Improved private mode, replaces Auth.staging.
This commit is contained in:
parent
44cb3e5bac
commit
9b714d6b9b
7 changed files with 56 additions and 13 deletions
20
misuzu.php
20
misuzu.php
|
|
@ -296,10 +296,22 @@ MIG;
|
|||
}
|
||||
}
|
||||
|
||||
if (!$misuzuBypassLockdown && $app->isStagingSite() && !$app->hasActiveSession()) {
|
||||
http_response_code(401);
|
||||
echo tpl_render('auth.private');
|
||||
exit;
|
||||
$privateInfo = $app->getPrivateInfo();
|
||||
|
||||
if (!$misuzuBypassLockdown && $privateInfo['enabled'] && !$app->hasActiveSession()) {
|
||||
if ($app->hasActiveSession()) {
|
||||
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $app->getUserId());
|
||||
|
||||
if (!perms_check($generalPerms, $privateInfo['permission'])) {
|
||||
$app->stopSession(); // au revoir
|
||||
}
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo tpl_render('auth.private', [
|
||||
'private_info'=> $privateInfo,
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ $usernameValidationErrors = [
|
|||
];
|
||||
|
||||
$preventRegistration = $app->disableRegistration();
|
||||
$isStagingSite = $app->isStagingSite();
|
||||
$preventPasswordReset = !($privateInfo['password_reset'] ?? true);
|
||||
|
||||
$authUsername = $isSubmission ? ($_POST['auth']['username'] ?? '') : ($_GET['username'] ?? '');
|
||||
$authEmail = $isSubmission ? ($_POST['auth']['email'] ?? '') : ($_GET['email'] ?? '');
|
||||
|
|
@ -27,7 +27,7 @@ $authVerification = $_POST['auth']['verification'] ?? '';
|
|||
|
||||
tpl_vars([
|
||||
'prevent_registration' => $preventRegistration,
|
||||
'is_staging_site' => $isStagingSite,
|
||||
'prevent_password_reset' => $preventPasswordReset,
|
||||
'auth_mode' => $authMode,
|
||||
'auth_username' => $authUsername,
|
||||
'auth_email' => $authEmail,
|
||||
|
|
@ -61,7 +61,7 @@ switch ($authMode) {
|
|||
break;
|
||||
}
|
||||
|
||||
if ($isStagingSite) {
|
||||
if ($preventPasswordReset) {
|
||||
header('Location: /');
|
||||
return;
|
||||
}
|
||||
|
|
@ -153,7 +153,7 @@ switch ($authMode) {
|
|||
break;
|
||||
|
||||
case 'forgot':
|
||||
if ($app->hasActiveSession() || $isStagingSite) {
|
||||
if ($app->hasActiveSession() || $preventPasswordReset) {
|
||||
header('Location: /');
|
||||
break;
|
||||
}
|
||||
|
|
@ -287,6 +287,16 @@ MSG;
|
|||
}
|
||||
|
||||
user_login_attempt_record(true, $userId, $ipAddress, $userAgent);
|
||||
|
||||
if (!empty($privateInfo['permission'])) {
|
||||
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userId);
|
||||
|
||||
if (!perms_check($generalPerms, $privateInfo['permission'])) {
|
||||
$authLoginError = 'Your credentials were correct, but your account lacks the proper permissions to use this website.';
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$sessionKey = user_session_create($userId, $ipAddress, $userAgent);
|
||||
|
||||
if ($sessionKey === '') {
|
||||
|
|
@ -305,6 +315,8 @@ MSG;
|
|||
|
||||
if (!empty($authLoginError)) {
|
||||
tpl_var('auth_login_error', $authLoginError);
|
||||
} elseif (!empty($privateInfo['enabled'])) {
|
||||
tpl_var('auth_register_message', $privateInfo['message'] ?? '');
|
||||
}
|
||||
|
||||
echo tpl_render('auth.auth');
|
||||
|
|
|
|||
|
|
@ -141,6 +141,12 @@ final class Application
|
|||
}
|
||||
}
|
||||
|
||||
public function stopSession(): void
|
||||
{
|
||||
$this->currentSessionId = 0;
|
||||
$this->currentUserId = 0;
|
||||
}
|
||||
|
||||
public function hasActiveSession(): bool
|
||||
{
|
||||
return $this->getSessionId() > 0;
|
||||
|
|
@ -307,13 +313,15 @@ final class Application
|
|||
public function disableRegistration(): bool
|
||||
{
|
||||
return $this->underLockdown()
|
||||
|| $this->isStagingSite()
|
||||
|| $this->getPrivateInfo()['enabled']
|
||||
|| boolval($this->config['Auth']['prevent_registration'] ?? false);
|
||||
}
|
||||
|
||||
public function isStagingSite(): bool
|
||||
public function getPrivateInfo(): array
|
||||
{
|
||||
return boolval($this->config['Auth']['staging'] ?? false);
|
||||
return !empty($this->config['Private']) && boolval($this->config['Private']['enabled'])
|
||||
? $this->config['Private']
|
||||
: ['enabled' => false];
|
||||
}
|
||||
|
||||
public function getLinkedData(): array
|
||||
|
|
|
|||
|
|
@ -3,3 +3,4 @@ define('MSZ_PERM_GENERAL_CAN_MANAGE', 1);
|
|||
define('MSZ_PERM_GENERAL_VIEW_LOGS', 1 << 1);
|
||||
define('MSZ_PERM_GENERAL_MANAGE_EMOTICONS', 1 << 2);
|
||||
define('MSZ_PERM_GENERAL_MANAGE_SETTINGS', 1 << 3);
|
||||
define('MSZ_PERM_GENERAL_TESTER', 1 << 4);
|
||||
|
|
|
|||
|
|
@ -184,6 +184,16 @@ function manage_perms_list(array $rawPerms): array
|
|||
$rawPerms['general_perms_deny']
|
||||
)
|
||||
],
|
||||
[
|
||||
'section' => 'tester',
|
||||
'title' => 'Can use experimental features.',
|
||||
'perm' => MSZ_PERM_GENERAL_TESTER,
|
||||
'value' => manage_perms_value(
|
||||
MSZ_PERM_GENERAL_TESTER,
|
||||
$rawPerms['general_perms_allow'],
|
||||
$rawPerms['general_perms_deny']
|
||||
)
|
||||
],
|
||||
],
|
||||
],
|
||||
[
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
</form>
|
||||
{% endif %}
|
||||
|
||||
{% if not is_staging_site %}
|
||||
{% if not prevent_password_reset %}
|
||||
<form class="container container--new auth" method="post" action="">
|
||||
<input type="hidden" name="auth[mode]" value="forgot">
|
||||
<div class="container__title">Forgot password</div>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
{% block content %}
|
||||
{{ auth_login(
|
||||
auth_username|default(''),
|
||||
auth_login_error|default('You must log in to access the testing site.'),
|
||||
auth_login_error|default(private_info.message|default('')),
|
||||
auth_login_error is not defined
|
||||
) }}
|
||||
{% endblock %}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue