From 4d3362b24fc17eb2492fcb3b1cecbefc027b3fa6 Mon Sep 17 00:00:00 2001 From: DaneEveritt Date: Sun, 22 May 2022 17:23:48 -0400 Subject: [PATCH] Perform a bit of code cleanup --- app/Http/Controllers/Auth/LoginController.php | 2 + app/Http/Kernel.php | 4 +- app/Http/Middleware/Authenticate.php | 26 ------------- app/Providers/RouteServiceProvider.php | 5 ++- resources/scripts/api/http.ts | 12 ------ .../Unit/Http/Middleware/AuthenticateTest.php | 39 ------------------- 6 files changed, 6 insertions(+), 82 deletions(-) delete mode 100644 app/Http/Middleware/Authenticate.php delete mode 100644 tests/Unit/Http/Middleware/AuthenticateTest.php diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 3c477c556..69734ab8b 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -86,6 +86,8 @@ class LoginController extends AbstractLoginController $this->auth->guard()->login($user, true); + $request->session()->regenerate(); + return $this->sendLoginResponse($user, $request); } } diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 622a8324d..4c9881949 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -11,7 +11,6 @@ use Pterodactyl\Http\Middleware\EncryptCookies; use Pterodactyl\Http\Middleware\Api\IsValidJson; use Pterodactyl\Http\Middleware\VerifyCsrfToken; use Pterodactyl\Http\Middleware\VerifyReCaptcha; -use Pterodactyl\Http\Middleware\AdminAuthenticate; use Illuminate\Routing\Middleware\ThrottleRequests; use Pterodactyl\Http\Middleware\LanguageMiddleware; use Illuminate\Foundation\Http\Kernel as HttpKernel; @@ -65,9 +64,9 @@ class Kernel extends HttpKernel RequireTwoFactorAuthentication::class, ], 'api' => [ - IsValidJson::class, EnsureStatefulRequests::class, 'auth:sanctum', + IsValidJson::class, RequireTwoFactorAuthentication::class, AuthenticateIPAccess::class, ], @@ -93,7 +92,6 @@ class Kernel extends HttpKernel 'auth' => Authenticate::class, 'auth.basic' => AuthenticateWithBasicAuth::class, 'guest' => RedirectIfAuthenticated::class, - 'admin' => AdminAuthenticate::class, 'csrf' => VerifyCsrfToken::class, 'throttle' => ThrottleRequests::class, 'can' => Authorize::class, diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php deleted file mode 100644 index f95180b20..000000000 --- a/app/Http/Middleware/Authenticate.php +++ /dev/null @@ -1,26 +0,0 @@ -user()) { - throw new AuthenticationException(); - } - - return $next($request); - } -} diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 428b9512a..2177eb916 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -8,6 +8,7 @@ use Illuminate\Support\Facades\Route; use Illuminate\Cache\RateLimiting\Limit; use Illuminate\Support\Facades\RateLimiter; use Pterodactyl\Http\Middleware\TrimStrings; +use Pterodactyl\Http\Middleware\AdminAuthenticate; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; class RouteServiceProvider extends ServiceProvider @@ -33,10 +34,10 @@ class RouteServiceProvider extends ServiceProvider Route::model('database', Database::class); $this->routes(function () { - Route::middleware(['web', 'csrf'])->group(function () { + Route::middleware('web')->group(function () { Route::middleware('auth')->group(base_path('routes/base.php')); Route::middleware('guest')->prefix('/auth')->group(base_path('routes/auth.php')); - Route::middleware(['auth', 'admin'])->prefix('/admin')->group(base_path('routes/admin.php')); + Route::middleware(['auth', AdminAuthenticate::class])->prefix('/admin')->group(base_path('routes/admin.php')); }); Route::middleware('api')->group(function () { diff --git a/resources/scripts/api/http.ts b/resources/scripts/api/http.ts index cf1514274..78aa393ee 100644 --- a/resources/scripts/api/http.ts +++ b/resources/scripts/api/http.ts @@ -11,18 +11,6 @@ const http: AxiosInstance = axios.create({ }, }); -http.interceptors.request.use(req => { - const cookies = document.cookie.split(';').reduce((obj, val) => { - const [ key, value ] = val.trim().split('=').map(decodeURIComponent); - - return { ...obj, [key]: value }; - }, {} as Record); - - req.headers['X-XSRF-TOKEN'] = cookies['XSRF-TOKEN'] || 'nil'; - - return req; -}); - http.interceptors.request.use(req => { if (!req.url?.endsWith('/resources')) { store.getActions().progress.startContinuous(); diff --git a/tests/Unit/Http/Middleware/AuthenticateTest.php b/tests/Unit/Http/Middleware/AuthenticateTest.php deleted file mode 100644 index 828afc122..000000000 --- a/tests/Unit/Http/Middleware/AuthenticateTest.php +++ /dev/null @@ -1,39 +0,0 @@ -request->shouldReceive('user')->withNoArgs()->once()->andReturn(true); - - $this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); - } - - /** - * Test that a logged out user results in an exception. - */ - public function testLoggedOutUser() - { - $this->expectException(AuthenticationException::class); - - $this->request->shouldReceive('user')->withNoArgs()->once()->andReturnNull(); - - $this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); - } - - /** - * Return an instance of the middleware using mocked dependencies. - */ - private function getMiddleware(): Authenticate - { - return new Authenticate(); - } -}