X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/dec0cbb1b25d139c504923a15b4ce884562c7404..refs/pull/2700/head:/app/Http/Middleware/Authenticate.php diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php index f3c6f5925..df8c44d35 100644 --- a/app/Http/Middleware/Authenticate.php +++ b/app/Http/Middleware/Authenticate.php @@ -1,51 +1,53 @@ auth = $auth; - } + use ChecksForEmailConfirmation; /** * Handle an incoming request. - * - * @param \Illuminate\Http\Request $request - * @param \Closure $next - * @return mixed */ - public function handle($request, Closure $next) + public function handle(Request $request, Closure $next) { - if(auth()->check() && auth()->user()->email_confirmed == false) { - return redirect()->guest('/register/confirm/awaiting'); + if ($this->awaitingEmailConfirmation()) { + return $this->emailConfirmationErrorResponse($request); } - if ($this->auth->guest() && !Setting::get('app-public')) { + + if (!hasAppAccess()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { - return redirect()->guest('/login'); + return redirect()->guest(url('/login')); } } return $next($request); } + + /** + * Provide an error response for when the current user's email is not confirmed + * in a system which requires it. + */ + protected function emailConfirmationErrorResponse(Request $request) + { + if ($request->wantsJson()) { + return response()->json([ + 'error' => [ + 'code' => 401, + 'message' => trans('errors.email_confirmation_awaiting') + ] + ], 401); + } + + if (session()->get('sent-email-confirmation') === true) { + return redirect('/register/confirm'); + } + + return redirect('/register/confirm/awaiting'); + } }