Improved private mode, replaces Auth.staging.
This commit is contained in:
parent
44cb3e5bac
commit
9b714d6b9b
7 changed files with 56 additions and 13 deletions
20
misuzu.php
20
misuzu.php
|
|
@ -296,10 +296,22 @@ MIG;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$misuzuBypassLockdown && $app->isStagingSite() && !$app->hasActiveSession()) {
|
$privateInfo = $app->getPrivateInfo();
|
||||||
http_response_code(401);
|
|
||||||
echo tpl_render('auth.private');
|
if (!$misuzuBypassLockdown && $privateInfo['enabled'] && !$app->hasActiveSession()) {
|
||||||
exit;
|
if ($app->hasActiveSession()) {
|
||||||
|
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $app->getUserId());
|
||||||
|
|
||||||
|
if (!perms_check($generalPerms, $privateInfo['permission'])) {
|
||||||
|
$app->stopSession(); // au revoir
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
http_response_code(401);
|
||||||
|
echo tpl_render('auth.private', [
|
||||||
|
'private_info'=> $privateInfo,
|
||||||
|
]);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
|
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ $usernameValidationErrors = [
|
||||||
];
|
];
|
||||||
|
|
||||||
$preventRegistration = $app->disableRegistration();
|
$preventRegistration = $app->disableRegistration();
|
||||||
$isStagingSite = $app->isStagingSite();
|
$preventPasswordReset = !($privateInfo['password_reset'] ?? true);
|
||||||
|
|
||||||
$authUsername = $isSubmission ? ($_POST['auth']['username'] ?? '') : ($_GET['username'] ?? '');
|
$authUsername = $isSubmission ? ($_POST['auth']['username'] ?? '') : ($_GET['username'] ?? '');
|
||||||
$authEmail = $isSubmission ? ($_POST['auth']['email'] ?? '') : ($_GET['email'] ?? '');
|
$authEmail = $isSubmission ? ($_POST['auth']['email'] ?? '') : ($_GET['email'] ?? '');
|
||||||
|
|
@ -27,7 +27,7 @@ $authVerification = $_POST['auth']['verification'] ?? '';
|
||||||
|
|
||||||
tpl_vars([
|
tpl_vars([
|
||||||
'prevent_registration' => $preventRegistration,
|
'prevent_registration' => $preventRegistration,
|
||||||
'is_staging_site' => $isStagingSite,
|
'prevent_password_reset' => $preventPasswordReset,
|
||||||
'auth_mode' => $authMode,
|
'auth_mode' => $authMode,
|
||||||
'auth_username' => $authUsername,
|
'auth_username' => $authUsername,
|
||||||
'auth_email' => $authEmail,
|
'auth_email' => $authEmail,
|
||||||
|
|
@ -61,7 +61,7 @@ switch ($authMode) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($isStagingSite) {
|
if ($preventPasswordReset) {
|
||||||
header('Location: /');
|
header('Location: /');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -153,7 +153,7 @@ switch ($authMode) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'forgot':
|
case 'forgot':
|
||||||
if ($app->hasActiveSession() || $isStagingSite) {
|
if ($app->hasActiveSession() || $preventPasswordReset) {
|
||||||
header('Location: /');
|
header('Location: /');
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
@ -287,6 +287,16 @@ MSG;
|
||||||
}
|
}
|
||||||
|
|
||||||
user_login_attempt_record(true, $userId, $ipAddress, $userAgent);
|
user_login_attempt_record(true, $userId, $ipAddress, $userAgent);
|
||||||
|
|
||||||
|
if (!empty($privateInfo['permission'])) {
|
||||||
|
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userId);
|
||||||
|
|
||||||
|
if (!perms_check($generalPerms, $privateInfo['permission'])) {
|
||||||
|
$authLoginError = 'Your credentials were correct, but your account lacks the proper permissions to use this website.';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$sessionKey = user_session_create($userId, $ipAddress, $userAgent);
|
$sessionKey = user_session_create($userId, $ipAddress, $userAgent);
|
||||||
|
|
||||||
if ($sessionKey === '') {
|
if ($sessionKey === '') {
|
||||||
|
|
@ -305,6 +315,8 @@ MSG;
|
||||||
|
|
||||||
if (!empty($authLoginError)) {
|
