From b5ede965fe44a74d8c93c90d11989526aa0fe838 Mon Sep 17 00:00:00 2001
From: Sebastian <seba4928@edu.sde.dk>
Date: Mon, 29 Jun 2020 14:28:09 +0200
Subject: [PATCH] Began working on security.

---
 .../Controllers/ExternalLinkController.php    |  9 ++++++
 .../app/Http/Controllers/UserController.php   | 31 ++++++++++---------
 skolehjem/app/Http/Kernel.php                 |  2 ++
 skolehjem/app/Http/Middleware/CheckAuth.php   | 31 +++++++++++++++++++
 skolehjem/database/seeds/DatabaseSeeder.php   |  1 +
 skolehjem/database/seeds/PermissionSeeder.php |  4 +--
 skolehjem/database/seeds/UserSeeder.php       | 28 +++++++++++++++++
 7 files changed, 89 insertions(+), 17 deletions(-)
 create mode 100644 skolehjem/app/Http/Middleware/CheckAuth.php
 create mode 100644 skolehjem/database/seeds/UserSeeder.php

diff --git a/skolehjem/app/Http/Controllers/ExternalLinkController.php b/skolehjem/app/Http/Controllers/ExternalLinkController.php
index 2a6eafa..8f99398 100644
--- a/skolehjem/app/Http/Controllers/ExternalLinkController.php
+++ b/skolehjem/app/Http/Controllers/ExternalLinkController.php
@@ -9,6 +9,15 @@ use Illuminate\Http\Response;
 
 class ExternalLinkController extends Controller
 {
+    function __construct()
+    {
+        $this->middleware("permission:link.external.list")->only("index");
+        $this->middleware("permission:link.external.create")->only(["create", "store"]);
+        $this->middleware("permission:link.external.show")->only("show");
+        $this->middleware("permission:link.external.edit")->only(["edit", "update"]);
+        $this->middleware("permission:link.external.delete")->only("destroy");
+    }
+
     /**
      * Display a listing of the resource.
      *
diff --git a/skolehjem/app/Http/Controllers/UserController.php b/skolehjem/app/Http/Controllers/UserController.php
index 5880e1d..ac5c34d 100644
--- a/skolehjem/app/Http/Controllers/UserController.php
+++ b/skolehjem/app/Http/Controllers/UserController.php
@@ -14,13 +14,14 @@ class UserController extends Controller
 {
     public function __construct()
     {
-//        $this->middleware([ "auth" ])->only("logout");
-//        $this->middleware([ "guest" ])->only("login");
-//
-//        $this->middleware([ "permission:user.list", "role:admin" ])->only("index");
-//        $this->middleware([ "permission:user.show", "role:admin" ])->only("show");
-//        $this->middleware([ "permission:user.edit", "role:admin" ])->only([ "edit", "update" ]);
-//        $this->middleware([ "permission:user.delete", "role:admin" ])->only("delete");
+        $this->middleware([ "auth" ])->only("logout");
+        $this->middleware([ "guest" ])->only("login");
+
+        $this->middleware([ "check.auth:user.list" ])->only("index");
+        $this->middleware([ "check.auth:user.show" ])->only("show");
+        $this->middleware([ "check.auth:user.create" ])->only("create");
+        $this->middleware([ "check.auth:user.edit" ])->only("edit", "update");
+        $this->middleware([ "check.auth:user.delete" ])->only("delete");
     }
 
     /**
@@ -54,7 +55,7 @@ class UserController extends Controller
      */
     public function store(Request $request)
     {
-        Log::debug("STORE FUNCTION");
+//        Log::debug("STORE FUNCTION");
 
         $data = $request->validate([
             "name_first" => "required|max:255",
@@ -65,17 +66,17 @@ class UserController extends Controller
 
         ]);
 
-        Log::debug("FINISHED VALIDATION?");
+//        Log::debug("FINISHED VALIDATION?");
 
         $user = new User($data);
 
-        Log::debug("CREATED USER [NOT PERSISTED YET]");
+//        Log::debug("CREATED USER [NOT PERSISTED YET]");
 
