mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-19 10:46:06 +02:00
Code Issues Releases Wiki Activity

Remove sudo mode and add password confirmation when changing email address

Browse Source 
closes #674
This commit is contained in:
Toby Zerner
2016-03-11 12:44:18 +10:30
parent dc757fae5f
commit e37c7a9b06
19 changed files with 80 additions and 477 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/Admin/Middleware/RequireAdministrateAbility.php
View File

@@ -10,63 +10,21 @@
namespace Flarum\Admin\Middleware;
use Exception;
use Flarum\Core\Access\AssertPermissionTrait;
use Flarum\Forum\Controller\LogInController;
use Illuminate\Contracts\View\Factory;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Zend\Diactoros\Response\HtmlResponse;
use Zend\Stratigility\MiddlewareInterface;
class RequireAdministrateAbility implements MiddlewareInterface
{
use AssertPermissionTrait;
/**
* @var LogInController
*/
private $logInController;
/**
* @var Factory
*/
private $view;
/**
* @param LogInController $logInController
* @param Factory $view
*/
public function __construct(LogInController $logInController, Factory $view)
{
$this->logInController = $logInController;
$this->view = $view;
}
/**
* {@inheritdoc}
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
try {
$this->assertAdminAndSudo($request);
} catch (Exception $e) {
if ($request->getMethod() === 'POST') {
$response = $this->logInController->handle($request);
if ($response->getStatusCode() === 200) {
return $response
->withStatus(302)
->withHeader('location', app('Flarum\Admin\UrlGenerator')->toRoute('index'));
}
}
return new HtmlResponse(
$this->view->make('flarum.admin::login')
->with('token', $request->getAttribute('session')->get('csrf_token'))
->render()
);
}
$this->assertAdmin($request->getAttribute('actor'));
return $out ? $out($request, $response) : $response;
}