soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

super.admin login bringt nun keinen Fehler 419 mehr

Browse Source
This commit is contained in:
Codex Agent
2025-12-23 09:25:59 +01:00
parent 77fc8015e7
commit 826e2a93ce
6 changed files with 62 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/Filament/SuperAdmin/Pages/Auth/Login.php
View File

@@ -2,14 +2,13 @@
namespace App\Filament\SuperAdmin\Pages\Auth; namespace App\Filament\SuperAdmin\Pages\Auth;
use Filament\Auth\Http\Responses\Contracts\LoginResponse as LoginResponseContract;
use Filament\Auth\Pages\Login as BaseLogin;
use Filament\Facades\Filament;
use Filament\Forms\Components\Checkbox; use Filament\Forms\Components\Checkbox;
use Filament\Forms\Components\TextInput; use Filament\Forms\Components\TextInput;
use Filament\Forms\Concerns\InteractsWithForms; use Filament\Forms\Concerns\InteractsWithForms;
use Filament\Forms\Contracts\HasForms; use Filament\Forms\Contracts\HasForms;
use Filament\Auth\Pages\Login as BaseLogin;
use Filament\Auth\Http\Responses\LoginResponse;
use Filament\Auth\Http\Responses\Contracts\LoginResponse as LoginResponseContract;
use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\ValidationException; use Illuminate\Validation\ValidationException;
class Login extends BaseLogin implements HasForms class Login extends BaseLogin implements HasForms
@@ -22,16 +21,18 @@ class Login extends BaseLogin implements HasForms
$credentials = $this->getCredentialsFromFormData($data); $credentials = $this->getCredentialsFromFormData($data);
if (! Auth::attempt($credentials, $data['remember'] ?? false)) { $authGuard = Filament::auth();
if (! $authGuard->attempt($credentials, $data['remember'] ?? false)) {
throw ValidationException::withMessages([ throw ValidationException::withMessages([
'data.email' => __('auth.failed'), 'data.email' => __('auth.failed'),
]); ]);
} }
$user = Auth::user(); $user = $authGuard->user();
if (! $user->email_verified_at) { if (! $user->email_verified_at) {
Auth::logout(); $authGuard->logout();
throw ValidationException::withMessages([ throw ValidationException::withMessages([
'data.email' => 'Your email address is not verified. Please check your email for a verification link.', 'data.email' => 'Your email address is not verified. Please check your email for a verification link.',
@@ -40,7 +41,7 @@ class Login extends BaseLogin implements HasForms
// SuperAdmin-spezifisch: Prüfe auf SuperAdmin-Rolle, keine Tenant-Prüfung // SuperAdmin-spezifisch: Prüfe auf SuperAdmin-Rolle, keine Tenant-Prüfung
if ($user->role !== 'super_admin') { if ($user->role !== 'super_admin') {
Auth::logout(); $authGuard->logout();
throw ValidationException::withMessages([ throw ValidationException::withMessages([
'data.email' => 'You do not have access to the SuperAdmin panel. Contact support.', 'data.email' => 'You do not have access to the SuperAdmin panel. Contact support.',
@@ -82,4 +83,4 @@ class Login extends BaseLogin implements HasForms
->label('Remember me'), ->label('Remember me'),
]; ];
} }
} }

1
app/Http/Kernel.php
View File

@@ -30,6 +30,7 @@ class Kernel extends HttpKernel
*/ */
protected $middlewareGroups = [ protected $middlewareGroups = [
'web' => [ 'web' => [
\App\Http\Middleware\UseSuperAdminSession::class,
\App\Http\Middleware\EncryptCookies::class, \App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class, \Illuminate\Session\Middleware\StartSession::class,

