Merge pull request #1833 from area17/backport-user-login-disable

[2.x] login disable fix
area17 · Sep 30, 2022 · 31b01e4 · 31b01e4
2 parents 55f2380 + dc1e934
commit 31b01e4
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/src/Http/Controllers/Admin/LoginController.php b/src/Http/Controllers/Admin/LoginController.php
@@ -276,4 +276,15 @@ public function linkProvider(Request $request)
             return $this->sendFailedLoginResponse($request);
         }
     }
+
+    /**
+     * @param Request $request
+     * @return array
+     *
+     * This method checks to make sure the user is published.
+     */
+    protected function credentials($request)
+    {
+        return array_merge($request->only($this->username(), 'password'), ['published' => 1]);
+    }
 }
diff --git a/src/Http/Middleware/Authenticate.php b/src/Http/Middleware/Authenticate.php
@@ -3,9 +3,38 @@
 namespace A17\Twill\Http\Middleware;
 
 use Illuminate\Auth\Middleware\Authenticate as Middleware;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Redirect;
+use Illuminate\Support\Facades\URL;
 
 class Authenticate extends Middleware
 {
+
+    /**
+     * @param $request
+     * @param \Closure $next
+     * @param ...$guards
+     * @return mixed
+     */
+    public function handle($request, $next, ...$guards)
+    {
+        $this->authenticate($request, $guards);
+
+        if (
+            (
+                !$request->user() ||
+                !$request->user()->published
+            ) && $request->route()->getName() !== 'admin.login.form'
+        ) {
+            Auth::logout();
+            return $request->expectsJson()
+                ? abort(403, 'Your account is not verified.')
+                : Redirect::guest(URL::route('admin.login.form'));
+        }
+
+        return $next($request);
+    }
+
     /**
      * Get the path the user should be redirected to when they are not authenticated.
      *