Improved Authentication layer

Leantime · Nov 10, 2024 · d1a6c71 · d1a6c71
1 parent 61e4fb2
commit d1a6c71
Show file tree

Hide file tree

Showing 6 changed files with 105 additions and 209 deletions.
diff --git a/app/Core/Middleware/ApiAuth.php b/app/Core/Middleware/ApiAuth.php
@@ -8,7 +8,6 @@
 use Leantime\Core\Http\ApiRequest;
 use Leantime\Core\Http\IncomingRequest;
 use Leantime\Domain\Api\Services\Api as ApiService;
-use Leantime\Domain\Auth\Models\Roles;
 use Leantime\Domain\Auth\Services\Auth as AuthService;
 use Leantime\Domain\Projects\Services\Projects as ProjectsService;
 use Symfony\Component\HttpFoundation\Response;
@@ -20,16 +19,15 @@ class ApiAuth
     /**
      * Handle an incoming request
      *
-     * @param IncomingRequest                     $request
-     * @param \Closure(IncomingRequest): Response $next
+     * @param  \Closure(IncomingRequest): Response  $next
      **/
     public function handle(IncomingRequest $request, Closure $next): Response
     {
         if (! $request instanceof ApiRequest) {
             return $next($request);
         }
 
-        self::dispatch_event("before_api_request", ['application' => app()]);
+        self::dispatchEvent('before_api_request', ['application' => app()]);
 
         $apiKey = $request->getAPIKey();
         $apiUser = app()->make(ApiService::class)->getAPIKeyUser($apiKey);

diff --git a/app/Domain/Api/Services/Api.php b/app/Domain/Api/Services/Api.php
@@ -47,7 +47,6 @@ public function getAPIKeyUser(string $apiKey): bool|array
         $apiKeyParts = explode("_", $apiKey);
 
         if (!is_array($apiKeyParts) || count($apiKeyParts) != 3) {
-            report("Not a valid API Key format");
             return false;
         }
 
@@ -56,8 +55,6 @@ public function getAPIKeyUser(string $apiKey): bool|array
         $key = $apiKeyParts[2];
 
         if ($namespace != "lt") {
-            report("Unknown namespace for API request");
-
             return false;
         }
 
@@ -200,7 +197,7 @@ public function jsonResponse(int $id, ?array $result): void
      */
     public function getCaseCorrectPathFromManifest(string $filepath): string|false
     {
-        $manifest = mix()->getManifest();
+        $manifest = mix('')->getManifest();
         $clone = array_change_key_case(collect(Arr::dot($manifest))
             ->mapWithKeys(fn ($value, $key) => [Str::of($key)->replaceFirst('./', '/')->lower()->toString() => $value])
             ->all());

diff --git a/app/Domain/Auth/Controllers/Login.php b/app/Domain/Auth/Controllers/Login.php
@@ -104,12 +104,13 @@ public function post(array $params): Response
 
             //If login successful redirect to the correct url to avoid post on reload
             if ($this->authService->login($username, $password) === true) {
+
+                self::dispatch_event("successfulLogin", ['post' => $_POST]);
+
                 if ($this->authService->use2FA()) {
                     return FrontcontrollerCore::redirect(BASE_URL . "/auth/twoFA");
                 }
 
-                self::dispatch_event("afterAuthServiceCall", ['post' => $_POST]);
-
                 return FrontcontrollerCore::redirect($redirectUrl);
             } else {
                 $this->tpl->setNotification("notifications.username_or_password_incorrect", "error");

diff --git a/app/Domain/Auth/Controllers/ResetPw.php b/app/Domain/Auth/Controllers/ResetPw.php
@@ -54,7 +54,7 @@ public function init(
      */
     public function get(array $params): Response
     {
-        if ((isset($_GET["id"]) === true && $this->authService->validateResetLink($_GET["id"]))) {
+        if ((isset($params["id"]) === true && $this->authService->validateResetLink($params["id"]))) {
             return $this->tpl->display('auth.resetPw', 'entry');
         } else {
             return $this->tpl->display('auth.requestPwLink', 'entry');
@@ -90,11 +90,11 @@ public function post(array $params): Response
             if (strlen($_POST['password']) == 0 || $_POST['password'] != $_POST['password2']) {
                 $this->tpl->setNotification($this->language->__('notification.passwords_dont_match'), "error");
 
-                return FrontcontrollerCore::redirect(BASE_URL . "/auth/resetPw/" . $_GET['id']);
+                return FrontcontrollerCore::redirect(BASE_URL . "/auth/resetPw/" . $params['id']);
             }
 
             if ($this->userService->checkPasswordStrength($_POST['password'])) {
-                if ($this->authService->changePW($_POST['password'], $_GET['id'])) {
+                if ($this->authService->changePW($_POST['password'], $params['id'])) {
                     $this->tpl->setNotification(
                         $this->language->__('notifications.passwords_changed_successfully'),
                         "success",
@@ -109,22 +109,22 @@ public function post(array $params): Response
                     "error"
                 );
 
-                return FrontcontrollerCore::redirect(BASE_URL . "/auth/resetPw/" . $_GET['id']);
+                return FrontcontrollerCore::redirect(BASE_URL . "/auth/resetPw/" . $params['id']);
             }
 
             $this->tpl->setNotification(
                 $this->language->__("notification.password_not_strong_enough"),
                 'error'
             );
 
-            return FrontcontrollerCore::redirect(BASE_URL . "/auth/resetPw/" . $_GET['id']);
+            return FrontcontrollerCore::redirect(BASE_URL . "/auth/resetPw/" . $params['id']);
         }
 
         $this->tpl->setNotification(
             $this->language->__('notifications.problem_resetting_password'),
             "error"
         );
 
-        return FrontcontrollerCore::redirect(BASE_URL . '/auth/resetPw/' . $_GET["id"] ?? '');
+        return FrontcontrollerCore::redirect(BASE_URL . '/auth/resetPw/' . $params["id"] ?? '');
     }
 }