResponse::class, + StartFireflySession::class, + ShareErrorsFromSession::class, + VerifyCsrfToken::class, + SubstituteBindings::class, + Authenticate::class, + ], + + // MUST be logged in + // MUST have 2fa + // MUST be confirmed. + // (this group includes the other Firefly middleware) + 'user-full-auth' => [ + Sandstorm::class, + EncryptCookies::class, + AddQueuedCookiesToResponse::class, + StartFireflySession::class, + ShareErrorsFromSession::class, + VerifyCsrfToken::class, + SubstituteBindings::class, + Authenticate::class, + AuthenticateTwoFactor::class, + Range::class, + Binder::class, + ], + // MUST be logged in + // MUST have 2fa + // MUST be confirmed. + // MUST have owner role + // (this group includes the other Firefly middleware) + 'admin' => [ + Sandstorm::class, + EncryptCookies::class, + AddQueuedCookiesToResponse::class, + StartFireflySession::class, + ShareErrorsFromSession::class, + VerifyCsrfToken::class, + SubstituteBindings::class, + Authenticate::class, + AuthenticateTwoFactor::class, + IsAdmin::class, + Range::class, + Binder::class, + ], + + + 'api' => [ + 'throttle:60,1', + 'bindings', + ], + ]; - 'api' => [ - 'throttle:60,1', - 'bindings', - ], - ]; /** * The application's route middleware. @@ -50,12 +158,13 @@ class Kernel extends HttpKernel * * @var array */ - protected $routeMiddleware = [ - 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, - 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, - 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, - 'can' => \Illuminate\Auth\Middleware\Authorize::class, - 'guest' => \FireflyIII\Http\Middleware\RedirectIfAuthenticated::class, - 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, - ]; + protected $routeMiddleware + = [ + 'auth' => Authenticate::class, + 'auth.basic' => AuthenticateWithBasicAuth::class, + 'bindings' => SubstituteBindings::class, + 'can' => Authorize::class, + 'guest' => RedirectIfAuthenticated::class, + 'throttle' => ThrottleRequests::class, + ]; }