|
<?php |
|
|
|
namespace Kanboard\Middleware; |
|
|
|
use Kanboard\Core\Controller\AccessForbiddenException; |
|
use Kanboard\Core\Controller\BaseMiddleware; |
|
use Kanboard\Core\Security\Role; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class AuthenticationMiddleware extends BaseMiddleware |
|
{ |
|
|
|
|
|
|
|
public function execute() |
|
{ |
|
if (! $this->authenticationManager->checkCurrentSession()) { |
|
$this->response->redirect($this->helper->url->to('AuthController', 'login')); |
|
return; |
|
} |
|
|
|
if (! $this->isPublicAccess()) { |
|
$this->handleAuthentication(); |
|
} |
|
|
|
$this->next(); |
|
} |
|
|
|
protected function handleAuthentication() |
|
{ |
|
if (! $this->userSession->isLogged() && ! $this->authenticationManager->preAuthentication()) { |
|
$this->nextMiddleware = null; |
|
|
|
if ($this->request->isAjax()) { |
|
$this->response->text('Not Authorized', 401); |
|
} else { |
|
session_set('redirectAfterLogin', $this->request->getUri()); |
|
$this->response->redirect($this->helper->url->to('AuthController', 'login')); |
|
} |
|
} |
|
} |
|
|
|
protected function isPublicAccess() |
|
{ |
|
if ($this->applicationAuthorization->isAllowed($this->router->getController(), $this->router->getAction(), Role::APP_PUBLIC)) { |
|
$this->nextMiddleware = null; |
|
return true; |
|
} |
|
|
|
return false; |
|
} |
|
} |
|
|