BookStack Code Mirror - bookstack/blob - app/Http/Middleware/EnforceMfaRequirements.php

   1 <?php
   2
   3 namespace BookStack\Http\Middleware;
   4
   5 use BookStack\Auth\Access\Mfa\MfaSession;
   6 use Closure;
   7
   8 class EnforceMfaRequirements
   9 {
  10     protected $mfaSession;
  11
  12     /**
  13      * EnforceMfaRequirements constructor.
  14      */
  15     public function __construct(MfaSession $mfaSession)
  16     {
  17         $this->mfaSession = $mfaSession;
  18     }
  19
  20     /**
  21      * Handle an incoming request.
  22      *
  23      * @param  \Illuminate\Http\Request  $request
  24      * @param  \Closure  $next
  25      * @return mixed
  26      */
  27     public function handle($request, Closure $next)
  28     {
  29         if (
  30             !$this->mfaSession->isVerified()
  31             && !$request->is('mfa/verify*', 'uploads/images/user/*')
  32             && $this->mfaSession->requiredForCurrentUser()
  33         ) {
  34             return redirect('/mfa/verify');
  35         }
  36
  37         // TODO - URI wildcard exceptions above allow access to the 404 page of this user
  38         //  which could then expose content. Either need to lock that down (Tricky to do image thing)
  39         //  or prevent any level of auth until verified.
  40
  41         // TODO - Need to redirect to setup if not configured AND ONLY IF NO OPTIONS CONFIGURED
  42         //    Might need to change up such routes to start with /configure/ for such identification.
  43         //    (Can't allow access to those if already configured)
  44         // TODO - Store mfa_pass into session for future requests?
  45
  46         return $next($request);
  47     }
  48 }