Adds test cases and fixes an issue with the permission checking.

[bookstack] / app / Http / Middleware / Authenticate.php

diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
index 563fb1e9d89e6336e9b10a98be0bdb407b8314a5..c9b2726e8c4eca4f9148f7567a035433bf216879 100644 (file)
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Oxbow\Http\Middleware;
+namespace BookStack\Http\Middleware;
 
 use Closure;
 use Illuminate\Contracts\Auth\Guard;
@@ -9,14 +9,12 @@ class Authenticate
 {
     /**
      * The Guard implementation.
-     *
      * @var Guard
      */
     protected $auth;
 
     /**
      * Create a new filter instance.
-     *
      * @param  Guard $auth
      */
     public function __construct(Guard $auth)
@@ -26,18 +24,24 @@ class Authenticate
 
     /**
      * Handle an incoming request.
-     *
      * @param  \Illuminate\Http\Request  $request
      * @param  \Closure  $next
      * @return mixed
      */
     public function handle($request, Closure $next)
     {
-        if ($this->auth->guest()) {
+        if ($this->auth->check()) {
+            $requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict'));
+            if ($requireConfirmation && !$this->auth->user()->email_confirmed) {
+                return redirect('/register/confirm/awaiting');
+            }
+        }
+
+        if ($this->auth->guest() && !setting('app-public')) {
             if ($request->ajax()) {
                 return response('Unauthorized.', 401);
             } else {
-                return redirect()->guest('/login');
+                return redirect()->guest(baseUrl('/login'));
             }
         }