         $user->save();
 
-        Log::debug("SAVED USER");
+//        Log::debug("SAVED USER");
 
-        return view("users.store");
+        return Response::detect("users.store");
     }
 
     /**
@@ -182,7 +183,7 @@ class UserController extends Controller
     /*******************************************/
 
     public function showLogin() {
-        return view("admin.users.login");
+        return Response::detect("users.login");
     }
 
     public function login(Request $request) {
@@ -190,7 +191,7 @@ class UserController extends Controller
 
         if(Auth::attempt($data)) {
             //TODO: Implement home?
-            return redirect()->route("users.index");
+            return redirect()->route("root.index");
         }
 
         return redirect()->back(303);
@@ -199,6 +200,6 @@ class UserController extends Controller
     public function logout(Request $request) {
         Auth::logout();
 
-        return redirect()->to("/");
+        return redirect()->route("root.index");
     }
 }
diff --git a/skolehjem/app/Http/Kernel.php b/skolehjem/app/Http/Kernel.php
index 6a08dd6..3e1e21b 100644
--- a/skolehjem/app/Http/Kernel.php
+++ b/skolehjem/app/Http/Kernel.php
@@ -67,5 +67,7 @@ class Kernel extends HttpKernel
         'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
         'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
         'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
+
+        "check.auth" => \App\Http\Middleware\CheckAuth::class
     ];
 }
diff --git a/skolehjem/app/Http/Middleware/CheckAuth.php b/skolehjem/app/Http/Middleware/CheckAuth.php
new file mode 100644
index 0000000..2c5df81
--- /dev/null
+++ b/skolehjem/app/Http/Middleware/CheckAuth.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\User;
+use Closure;
+
+class CheckAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next, $permissions)
+    {
+        /** @var User $user */
+        $user = $request->user();
+
+        if(!isset($user))
+            return redirect()->route("users.login");
+
+        if($user->hasAnyPermission($permissions)) {
+            return $next($request);
+        }
+
+        return redirect()->route("users.login");
+    }
+}
diff --git a/skolehjem/database/seeds/DatabaseSeeder.php b/skolehjem/database/seeds/DatabaseSeeder.php
index 64479c8..624abbb 100644
--- a/skolehjem/database/seeds/DatabaseSeeder.php
+++ b/skolehjem/database/seeds/DatabaseSeeder.php
@@ -12,5 +12,6 @@ class DatabaseSeeder extends Seeder
     public function run()
     {
          $this->call(PermissionSeeder::class);
+         $this->call(UserSeeder::class);
     }
 }
diff --git a/skolehjem/database/seeds/PermissionSeeder.php b/skolehjem/database/seeds/PermissionSeeder.php
index bbd8c28..b2cd3f5 100644
--- a/skolehjem/database/seeds/PermissionSeeder.php
+++ b/skolehjem/database/seeds/PermissionSeeder.php
@@ -44,8 +44,8 @@ class PermissionSeeder extends Seeder
         ];
 
         foreach ($permissions as $key => $value) {
-            if(Permission::findByName($key))
-                continue;
+//            if(Permission::findByName($key))
+//                continue;
 
             $permission = new Permission();
 
diff --git a/skolehjem/database/seeds/UserSeeder.php b/skolehjem/database/seeds/UserSeeder.php
new file mode 100644
index 0000000..0c11ea0
--- /dev/null
+++ b/skolehjem/database/seeds/UserSeeder.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Seeder;
+
+class UserSeeder extends Seeder
+{
+    /**
+     * Run the database seeds.
+     *
+     * @return void
+     */
+    public function run()
+    {
+        $user = new \App\User();
+
+        $user->name_first = "admin";
+        $user->name_last = "admin";
+        $user->email = "admin@admin.local";
+        $user->setPasswordAttribute("1234");
+        $user->phone = 12345678;
+
+        foreach (\Spatie\Permission\Models\Permission::all() as $permission) {
+            $user->givePermissionTo($permission);
+        }
+
+        $user->save();
+    }
+}