if (!empty($authLoginError)) {
|
||||||
tpl_var('auth_login_error', $authLoginError);
|
tpl_var('auth_login_error', $authLoginError);
|
||||||
|
} elseif (!empty($privateInfo['enabled'])) {
|
||||||
|
tpl_var('auth_register_message', $privateInfo['message'] ?? '');
|
||||||
}
|
}
|
||||||
|
|
||||||
echo tpl_render('auth.auth');
|
echo tpl_render('auth.auth');
|
||||||
|
|
|
||||||
|
|
@ -141,6 +141,12 @@ final class Application
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function stopSession(): void
|
||||||
|
{
|
||||||
|
$this->currentSessionId = 0;
|
||||||
|
$this->currentUserId = 0;
|
||||||
|
}
|
||||||
|
|
||||||
public function hasActiveSession(): bool
|
public function hasActiveSession(): bool
|
||||||
{
|
{
|
||||||
return $this->getSessionId() > 0;
|
return $this->getSessionId() > 0;
|
||||||
|
|
@ -307,13 +313,15 @@ final class Application
|
||||||
public function disableRegistration(): bool
|
public function disableRegistration(): bool
|
||||||
{
|
{
|
||||||
return $this->underLockdown()
|
return $this->underLockdown()
|
||||||
|| $this->isStagingSite()
|
|| $this->getPrivateInfo()['enabled']
|
||||||
|| boolval($this->config['Auth']['prevent_registration'] ?? false);
|
|| boolval($this->config['Auth']['prevent_registration'] ?? false);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function isStagingSite(): bool
|
public function getPrivateInfo(): array
|
||||||
{
|
{
|
||||||
return boolval($this->config['Auth']['staging'] ?? false);
|
return !empty($this->config['Private']) && boolval($this->config['Private']['enabled'])
|
||||||
|
? $this->config['Private']
|
||||||
|
: ['enabled' => false];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getLinkedData(): array
|
public function getLinkedData(): array
|
||||||
|
|
|
||||||
|
|
@ -3,3 +3,4 @@ define('MSZ_PERM_GENERAL_CAN_MANAGE', 1);
|
||||||
define('MSZ_PERM_GENERAL_VIEW_LOGS', 1 << 1);
|
define('MSZ_PERM_GENERAL_VIEW_LOGS', 1 << 1);
|
||||||
define('MSZ_PERM_GENERAL_MANAGE_EMOTICONS', 1 << 2);
|
define('MSZ_PERM_GENERAL_MANAGE_EMOTICONS', 1 << 2);
|
||||||
define('MSZ_PERM_GENERAL_MANAGE_SETTINGS', 1 << 3);
|
define('MSZ_PERM_GENERAL_MANAGE_SETTINGS', 1 << 3);
|
||||||
|
define('MSZ_PERM_GENERAL_TESTER', 1 << 4);
|
||||||
|
|
|
||||||
|
|
@ -184,6 +184,16 @@ function manage_perms_list(array $rawPerms): array
|
||||||
$rawPerms['general_perms_deny']
|
$rawPerms['general_perms_deny']
|
||||||
)
|
)
|
||||||
],
|
],
|
||||||
|
[
|
||||||
|
'section' => 'tester',
|
||||||
|
'title' => 'Can use experimental features.',
|
||||||
|
'perm' => MSZ_PERM_GENERAL_TESTER,
|
||||||
|
'value' => manage_perms_value(
|
||||||
|
MSZ_PERM_GENERAL_TESTER,
|
||||||
|
$rawPerms['general_perms_allow'],
|
||||||
|
$rawPerms['general_perms_deny']
|
||||||
|
)
|
||||||
|
],
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@
|
||||||
</form>
|
</form>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if not is_staging_site %}
|
{% if not prevent_password_reset %}
|
||||||
<form class="container container--new auth" method="post" action="">
|
<form class="container container--new auth" method="post" action="">
|
||||||
<input type="hidden" name="auth[mode]" value="forgot">
|
<input type="hidden" name="auth[mode]" value="forgot">
|
||||||
<div class="container__title">Forgot password</div>
|
<div class="container__title">Forgot password</div>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
{% block content %}
|
{% block content %}
|
||||||
{{ auth_login(
|
{{ auth_login(
|
||||||
auth_username|default(''),
|
auth_username|default(''),
|
||||||
auth_login_error|default('You must log in to access the testing site.'),
|
auth_login_error|default(private_info.message|default('')),
|
||||||
auth_login_error is not defined
|
auth_login_error is not defined
|
||||||
) }}
|
) }}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue