kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-30 10:05:45 +00:00
Code Issues Projects Releases Wiki Activity

PSR7-decoupled rework of authentication fixup (#697)

Browse Source
This commit is contained in:
James Addison 2020-04-03 17:45:40 +01:00 committed by GitHub
parent 9a9b4d1000
commit ca9354064d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
middleware/SessionAuthMiddleware.php
View File

@ -4,6 +4,7 @@ namespace Grocy\Middleware;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler; use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ResponseInterface as Response;
use Slim\Routing\RouteContext; use Slim\Routing\RouteContext;
@ -12,13 +13,15 @@ use Grocy\Services\LocalizationService;
class SessionAuthMiddleware extends BaseMiddleware class SessionAuthMiddleware extends BaseMiddleware
{ {
public function __construct(\DI\Container $container, string $sessionCookieName) public function __construct(\DI\Container $container, string $sessionCookieName, ResponseFactoryInterface $responseFactory)
{ {
parent::__construct($container); parent::__construct($container);
$this->SessionCookieName = $sessionCookieName; $this->SessionCookieName = $sessionCookieName;
$this->ResponseFactory = $responseFactory;
} }
protected $SessionCookieName; protected $SessionCookieName;
protected $ResponseFactory;
public function __invoke(Request $request, RequestHandler $handler): Response public function __invoke(Request $request, RequestHandler $handler): Response
{ {
@ -44,8 +47,8 @@ class SessionAuthMiddleware extends BaseMiddleware
if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login') if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login')
{ {
define('GROCY_AUTHENTICATED', false); define('GROCY_AUTHENTICATED', false);
$response = new \Slim\Psr7\Response(); // No content when unauthorized $response = $this->responseFactory->createResponse();
$response = $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login')); return $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login'));
} }
else else
{ {

2
routes.php
View File

@ -132,7 +132,7 @@ $app->group('', function(RouteCollectorProxy $group)
$group->get('/api', '\Grocy\Controllers\OpenApiController:DocumentationUi'); $group->get('/api', '\Grocy\Controllers\OpenApiController:DocumentationUi');
$group->get('/manageapikeys', '\Grocy\Controllers\OpenApiController:ApiKeysList'); $group->get('/manageapikeys', '\Grocy\Controllers\OpenApiController:ApiKeysList');
$group->get('/manageapikeys/new', '\Grocy\Controllers\OpenApiController:CreateNewApiKey'); $group->get('/manageapikeys/new', '\Grocy\Controllers\OpenApiController:CreateNewApiKey');
})->add(new SessionAuthMiddleware($container, $container->get('LoginControllerInstance')->GetSessionCookieName())); })->add(new SessionAuthMiddleware($container, $container->get('LoginControllerInstance')->GetSessionCookieName(), $app->getResponseFactory()));
$app->group('/api', function(RouteCollectorProxy $group) $app->group('/api', function(RouteCollectorProxy $group)
{ {