From d25ae50d30554b3be81037d7f62842b79c2d318d Mon Sep 17 00:00:00 2001 From: James Cole Date: Sun, 26 Oct 2025 10:09:59 +0100 Subject: [PATCH] Fix routes. --- routes/web.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/routes/web.php b/routes/web.php index b37e68c5bc..4f05a8622c 100644 --- a/routes/web.php +++ b/routes/web.php @@ -121,11 +121,11 @@ Route::group( Route::post('logout', ['uses' => 'Auth\LoginController@logout', 'as' => 'logout']); Route::get('flush', ['uses' => 'DebugController@flush', 'as' => 'flush']); Route::get('routes', ['uses' => 'DebugController@routes', 'as' => 'routes']); - Route::get('debug', 'DebugController@index')->name('debug'); - Route::get('debug/api-test', 'DebugController@apiTest')->name('api-test'); } ); + + // For the two factor routes, the user must be logged in, but NOT 2FA. Account confirmation does not matter here. Route::group( ['middleware' => 'user-logged-in-no-2fa', 'prefix' => 'two-factor', 'as' => 'two-factor.', 'namespace' => 'FireflyIII\Http\Controllers\Auth'], @@ -137,6 +137,16 @@ Route::group( // For all other routes, the user must be fully authenticated and have an activated account. +// For some other routes, it is only relevant that the user is authenticated. +Route::group( + ['middleware' => 'user-full-auth', 'namespace' => 'FireflyIII\Http\Controllers'], + static function (): void { + Route::get('debug', 'DebugController@index')->name('debug'); + Route::get('debug/api-test', 'DebugController@apiTest')->name('api-test'); + } +); + + // Home Controller. Route::group( ['middleware' => ['user-full-auth'], 'namespace' => 'FireflyIII\Http\Controllers'],