Upgrade to rc5
This commit is contained in:
Bastian Allgeier
@@ -19,7 +19,7 @@ return [
|
||||
}
|
||||
],
|
||||
[
|
||||
'pattern' => 'auth/login',
|
||||
'pattern' => 'auth/code',
|
||||
'method' => 'POST',
|
||||
'auth' => false,
|
||||
'action' => function () {
|
||||
@@ -30,11 +30,7 @@ return [
|
||||
throw new InvalidArgumentException('Invalid CSRF token');
|
||||
}
|
||||
|
||||
$email = $this->requestBody('email');
|
||||
$long = $this->requestBody('long');
|
||||
$password = $this->requestBody('password');
|
||||
|
||||
$user = $this->kirby()->auth()->login($email, $password, $long);
|
||||
$user = $auth->verifyChallenge($this->requestBody('code'));
|
||||
|
||||
return [
|
||||
'code' => 200,
|
||||
@@ -43,6 +39,65 @@ return [
|
||||
];
|
||||
}
|
||||
],
|
||||
[
|
||||
'pattern' => 'auth/login',
|
||||
'method' => 'POST',
|
||||
'auth' => false,
|
||||
'action' => function () {
|
||||
$auth = $this->kirby()->auth();
|
||||
$methods = $this->kirby()->system()->loginMethods();
|
||||
|
||||
// csrf token check
|
||||
if ($auth->type() === 'session' && $auth->csrf() === false) {
|
||||
throw new InvalidArgumentException('Invalid CSRF token');
|
||||
}
|
||||
|
||||
$email = $this->requestBody('email');
|
||||
$long = $this->requestBody('long');
|
||||
$password = $this->requestBody('password');
|
||||
|
||||
if ($password) {
|
||||
if (isset($methods['password']) !== true) {
|
||||
throw new InvalidArgumentException('Login with password is not enabled');
|
||||
}
|
||||
|
||||
if (
|
||||
isset($methods['password']['2fa']) === true &&
|
||||
$methods['password']['2fa'] === true
|
||||
) {
|
||||
$challenge = $auth->login2fa($email, $password, $long);
|
||||
} else {
|
||||
$user = $auth->login($email, $password, $long);
|
||||
}
|
||||
} else {
|
||||
if (isset($methods['code']) === true) {
|
||||
$mode = 'login';
|
||||
} elseif (isset($methods['password-reset']) === true) {
|
||||
$mode = 'password-reset';
|
||||
} else {
|
||||
throw new InvalidArgumentException('Login without password is not enabled');
|
||||
}
|
||||
|
||||
$challenge = $auth->createChallenge($email, $long, $mode);
|
||||
}
|
||||
|
||||
if (isset($user)) {
|
||||
return [
|
||||
'code' => 200,
|
||||
'status' => 'ok',
|
||||
'user' => $this->resolve($user)->view('auth')->toArray()
|
||||
];
|
||||
} else {
|
||||
return [
|
||||
'code' => 200,
|
||||
'status' => 'ok',
|
||||
|
||||
// don't leak users that don't exist at this point
|
||||
'challenge' => $challenge ?? 'email'
|
||||
];
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
'pattern' => 'auth/logout',
|
||||
'method' => 'POST',
|
||||
|
||||
@@ -27,7 +27,7 @@ return [
|
||||
'pattern' => '(:all)/files',
|
||||
'method' => 'GET',
|
||||
'action' => function (string $path) {
|
||||
return $this->parent($path)->files()->sortBy('sort', 'asc', 'filename', 'asc');
|
||||
return $this->parent($path)->files()->sort('sort', 'asc', 'filename', 'asc');
|
||||
}
|
||||
],
|
||||
[
|
||||
@@ -110,7 +110,7 @@ return [
|
||||
$files = $this
|
||||
->site()
|
||||
->index(true)
|
||||
->filterBy('isReadable', true)
|
||||
->filter('isReadable', true)
|
||||
->files();
|
||||
|
||||
if ($this->requestMethod() === 'GET') {
|
||||
|
||||
@@ -78,7 +78,7 @@ return [
|
||||
$pages = $this
|
||||
->site()
|
||||
->index(true)
|
||||
->filterBy('isReadable', true);
|
||||
->filter('isReadable', true);
|
||||
|
||||
if ($this->requestMethod() === 'GET') {
|
||||
return $pages->search($this->requestQuery('q'));
|
||||
|
||||
@@ -11,7 +11,7 @@ return [
|
||||
'pattern' => 'users',
|
||||
'method' => 'GET',
|
||||
'action' => function () {
|
||||
return $this->users();
|
||||
return $this->users()->sort('username', 'asc', 'email', 'asc');
|
||||
}
|
||||
],
|
||||
[
|
||||
|
||||
Reference in New Issue
Block a user