diff --git a/README.md b/README.md index 27ab107..4d4a97b 100644 --- a/README.md +++ b/README.md @@ -267,6 +267,14 @@ Route::get('/', [ ]); ``` +If you want force logout banned user on protected routes access, use `LogsOutBannedUser` middleware instead: + +```php +protected $routeMiddleware = [ + 'logs-out-banned-user' => \Cog\Laravel\Ban\Http\Middleware\LogsOutBannedUser::class, +] +``` + ### Scheduling After you have performed the basic installation you can start using the `ban:delete-expired` command. In most cases you'll want to schedule these command so you don't have to manually run it everytime you need to delete expired bans and unban models. @@ -314,8 +322,8 @@ If you discover any security related issues, please email open@cybercog.su inste ## Contributors -| ![@antonkomarev](https://avatars.githubusercontent.com/u/1849174?s=110)
Anton Komarev | -| :---: | +| ![@antonkomarev](https://avatars.githubusercontent.com/u/1849174?s=110)
Anton Komarev | ![@badrshs](https://avatars.githubusercontent.com/u/26596347?s=110)
badr aldeen shek salim | +| :---: | :---: | [Laravel Ban contributors list](../../contributors) diff --git a/phpunit.xml.dist b/phpunit.xml.dist index bbecd95..ab4f777 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -8,7 +8,6 @@ convertWarningsToExceptions="true" processIsolation="false" stopOnFailure="false" - syntaxCheck="false" verbose="true" > diff --git a/src/Http/Middleware/ForbidBannedUser.php b/src/Http/Middleware/ForbidBannedUser.php index 8d73eea..057069c 100644 --- a/src/Http/Middleware/ForbidBannedUser.php +++ b/src/Http/Middleware/ForbidBannedUser.php @@ -12,6 +12,7 @@ namespace Cog\Laravel\Ban\Http\Middleware; use Closure; +use Cog\Contracts\Ban\Bannable as BannableContract; use Illuminate\Contracts\Auth\Guard; /** @@ -48,9 +49,7 @@ public function handle($request, Closure $next) { $user = $this->auth->user(); - if ($user && $user->isBanned()) { - $this->auth->logout(); - + if ($user && $user instanceof BannableContract && $user->isBanned()) { return redirect()->back()->withInput()->withErrors([ 'login' => 'This account is blocked.', ]); diff --git a/src/Http/Middleware/LogsOutBannedUser.php b/src/Http/Middleware/LogsOutBannedUser.php new file mode 100644 index 0000000..c8d8403 --- /dev/null +++ b/src/Http/Middleware/LogsOutBannedUser.php @@ -0,0 +1,66 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Cog\Laravel\Ban\Http\Middleware; + +use Closure; +use Cog\Contracts\Ban\Bannable as BannableContract; +use Illuminate\Contracts\Auth\Guard; +use Illuminate\Contracts\Auth\StatefulGuard as StatefulGuardContract; + +/** + * Class LogsOutBannedUser. + * + * @package Cog\Laravel\Ban\Http\Middleware + */ +class LogsOutBannedUser +{ + /** + * The Guard implementation. + * + * @var \Illuminate\Contracts\Auth\Guard + */ + protected $auth; + + /** + * @param \Illuminate\Contracts\Auth\Guard $auth + */ + public function __construct(Guard $auth) + { + $this->auth = $auth; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @return mixed + * @throws \Exception + */ + public function handle($request, Closure $next) + { + $user = $this->auth->user(); + + if ($user && $user instanceof BannableContract && $user->isBanned()) { + if ($this->auth instanceof StatefulGuardContract) { + // TODO: Cover with tests + $this->auth->logout(); + } + + return redirect()->back()->withInput()->withErrors([ + 'login' => 'This account is blocked.', + ]); + } + + return $next($request); + } +}