AJenbo / agcms / 21420560247

coverage: 52.306% (-1.4%) from 53.72%

Source File
Press 'n' to go to next uncovered line, 'b' for previous

22.22
/application/inc/Http/Middleware/Auth.php
1 
<?php
2 









3



namespace App\Http\Middleware;










4












5



use App\Contracts\Middleware;










6



use App\Exceptions\InvalidInput;










7



use App\Http\Request;










8



use App\Models\User;










9



use App\Render;










10



use App\Services\DbService;










11



use App\Services\OrmService;










12



use App\Services\RenderService;










13



use Symfony\Component\HttpFoundation\Response;










14












15



class Auth implements Middleware










16



{










17



    /**










18



     * Assert that the user is logged in.










19



     */










20



    public function handle(Request $request, callable $next): Response










21



    {










22



        $requestUrl = $request->getPathInfo();




149





23



        if (0 !== mb_strpos($requestUrl, '/admin/') || '/admin/users/new/' === $requestUrl) {




149





24



            return $next($request);




96





25



        }










26












27



        $user = $request->user();




53





28



        if ($user && $user->getAccessLevel()) {




53





29



            return $next($request);




53





30



        }










31












32



        if (!$request->getRequestString('username') || !$request->getRequestString('password')) {




×







33



            return $this->showLoginPage($request);




×







34



        }










35












36



        $this->authenticate($request);




×







37












38



        return redirect($request->getRequestUri(), Response::HTTP_MOVED_PERMANENTLY);




×







39



    }










40












41



    /**










42



     * Render the login page.










43



     *










44



     * @throws InvalidInput If the request is an AJAX call










45



     */










46



    private function showLoginPage(Request $request): Response










47



    {










48



        sleep(1); // Prevent brute force




×







49












50



        if ($request->isXmlHttpRequest()) {




×







51



            throw new InvalidInput(




×







52



                _('Your login has expired. Please reload the page and login again.'),




×







53



                Response::HTTP_UNAUTHORIZED




×







54



            );




×







55



        }










56












57



        return new Response(app(RenderService::class)->render('admin/login'), Response::HTTP_UNAUTHORIZED);




×







58



    }










59












60



    /**










61



     * Authenticate and attach the user to a session.










62



     */










63



    private function authenticate(Request $request): void










64



    {










65



        $user = app(OrmService::class)->getOneByQuery(




×







66



            User::class,




×







67



            'SELECT * FROM `users` WHERE `name` = ' . app(DbService::class)->quote($request->getRequestString('username') ?? '')




×







68



        );




×







69



        if ($user && $user->getAccessLevel() && $user->validatePassword($request->getRequestString('password') ?? '')) {




×







70



            $request->startSession();




×







71



            $session = $request->getSession();




×







72



            $session->set('login_id', $user->getId());




×







73



            $session->set('login_hash', $user->getPasswordHash());




×







74



            $session->save();




×







75



        }










76



    }










77



}
























    

  • 

    •