Block disabled user session auth

Do not allow users that are disabled to be logged in via cookie. Allow all auth methods to disable users
librenms · Oct 17, 2022 · ce8e5f3 · ce8e5f3
1 parent 3e3752e
commit ce8e5f3
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 5 deletions.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -36,6 +36,7 @@ class Kernel extends HttpKernel
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\Session\Middleware\AuthenticateSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \App\Http\Middleware\VerifyUserEnabled::class,
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],

diff --git a/app/Http/Middleware/VerifyUserEnabled.php b/app/Http/Middleware/VerifyUserEnabled.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class VerifyUserEnabled
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
+     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if (Auth::check() && ! Auth::user()->enabled) {
+            Auth::logout();
+            $request->session()->invalidate();
+            $request->session()->regenerateToken();
+
+            return redirect()->route('login')->withErrors(['msg' => __('auth.disabled')]);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/resources/lang/en/auth.php b/resources/lang/en/auth.php
@@ -16,5 +16,5 @@
     'title' => 'Auth',
     'failed' => 'These credentials do not match our records.',
     'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',
-
+    'disabled' => 'Your Account is disabled, please contact Admin.',
 ];
diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php
@@ -7,5 +7,8 @@
             @include('auth.login-form')
         </div>
     </div>
+    @if($errors->any())
+        <script>toastr.error('{{ $errors->first() }}')</script>
+    @endif
 </div>
 @endsection
diff --git a/resources/views/user/form.blade.php b/resources/views/user/form.blade.php
@@ -6,15 +6,13 @@
     </div>
 </div>
 
-@if(\LibreNMS\Config::get('auth_mechanism') == 'mysql')
 <div class="form-group @if($errors->has('enabled')) has-error @endif">
     <label for="enabled" class="control-label col-sm-3">{{ __('Enabled') }}</label>
     <div class="col-sm-9">
-        <input type="hidden" value="@if(Auth::id() == $user->user_id) 1 else 0 @endif" name="enabled">
-        <input type="checkbox" id="enabled" name="enabled" data-size="small" @if(old('enabled', $user->enabled)) checked @endif @if(Auth::id() == $user->user_id) disabled @endif>
+        <input type="hidden" value="@if(Auth::id() == $user->user_id) 1 @else 0 @endif" name="enabled">
+        <input type="checkbox" id="enabled" name="enabled" data-size="small" @if(old('enabled', $user->enabled ?? true)) checked @endif @if(Auth::id() == $user->user_id) disabled @endif>
     </div>
 </div>
-@endif
 
 <div class="form-group @if($errors->has('email')) has-error @endif">
     <label for="email" class="control-label col-sm-3">{{ __('Email') }}</label>