Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 937a0206a5 | |||
| 3598a32ecf | |||
| ac8b303e2c | |||
| e93abd2ab7 | |||
| 20ab381076 | |||
| e566e40404 | |||
| b0a935b8b3 | |||
| 0dfb68dba2 | |||
| 24303052ad | |||
| 178bc31a6e | |||
| 98e557a840 | |||
| 95bf7c239e | |||
| 4d2595dd39 | |||
| 4e81a41210 |
@@ -21,9 +21,6 @@ RECAPTCHA_PRIVATE_KEY=
|
||||
RECAPTCHA_VERIFY_URL="https://www.google.com/recaptcha/api/siteverify"
|
||||
# WARNING: Your contact form will be useless if you change this value. Only change this URL if Google updates it.
|
||||
|
||||
IPGEO_API_KEY=""
|
||||
IPGEO_API_URL=""
|
||||
|
||||
MOJANG_STATUS_URL="https://status.mojang.com/check"
|
||||
MOJANG_API_URL="https://api.mojang.com"
|
||||
|
||||
@@ -32,7 +29,7 @@ IPGEO_API_URL="https://api.ipgeolocation.io/ipgeo"
|
||||
|
||||
ARCANEDEV_LOGVIEWER_MIDDLEWARE=web,auth,can:admin.maintenance.logs.view
|
||||
|
||||
RELEASE=staffmanagement@0.2.0
|
||||
RELEASE=staffmanagement@0.6.1
|
||||
|
||||
SLACK_INTEGRATION_WEBHOOK=
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ class Ban extends Model
|
||||
{
|
||||
|
||||
public $fillable = [
|
||||
|
||||
|
||||
'userID',
|
||||
'reason',
|
||||
'bannedUntil',
|
||||
@@ -16,7 +16,11 @@ class Ban extends Model
|
||||
'authorUserID'
|
||||
|
||||
];
|
||||
|
||||
|
||||
public $dates = [
|
||||
'bannedUntil'
|
||||
];
|
||||
|
||||
public function user()
|
||||
{
|
||||
return $this->belongsTo('App\User', 'userID', 'id');
|
||||
|
||||
@@ -99,12 +99,16 @@ class Install extends Command
|
||||
$settings['MAIL_PASSWORD'] = $this->secret('SMTP Password (Input won\'t be seen)');
|
||||
$settings['MAIL_PORT'] = $this->ask('SMTP Server Port');
|
||||
$settings['MAIL_HOST'] = $this->ask('SMTP Server Hostname');
|
||||
$settings['MAIL_FROM'] = $this->ask('E-mail address to send from: ');
|
||||
|
||||
$this->info('== Notification Settings (5/6) (Slack) ==');
|
||||
$settings['SLACK_INTEGRATION_WEBHOOK'] = $this->ask('Integration webhook URL');
|
||||
|
||||
$this->info('== Web Settings (6/6) ==');
|
||||
$settings['APP_URL'] = $this->ask('Application\'s URL');
|
||||
$settings['APP_URL'] = $this->ask('Application\'s URL (ex. https://where.you.installed.theapp.com): ');
|
||||
$settings['APP_LOGO'] = $this->ask('App logo (Link to an image): ');
|
||||
$settings['APP_SITEHOMEPAGE'] = $this->ask('Site homepage (appears in the main header): ');
|
||||
|
||||
|
||||
} while(!$this->confirm('Are you sure you want to save these settings? You can always go back and try again.'));
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ class BanController extends Controller
|
||||
public function insert(BanUserRequest $request, User $user)
|
||||
{
|
||||
|
||||
$this->authorize('create', Ban::class);
|
||||
$this->authorize('create', [Ban::class, $user]);
|
||||
|
||||
if (is_null($user->bans))
|
||||
{
|
||||
@@ -50,13 +50,13 @@ class BanController extends Controller
|
||||
else
|
||||
{
|
||||
// Essentially permanent
|
||||
$expiryDate->addYears(100);
|
||||
$expiryDate->addYears(5);
|
||||
}
|
||||
|
||||
$ban = Ban::create([
|
||||
'userID' => $user->id,
|
||||
'reason' => $reason,
|
||||
'bannedUntil' => $expiryDate->toDateTimeString() ?? null,
|
||||
'bannedUntil' => $expiryDate->format('Y-m-d H:i:s'),
|
||||
'userAgent' => "Unknown",
|
||||
'authorUserID' => Auth::user()->id
|
||||
]);
|
||||
|
||||
@@ -27,7 +27,7 @@ class BanUserRequest extends FormRequest
|
||||
{
|
||||
return [
|
||||
'reason' => 'required|string',
|
||||
'durationOperand' => 'nullable|integer',
|
||||
'durationOperand' => 'nullable|string',
|
||||
'durationOperator' => 'nullable|string'
|
||||
];
|
||||
}
|
||||
|
||||
45
app/Listeners/LogAuthenticationFailure.php
Normal file
45
app/Listeners/LogAuthenticationFailure.php
Normal file
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
namespace App\Listeners;
|
||||
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
use Illuminate\Queue\InteractsWithQueue;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class LogAuthenticationFailure
|
||||
{
|
||||
/**
|
||||
* Create the event listener.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle the event.
