Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Logout user when their activated status is switched to off #10876

Merged
merged 1 commit into from
Mar 29, 2022
Merged

Logout user when their activated status is switched to off #10876

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions app/Http/Kernel.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ class Kernel extends HttpKernel
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\App\Http\Middleware\CheckLocale::class,
\App\Http\Middleware\CheckUserIsActivated::class,
\App\Http\Middleware\CheckForTwoFactor::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
\App\Http\Middleware\AssetCountForSidebar::class,
Expand Down
17 changes: 10 additions & 7 deletions app/Http/Middleware/Authenticate.php → app/Http/Middleware/CheckUserIsActivated.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@

use Closure;
use Illuminate\Contracts\Auth\Guard;
use Auth;

class Authenticate
class CheckUserIsActivated
{
/**
* The Guard implementation.
Expand Down Expand Up @@ -34,14 +35,16 @@ public function __construct(Guard $auth)
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}

// If there is a user AND the user is NOT activated, send them to the login page
// This prevents people who still have active sessions logged in and their status gets toggled
// to inactive (aka unable to login)
if (($request->user()) && (!$request->user()->isActivated())) {
Auth::logout();
return redirect()->guest('login');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually don't know this ->guest() method but so long as that takes you to /# that's good enough for me!

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a built-in laravel-ism that still applies middleware (like CSRF protection, etc) but doesn't apply the auth routes.

}

return $next($request);

}
}
2 changes: 1 addition & 1 deletion resources/lang/en/auth/message.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
return array(

'account_already_exists' => 'An account with the this email already exists.',
'account_not_found' => 'The username or password is incorrect.',
'account_not_found' => 'The username or password is incorrect or this user is not approved to login.',
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UGH - I hate to have to re-do a string this way, but I can totally see why we would.

'account_not_activated' => 'This user account is not activated.',
'account_suspended' => 'This user account is suspended.',
'account_banned' => 'This user account is banned.',
Expand Down