DangerZone.php 1.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
  1. <?php
  2. namespace App\Http\Middleware;
  3. use Auth;
  4. use Carbon\Carbon;
  5. use Closure;
  6. class DangerZone
  7. {
  8. /**
  9. * Handle an incoming request.
  10. *
  11. * @param \Illuminate\Http\Request $request
  12. * @param \Closure $next
  13. * @return mixed
  14. */
  15. public function handle($request, Closure $next)
  16. {
  17. if (config('remote-auth.oidc.enabled')) {
  18. // Skip for OIDC/LDAP
  19. return $next($request);
  20. }
  21. if ($request->session()->get('sudoModeAttempts') > 3) {
  22. $request->session()->pull('redirectNext');
  23. $request->session()->pull('sudoModeAttempts');
  24. Auth::logout();
  25. return redirect(route('login'));
  26. }
  27. if (! Auth::check()) {
  28. return redirect(route('login'));
  29. }
  30. if (! $request->is('i/auth/sudo') && $request->session()->get('sudoTrustDevice') != 1) {
  31. if (! $request->session()->has('sudoMode')) {
  32. $request->session()->put('redirectNext', $request->url());
  33. return redirect('/i/auth/sudo');
  34. }
  35. if ($request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp) {
  36. $request->session()->put('redirectNext', $request->url());
  37. return redirect('/i/auth/sudo');
  38. }
  39. }
  40. return $next($request);
  41. }
  42. }