|
||||
*
|
||||
* @param object $event
|
||||
* @return void
|
||||
*/
|
||||
public function handle($event)
|
||||
{
|
||||
$targetAccountID = 0;
|
||||
$originalIP = "0.0.0.0";
|
||||
|
||||
if (isset($event->user->id))
|
||||
{
|
||||
$targetAccountID = $event->user->id;
|
||||
}
|
||||
|
||||
Log::alert('SECURITY (login): Detected failed authentication attempt!', [
|
||||
'targetAccountID' => $targetAccountID,
|
||||
'existingAccount' => ($targetAccountID == 0) ? false : true,
|
||||
'sourceIP' => request()->ip(),
|
||||
'matchesAccountLastIP' => request()->ip() == $originalIP,
|
||||
'sourceUserAgent' => request()->userAgent(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
36
app/Listeners/LogAuthenticationSuccess.php
Normal file
36
app/Listeners/LogAuthenticationSuccess.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
namespace App\Listeners;
|
||||
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
use Illuminate\Queue\InteractsWithQueue;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class LogAuthenticationSuccess
|
||||
{
|
||||
/**
|
||||
* Create the event listener.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle the event.
|
||||
*
|
||||
* @param object $event
|
||||
* @return void
|
||||
*/
|
||||
public function handle($event)
|
||||
{
|
||||
Log::info('SECURITY (postauth-pre2fa): Detected successful login attempt', [
|
||||
'accountID' => $event->user->id,
|
||||
'sourceIP' => request()->ip(),
|
||||
'matchesAccountLastIP' => request()->ip() == $event->user->originalIP,
|
||||
'sourceUserAgent' => request()->userAgent(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -38,18 +38,19 @@ class BanPolicy
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*
|
||||
* @param \App\User $user
|
||||
* @param \App\User $user
|
||||
* @param User $targetUser
|
||||
* @return mixed
|
||||
*/
|
||||
public function create(User $user)
|
||||
public function create(User $user, User $targetUser)
|
||||
{
|
||||
Log::debug("Authorization check started", [
|
||||
'requiredRoles' => 'admin',
|
||||
'currentRoles' => $user->roles(),
|
||||
'hasRequiredRole' => $user->hasRole('admin'),
|
||||
'targetUser' => $targetUser->username,
|
||||
'isCurrentUser' => Auth::user()->is($user)
|
||||
]);
|
||||
return $user->hasRole('admin') && Auth::user()->isNot($user);
|
||||
return $user->hasRole('admin') && $user->isNot($targetUser);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,7 +2,11 @@
|
||||
|
||||
namespace App\Providers;
|
||||
|
||||
use App\Listeners\LogAuthenticationFailure;
|
||||
use App\Listeners\LogAuthenticationSuccess;
|
||||
use App\Listeners\OnUserRegistration;
|
||||
use Illuminate\Auth\Events\Failed;
|
||||
use Illuminate\Auth\Events\Login;
|
||||
use Illuminate\Auth\Events\Registered;
|
||||
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
|
||||
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
|
||||
@@ -20,6 +24,12 @@ class EventServiceProvider extends ServiceProvider
|
||||
SendEmailVerificationNotification::class,
|
||||
OnUserRegistration::class
|
||||
],
|
||||
Failed::class => [
|
||||
LogAuthenticationFailure::class
|
||||
],
|
||||
Login::class => [
|
||||
LogAuthenticationSuccess::class
|
||||
],
|
||||
'App\Events\ApplicationApprovedEvent' => [
|
||||
'App\Listeners\PromoteUser'
|
||||
],
|
||||
|
||||
Reference in New Issue
Block a user