21
app/Http/Middleware/UseSuperAdminSession.php
View File

@@ -4,6 +4,7 @@ namespace App\Http\Middleware;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
class UseSuperAdminSession class UseSuperAdminSession
@@ -15,8 +16,26 @@ class UseSuperAdminSession
*/ */
public function handle(Request $request, Closure $next): Response public function handle(Request $request, Closure $next): Response
{ {
config(['session.cookie' => 'super_admin_session']); if ($this->shouldUseSuperAdminSession($request)) {
config(['session.cookie' => 'super_admin_session']);
}
return $next($request); return $next($request);
} }
protected function shouldUseSuperAdminSession(Request $request): bool
{
if (Str::startsWith($request->path(), 'super-admin')) {
return true;
}
$referer = $request->headers->get('referer');
if (! $referer) {
return false;
}
$refererPath = parse_url($referer, PHP_URL_PATH);
return is_string($refererPath) && Str::startsWith(ltrim($refererPath, '/'), 'super-admin');
}
} }

2
app/Providers/Filament/SuperAdminPanelProvider.php
View File

@@ -11,7 +11,6 @@ use App\Filament\Widgets\PlatformStatsWidget;
use App\Filament\Widgets\RevenueTrendWidget; use App\Filament\Widgets\RevenueTrendWidget;
use App\Filament\Widgets\TopTenantsByRevenue; use App\Filament\Widgets\TopTenantsByRevenue;
use App\Filament\Widgets\TopTenantsByUploads; use App\Filament\Widgets\TopTenantsByUploads;
use App\Http\Middleware\UseSuperAdminSession;
use Boquizo\FilamentLogViewer\FilamentLogViewerPlugin; use Boquizo\FilamentLogViewer\FilamentLogViewerPlugin;
use Filament\Http\Middleware\Authenticate; use Filament\Http\Middleware\Authenticate;
use Filament\Http\Middleware\DisableBladeIconComponents; use Filament\Http\Middleware\DisableBladeIconComponents;
@@ -73,7 +72,6 @@ class SuperAdminPanelProvider extends PanelProvider
]) ])
->middleware([ ->middleware([
EncryptCookies::class, EncryptCookies::class,
UseSuperAdminSession::class,
AddQueuedCookiesToResponse::class, AddQueuedCookiesToResponse::class,
StartSession::class, StartSession::class,
AuthenticateSession::class, AuthenticateSession::class,

1
routes/web.php
View File

@@ -377,5 +377,6 @@ Route::middleware('auth')->group(function () {
}); });
Route::post('/paddle/webhook', [PaddleWebhookController::class, 'handle']) Route::post('/paddle/webhook', [PaddleWebhookController::class, 'handle'])
->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class])
->middleware('throttle:paddle-webhook') ->middleware('throttle:paddle-webhook')
->name('paddle.webhook'); ->name('paddle.webhook');

31
tests/Feature/SuperAdminSessionMiddlewareTest.php
View File

@@ -8,7 +8,7 @@ use Tests\TestCase;
class SuperAdminSessionMiddlewareTest extends TestCase class SuperAdminSessionMiddlewareTest extends TestCase
{ {
public function test_middleware_sets_super_admin_session_cookie(): void public function test_middleware_sets_super_admin_session_cookie_for_super_admin_routes(): void
{ {
config(['session.cookie' => 'laravel_session']); config(['session.cookie' => 'laravel_session']);
@@ -21,4 +21,33 @@ class SuperAdminSessionMiddlewareTest extends TestCase
$this->assertSame('super_admin_session', config('session.cookie')); $this->assertSame('super_admin_session', config('session.cookie'));
} }
public function test_middleware_sets_super_admin_session_cookie_for_livewire_requests_with_super_admin_referer(): void
{
config(['session.cookie' => 'laravel_session']);
$middleware = new UseSuperAdminSession;
$request = Request::create('/livewire/update', 'POST');
$request->headers->set('referer', 'https://fotospiel.test/super-admin/login');
$middleware->handle($request, function () {
return response('ok');
});
$this->assertSame('super_admin_session', config('session.cookie'));
}
public function test_middleware_keeps_default_session_cookie_for_regular_routes(): void
{
config(['session.cookie' => 'laravel_session']);
$middleware = new UseSuperAdminSession;
$request = Request::create('/checkout', 'GET');
$middleware->handle($request, function () {
return response('ok');
});
$this->assertSame('laravel_session', config('session.cookie'));
}
} }