Merge pull request rrze-mmz#53 from rrze-mmz/51-implement-acl-display…

…-on-clip-page-and-redirect-users-to-last-visited-clip-page-after-login Show hints about the acls in clip pages
stefanosgeo · Feb 15, 2024 · 199b958 · 199b958
2 parents 9cb7eed + 670e0db
commit 199b958
Show file tree

Hide file tree

Showing 12 changed files with 246 additions and 119 deletions.
diff --git a/app/Http/Controllers/Auth/AuthenticatedSessionController.php b/app/Http/Controllers/Auth/AuthenticatedSessionController.php
@@ -39,17 +39,20 @@ public function store(LoginRequest $request): RedirectResponse
 
         $request->session()->regenerate();
 
-        $setting = Setting::firstOrCreate(
+        Setting::firstOrCreate(
             ['name' => auth()->user()->username],
             [
                 'data' => config('settings.user'),
             ]
         );
         $lang = auth()->user()->settings->data['language'];
-
         $request->session()->put('locale', $lang);
 
-        return redirect()->intended(RouteServiceProvider::HOME);
+        if (session()->has('url.intended')) {
+            return redirect()->intended(session('url.intended'));
+        } else {
+            return redirect()->intended(RouteServiceProvider::HOME);
+        }
     }
 
     /**
@@ -64,6 +67,6 @@ public function destroy(Request $request): RedirectResponse
         $request->session()->regenerateToken();
 
         //        return to_route('saml.logout');
-        return redirect('/');
+        return redirect()->intended(RouteServiceProvider::HOME);
     }
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -2,7 +2,32 @@
 
 namespace App\Http;
 
+use App\Http\Middleware\AcceptUseTerms;
+use App\Http\Middleware\Authenticate;
+use App\Http\Middleware\EncryptCookies;
+use App\Http\Middleware\EnsureAccessTokenIsValid;
+use App\Http\Middleware\EnsureUserIsAdmin;
+use App\Http\Middleware\Localization;
+use App\Http\Middleware\PreventRequestsDuringMaintenance;
+use App\Http\Middleware\RedirectIfAuthenticated;
+use App\Http\Middleware\RememberPreviousUrlMiddleware;
+use App\Http\Middleware\TrimStrings;
+use App\Http\Middleware\TrustProxies;
+use App\Http\Middleware\VerifyCsrfToken;
+use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
+use Illuminate\Auth\Middleware\Authorize;
+use Illuminate\Auth\Middleware\EnsureEmailIsVerified;
+use Illuminate\Auth\Middleware\RequirePassword;
+use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
+use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
+use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
+use Illuminate\Http\Middleware\SetCacheHeaders;
+use Illuminate\Routing\Middleware\SubstituteBindings;
+use Illuminate\Routing\Middleware\ThrottleRequests;
+use Illuminate\Routing\Middleware\ValidateSignature;
+use Illuminate\Session\Middleware\StartSession;
+use Illuminate\View\Middleware\ShareErrorsFromSession;
 
 class Kernel extends HttpKernel
 {
@@ -15,11 +40,12 @@ class Kernel extends HttpKernel
      */
     protected $middleware = [
         // \App\Http\Middleware\TrustHosts::class,
-        \App\Http\Middleware\TrustProxies::class,
-        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        TrustProxies::class,
+        PreventRequestsDuringMaintenance::class,
+        ValidatePostSize::class,
+        TrimStrings::class,
+        ConvertEmptyStringsToNull::class,
+
     ];
 
     /**
@@ -29,24 +55,25 @@ class Kernel extends HttpKernel
      */
     protected $middlewareGroups = [
         'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
+            EncryptCookies::class,
+            AddQueuedCookiesToResponse::class,
+            StartSession::class,
             // \Illuminate\Session\Middleware\AuthenticateSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\Localization::class,
+            ShareErrorsFromSession::class,
+            VerifyCsrfToken::class,
+            SubstituteBindings::class,
+            Localization::class,
+            RememberPreviousUrlMiddleware::class,
         ],
 
         'api' => [
             'throttle:api',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            SubstituteBindings::class,
         ],
         'saml' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
+            EncryptCookies::class,
+            AddQueuedCookiesToResponse::class,
+            StartSession::class,
         ],
     ];
 
@@ -58,17 +85,17 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-        'access.token' => \App\Http\Middleware\EnsureAccessTokenIsValid::class,
-        'user.admin' => \App\Http\Middleware\EnsureUserIsAdmin::class,
-        'use.terms' => \App\Http\Middleware\AcceptUseTerms::class,
+        'auth' => Authenticate::class,
+        'auth.basic' => AuthenticateWithBasicAuth::class,
+        'cache.headers' => SetCacheHeaders::class,
+        'can' => Authorize::class,
+        'guest' => RedirectIfAuthenticated::class,
+        'password.confirm' => RequirePassword::class,
+        'signed' => ValidateSignature::class,
+        'throttle' => ThrottleRequests::class,
+        'verified' => EnsureEmailIsVerified::class,
+        'access.token' => EnsureAccessTokenIsValid::class,
+        'user.admin' => EnsureUserIsAdmin::class,
+        'use.terms' => AcceptUseTerms::class,
     ];
 }
diff --git a/app/Http/Middleware/RememberPreviousUrlMiddleware.php b/app/Http/Middleware/RememberPreviousUrlMiddleware.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class RememberPreviousUrlMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  Closure(Request): (Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (! $request->is('login', 'logout', 'register', 'password/*', 'verify-email/*', 'verified/*')) {
+            session(['url.intended' => url()->current()]);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Http/Requests/Auth/LoginRequest.php b/app/Http/Requests/Auth/LoginRequest.php
@@ -13,20 +13,16 @@ class LoginRequest extends FormRequest
 {
     /**
      * Determine if the user is authorized to make this request.
-     *
-     * @return bool
      */
-    public function authorize()
+    public function authorize(): bool
     {
         return true;
     }
 
     /**
      * Get the validation rules that apply to the request.
-     *
-     * @return array
      */
-    public function rules()
+    public function rules(): array
     {
         return [
             'username' => ['required', 'string'],
@@ -37,11 +33,10 @@ public function rules()
     /**
      * Attempt to authenticate the request's credentials.
      *
-     * @return void
      *
-     * @throws \Illuminate\Validation\ValidationException
+     * @throws ValidationException
      */
-    public function authenticate()
+    public function authenticate(): void
     {
         $this->ensureIsNotRateLimited();
 
@@ -59,11 +54,10 @@ public function authenticate()
     /**
      * Ensure the login request is not rate limited.
      *
-     * @return void
      *
-     * @throws \Illuminate\Validation\ValidationException
+     * @throws ValidationException
      */
-    public function ensureIsNotRateLimited()
+    public function ensureIsNotRateLimited(): void
     {
         if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
             return;
@@ -83,10 +77,8 @@ public function ensureIsNotRateLimited()
 
     /**
      * Get the rate limiting throttle key for the request.
-     *
-     * @return string
      */
-    public function throttleKey()
+    public function throttleKey(): string
     {
         return Str::lower($this->input('username')).'|'.$this->ip();
     }

diff --git a/app/Listeners/Saml2UserSignedIn.php b/app/Listeners/Saml2UserSignedIn.php
@@ -3,6 +3,7 @@
 namespace App\Listeners;
 
 use App\Models\User;
+use App\Providers\RouteServiceProvider;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
@@ -58,6 +59,10 @@ public function handle(SignedIn $event): RedirectResponse
         Auth::login($user);
         session()->put('locale', $lang);
 
-        return to_route('home');
+        if (session()->has('url.intended')) {
+            return redirect()->intended(session('url.intended'));
+        } else {
+            return redirect()->intended(RouteServiceProvider::HOME);
+        }
     }
 }