Fix redirection for unauthenticated uers

author Johan Cwiklinski <johan@x-tnd.be>

Sat, 11 Feb 2023 15:03:53 +0000 (16:03 +0100)

committer Johan Cwiklinski <johan@x-tnd.be>

Sat, 11 Feb 2023 15:03:53 +0000 (16:03 +0100)
author Johan Cwiklinski <johan@x-tnd.be>
Sat, 11 Feb 2023 15:03:53 +0000 (16:03 +0100)
committer Johan Cwiklinski <johan@x-tnd.be>
Sat, 11 Feb 2023 15:03:53 +0000 (16:03 +0100)
diff --git a/galette/includes/dependencies.php b/galette/includes/dependencies.php

index 423fadbb85d4f41b72d9abf27902ff0386af08d8..6ee7083894ee299e2cdbedf8e607f370d6d2ef68 100644 (file)
--- a/galette/includes/dependencies.php
+++ b/galette/includes/dependencies.php
@@ -38,6 +38,7 @@ use Psr\Http\Message\ServerRequestInterface;
  use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
  use Slim\Exception\HttpMethodNotAllowedException;
  use Slim\Exception\HttpNotFoundException;
+use Slim\Routing\RouteContext;
  use Slim\Routing\RouteParser;
  use Slim\Views\Twig;
  
@@ -503,9 +504,11 @@ $container->set(
          $exclusions = $c->get('CsrfExclusions');
          $guard->setFailureHandler(function (ServerRequestInterface $request, RequestHandler $handler) use ($exclusions) {
              $response = $handler->handle($request);
+            $routeContext = RouteContext::fromRequest($request);
+            $route = $routeContext->getRoute();
  
              foreach ($exclusions as $exclusion) {
-                if (preg_match($exclusion, $request->getAttribute('route')->getname())) {
+                if (preg_match($exclusion, $route->getname())) {
                      //route is excluded form CSRF checks
                      return $response;
                  }
diff --git a/galette/lib/Galette/Middleware/Authenticate.php b/galette/lib/Galette/Middleware/Authenticate.php

index 57356aa86b08ce47acc6b2dbbd15b367dd65035f..f6fc4825a422ee648fdd4dde7a1bb6e16e9d3e96 100644 (file)
--- a/galette/lib/Galette/Middleware/Authenticate.php
+++ b/galette/lib/Galette/Middleware/Authenticate.php
@@ -110,7 +110,7 @@ class Authenticate
       */
      public function __invoke(Request $request, RequestHandler $handler): Response
      {
-        $response = $handler->handle($request);
+        $response = new \Slim\Psr7\Response();
  
          if (!$this->login || !$this->login->isLogged()) {
              if ($request->getMethod() === 'GET') {
@@ -122,7 +122,10 @@ class Authenticate
              );
              $this->flash->addMessage('error_detected', _T("Login required"));
              return $response
-                ->withHeader('Location', $this->routeparser->urlFor('slash'));
+                ->withHeader(
+                    'Location',
+                    $this->routeparser->urlFor('slash')
+                )->withStatus(302);
          } else {
              //check for ACLs
              $routeContext = RouteContext::fromRequest($request);
@@ -189,11 +192,12 @@ class Authenticate
                      _T("You do not have permission for requested URL.")
                  );
                  return $response
-                    ->withHeader('Location', $this->routeparser->urlFor('slash'));
+                    ->withHeader('Location', $this->routeparser->urlFor('slash'))
+                    ->withStatus(302);;
              }
          }
  
-        return $response;
+        return $handler->handle($request);;
      }
  
  
diff --git a/galette/lib/Galette/Middleware/Language.php b/galette/lib/Galette/Middleware/Language.php

index 879bac2688ddfd8439855da3b5ada48df3759be5..12ba3fd50320f15187e3be47d34d7d1217f4fdb0 100644 (file)
--- a/galette/lib/Galette/Middleware/Language.php
+++ b/galette/lib/Galette/Middleware/Language.php
@@ -40,6 +40,7 @@ use Psr\Http\Message\ServerRequestInterface as Request;
  use Psr\Http\Message\ResponseInterface as Response;
  use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
  use DI\Container;
+use Slim\Routing\RouteContext;
  use Slim\Routing\RouteParser;
  
  /**
@@ -87,7 +88,8 @@ class Language
          $get = $request->getQueryParams();
  
          if (isset($get['ui_pref_lang'])) {
-            $route = $request->getAttribute('route');
+            $routeContext = RouteContext::fromRequest($request);
+            $route = $routeContext->getRoute();
  
              $route_name = $route->getName();
              $arguments = $route->getArguments();
@@ -95,13 +97,16 @@ class Language
              $this->i18n->changeLanguage($get['ui_pref_lang']);
              $this->session->i18n = $this->i18n;
  
-            return $response->withRedirect(
-                $this->routeparser->urlFor(
-                    $route_name,
-                    $arguments
-                ),
-                301
-            );
+            $response = new \Slim\Psr7\Response();
+            return $response
+                ->withHeader(
+                    'Location',
+                    $this->routeparser->urlFor(
+                        $route_name,
+                        $arguments
+                    )
+                )
+                ->withStatus(301);
          }
          return $response;
      }
author	Johan Cwiklinski <johan@x-tnd.be>
	Sat, 11 Feb 2023 15:03:53 +0000 (16:03 +0100)
committer	Johan Cwiklinski <johan@x-tnd.be>
	Sat, 11 Feb 2023 15:03:53 +0000 (16:03 +0100)
galette/includes/dependencies.php		patch \| blob \| history
galette/lib/Galette/Middleware/Authenticate.php		patch \| blob \| history
galette/lib/Galette/Middleware/Language.php		patch \| blob \| history