Allow hiding IP addresses

This commit introduces a new feature where users can disable the collection and display of IP addresses. It's hardcoded in the .env config file for security reasons, and demo mode ignores this setting, because it already hides IPs by default.
2021-10-23 07:26:47 +01:00
parent fd6dab0c2b
commit ab037a3474
13 changed files with 91 additions and 34 deletions
--- a/app/Http/Controllers/ApplicationController.php
+++ b/app/Http/Controllers/ApplicationController.php
@@ -26,6 +26,7 @@ use App\Exceptions\ApplicationNotFoundException;
 use App\Exceptions\IncompleteApplicationException;
 use App\Exceptions\UnavailableApplicationException;
 use App\Exceptions\VacancyNotFoundException;
+use App\Facades\IP;
 use App\Services\ApplicationService;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -26,6 +26,7 @@ use App\User;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Log;
+use App\Facades\IP;

 class LoginController extends Controller
 {
@@ -81,7 +82,7 @@ class LoginController extends Controller

    public function authenticated(Request $request, User $user)
    {
-        if (!config('demo.is_enabled')) {
+        if (IP::shouldCollect()) {
            if ($user->originalIP !== $request->ip())
            {
                Log::alert('User IP address changed from last login. Updating.', [
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -124,7 +124,7 @@ class RegisterController extends Controller
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => Hash::make($data['password']),
-            'originalIP' => config('demo.is_enabled') ? '0.0.0.0' : request()->ip(),
+            'originalIP' => IP::shouldCollect() ? '0.0.0.0' : request()->ip(),
        ]);

        $user->assignRole('user');
--- a/app/Http/Middleware/ForceLogoutMiddleware.php
+++ b/app/Http/Middleware/ForceLogoutMiddleware.php
@@ -38,7 +38,7 @@ class ForceLogoutMiddleware
        if (Auth::user()->isBanned()) {
            Auth::logout();

-            $request->session()->flash('error', 'Error: Your session has been forcefully terminated. Please try again in a few days.');
+            $request->session()->flash('error', __('Your account is suspended. You will not be able to login or register until the suspension is lifted.'));

            return redirect('/');
        }
--- a/app/Http/Middleware/IPHistoryMiddleware.php
+++ b/app/Http/Middleware/IPHistoryMiddleware.php
@@ -1,21 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-
-class IPHistoryMiddleware
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  \Closure  $next
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        return $next($request);
-    }
-}