You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
117 lines
2.6 KiB
117 lines
2.6 KiB
2 months ago
|
<?php
|
||
|
|
|
||
|
|
use Kirby\Exception\InvalidArgumentException;
|
||
|
|
use Kirby\Exception\NotFoundException;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Authentication
|
||
|
|
*/
|
||
|
|
return [
|
||
|
|
[
|
||
|
|
'pattern' => 'auth',
|
||
|
|
'method' => 'GET',
|
||
|
|
'action' => function () {
|
||
|
|
if ($user = $this->kirby()->auth()->user()) {
|
||
|
|
return $this->resolve($user)->view('auth');
|
||
|
|
}
|
||
|
|
|
||
|
|
throw new NotFoundException('The user cannot be found');
|
||
|
|
}
|
||
|
|
],
|
||
|
|
[
|
||
|
|
'pattern' => 'auth/code',
|
||
|
|
'method' => 'POST',
|
||
|
|
'auth' => false,
|
||
|
|
'action' => function () {
|
||
|
|
$auth = $this->kirby()->auth();
|
||
|
|
|
||
|
|
// csrf token check
|
||
|
|
if ($auth->type() === 'session' && $auth->csrf() === false) {
|
||
|
|
throw new InvalidArgumentException('Invalid CSRF token');
|
||
|
|
}
|
||
|
|
|
||
|
|
$user = $auth->verifyChallenge($this->requestBody('code'));
|
||
|
|
|
||
|
|
return [
|
||
|
|
'code' => 200,
|
||
|
|
'status' => 'ok',
|
||
|
|
'user' => $this->resolve($user)->view('auth')->toArray()
|
||
|
|
];
|
||
|
|
}
|
||
|
|
],
|
||
|
|
[
|
||
|
|
'pattern' => 'auth/login',
|
||
|
|
'method' => 'POST',
|
||
|
|
'auth' => false,
|
||
|
|
'action' => function () {
|
||
|
|
$auth = $this->kirby()->auth();
|
||
|
|
$methods = $this->kirby()->system()->loginMethods();
|
||
|
|
|
||
|
|
// csrf token check
|
||
|
|
if ($auth->type() === 'session' && $auth->csrf() === false) {
|
||
|
|
throw new InvalidArgumentException('Invalid CSRF token');
|
||
|
|
}
|
||
|
|
|
||
|
|
$email = $this->requestBody('email');
|
||
|
|
$long = $this->requestBody('long');
|
||
|
|
$password = $this->requestBody('password');
|
||
|
|
|
||
|
|
if ($password) {
|
||
|
|
if (isset($methods['password']) !== true) {
|
||
|
|
throw new InvalidArgumentException('Login with password is not enabled');
|
||
|
|
}
|
||
|
|
|
||
|
|
if (
|
||
|
|
isset($methods['password']['2fa']) === true &&
|
||
|
|
$methods['password']['2fa'] === true
|
||
|
|
) {
|
||
|
|
$status = $auth->login2fa($email, $password, $long);
|
||
|
|
} else {
|
||
|
|
$user = $auth->login($email, $password, $long);
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
$mode = match (true) {
|
||
|
|
isset($methods['code']) => 'login',
|
||
|
|
isset($methods['password-reset']) => 'password-reset',
|
||
|
|
default => throw new InvalidArgumentException('Login without password is not enabled')
|
||
|
|
};
|
||
|
|
|
||
|
|
$status = $auth->createChallenge($email, $long, $mode);
|
||
|
|
}
|
||
|
|
|
||
|
|
if (isset($user)) {
|
||
|
|
return [
|
||
|
|
'code' => 200,
|
||
|
|
'status' => 'ok',
|
||
|
|
'user' => $this->resolve($user)->view('auth')->toArray()
|
||
|
|
];
|
||
|
|
}
|
||
|
|
|
||
|
|
return [
|
||
|
|
'code' => 200,
|
||
|
|
'status' => 'ok',
|
||
|
|
'challenge' => $status->challenge()
|
||
|
|
];
|
||
|
|
}
|
||
|
|
],
|
||
|
|
[
|
||
|
|
'pattern' => 'auth/logout',
|
||
|
|
'method' => 'POST',
|
||
|
|
'auth' => false,
|
||
|
|
'action' => function () {
|
||
|
|
$this->kirby()->auth()->logout();
|
||
|
|
return true;
|
||
|
|
}
|
||
|
|
],
|
||
|
|
[
|
||
|
|
'pattern' => 'auth/ping',
|
||
|
|
'method' => 'POST',
|
||
|
|
'auth' => false,
|
||
|
|
'action' => function () {
|
||
|
|
// refresh the session timeout
|
||
|
|
$this->kirby()->session();
|
||
|
|
return true;
|
||
|
|
}
|
||
|
|
],
|
||
|
|
];
|