From 44cb3e5bac73e0c18d40bb9c62deafb4a51a38f6 Mon Sep 17 00:00:00 2001 From: flashwave Date: Fri, 28 Sep 2018 00:27:30 +0200 Subject: [PATCH] Prevent viewing the test site without logging in. --- misuzu.php | 10 ++- public/auth.php | 15 +++- public/profile.php | 4 +- src/Application.php | 9 +- templates/auth/auth.twig | 169 +++++++++++------------------------- templates/auth/macros.twig | 71 +++++++++++++++ templates/auth/private.twig | 10 +++ 7 files changed, 166 insertions(+), 122 deletions(-) create mode 100644 templates/auth/macros.twig create mode 100644 templates/auth/private.twig diff --git a/misuzu.php b/misuzu.php index a11fe6bf..2851bf3e 100644 --- a/misuzu.php +++ b/misuzu.php @@ -267,7 +267,9 @@ MIG; tpl_add_path(__DIR__ . '/templates'); - if ($app->underLockdown()) { + $misuzuBypassLockdown = !empty($misuzuBypassLockdown); + + if (!$misuzuBypassLockdown && $app->underLockdown()) { http_response_code(503); echo tpl_render('auth.lockdown'); exit; @@ -294,6 +296,12 @@ MIG; } } + if (!$misuzuBypassLockdown && $app->isStagingSite() && !$app->hasActiveSession()) { + http_response_code(401); + echo tpl_render('auth.private'); + exit; + } + $inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage'); $hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_GENERAL, $app->getUserId()), MSZ_PERM_GENERAL_CAN_MANAGE); tpl_var('has_manage_access', $hasManageAccess); diff --git a/public/auth.php b/public/auth.php index eae17e5c..0b874be5 100644 --- a/public/auth.php +++ b/public/auth.php @@ -3,6 +3,10 @@ use Carbon\Carbon; use Misuzu\Application; use Misuzu\Database; +$isSubmission = !empty($_POST['auth']) && is_array($_POST['auth']); +$authMode = $isSubmission ? ($_POST['auth']['mode'] ?? '') : ($_GET['m'] ?? 'login'); +$misuzuBypassLockdown = $authMode === 'login' || $authMode === 'get_user'; + require_once __DIR__ . '/../misuzu.php'; $usernameValidationErrors = [ @@ -14,9 +18,8 @@ $usernameValidationErrors = [ ]; $preventRegistration = $app->disableRegistration(); +$isStagingSite = $app->isStagingSite(); -$isSubmission = !empty($_POST['auth']) && is_array($_POST['auth']); -$authMode = $isSubmission ? ($_POST['auth']['mode'] ?? '') : ($_GET['m'] ?? 'login'); $authUsername = $isSubmission ? ($_POST['auth']['username'] ?? '') : ($_GET['username'] ?? ''); $authEmail = $isSubmission ? ($_POST['auth']['email'] ?? '') : ($_GET['email'] ?? ''); $authPassword = $_POST['auth']['password'] ?? ''; @@ -24,6 +27,7 @@ $authVerification = $_POST['auth']['verification'] ?? ''; tpl_vars([ 'prevent_registration' => $preventRegistration, + 'is_staging_site' => $isStagingSite, 'auth_mode' => $authMode, 'auth_username' => $authUsername, 'auth_email' => $authEmail, @@ -57,6 +61,11 @@ switch ($authMode) { break; } + if ($isStagingSite) { + header('Location: /'); + return; + } + $resetUser = (int)($_POST['user'] ?? $_GET['u'] ?? 0); $getResetUser = Database::prepare(' SELECT `user_id`, `username` @@ -144,7 +153,7 @@ switch ($authMode) { break; case 'forgot': - if ($app->hasActiveSession()) { + if ($app->hasActiveSession() || $isStagingSite) { header('Location: /'); break; } diff --git a/public/profile.php b/public/profile.php index 94760b34..543cb0df 100644 --- a/public/profile.php +++ b/public/profile.php @@ -1,10 +1,12 @@ underLockdown() || boolval($this->config['Auth']['prevent_registration'] ?? false); + return $this->underLockdown() + || $this->isStagingSite() + || boolval($this->config['Auth']['prevent_registration'] ?? false); + } + + public function isStagingSite(): bool + { + return boolval($this->config['Auth']['staging'] ?? false); } public function getLinkedData(): array diff --git a/templates/auth/auth.twig b/templates/auth/auth.twig index 0ef7b09b..cfedbe53 100644 --- a/templates/auth/auth.twig +++ b/templates/auth/auth.twig @@ -1,126 +1,63 @@ {% extends 'auth/master.twig' %} +{% from 'auth/macros.twig' import auth_login %} {% block content %} -
- + {{ auth_login( + auth_username|default(''), + auth_register_message|default(auth_login_error|default('')), + auth_register_message is defined + ) }} -
-
-
+ {% if not prevent_registration %} + + +
Register
- {% if auth_register_message is defined %} -
-
- {{ auth_register_message }} + {% if auth_register_error is defined %} +
+
+ {{ auth_register_error }} +
+ {% endif %} + +
+ + + + + + +
- {% elseif auth_login_error is defined %} -
-
- {{ auth_login_error }} + + {% endif %} + + {% if not is_staging_site %} +
+ +
Forgot password
+ + {% if auth_forgot_error is defined %} +
+
+ {{ auth_forgot_error }} +
+ {% endif %} + +
+ + +
- {% endif %} - -
- - - - - -
-
- -
- -
Register
- - {% if auth_register_error is defined %} -
-
- {{ auth_register_error }} -
-
- {% endif %} - -
- - - - - - - -
-
- -
- -
Forgot password
- - {% if auth_forgot_error is defined %} -
-
- {{ auth_forgot_error }} -
-
- {% endif %} - -
- - - -
-
- - + + {% endif %} {% endblock %} diff --git a/templates/auth/macros.twig b/templates/auth/macros.twig new file mode 100644 index 00000000..ac4dfc24 --- /dev/null +++ b/templates/auth/macros.twig @@ -0,0 +1,71 @@ +{% macro auth_login(username, message, is_welcome) %} {# please only use this once per page, it has script shit rn #} + {% set is_welcome = is_welcome|default(false) %} + +
+ + +
+
+
+ + {% if message|length > 0 %} +
+
+ {{ message }} +
+
+ {% endif %} + +
+ + + + + +
+
+ + +{% endmacro %} diff --git a/templates/auth/private.twig b/templates/auth/private.twig new file mode 100644 index 00000000..82c8444e --- /dev/null +++ b/templates/auth/private.twig @@ -0,0 +1,10 @@ +{% extends 'auth/master.twig' %} +{% from 'auth/macros.twig' import auth_login %} + +{% block content %} + {{ auth_login( + auth_username|default(''), + auth_login_error|default('You must log in to access the testing site.'), + auth_login_error is not defined + ) }} +{% endblock %}