Merge branch 'release/3.2.2'

Author: adrenth

.github/workflows/php.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: [ 8.0 ]
+        php: [ 8.0, 8.1, 8.2 ]
         stability: [ prefer-lowest, prefer-stable ]
 
     name: PHP ${{ matrix.php }} - ${{ matrix.stability }}

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.2] - 2023-03-03
+
+- Fix Basic Authentication Middleware registration.
+
 ## [3.2.1] - 2022-11-28
 
 - Minor changes to plugin documentation.

Plugin.php

@@ -5,8 +5,7 @@
 namespace Vdlp\BasicAuthentication;
 
 use Backend\Helpers\Backend as BackendHelper;
-use Illuminate\Routing\Router;
-use October\Rain\Foundation\Application;
+use Illuminate\Contracts\Http\Kernel;
 use System\Classes\PluginBase;
 use Vdlp\BasicAuthentication\Console\CreateCredentialsCommand;
 use Vdlp\BasicAuthentication\Http\Middleware\BasicAuthenticationMiddleware;
@@ -24,29 +23,25 @@ public function pluginDetails(): array
         ];
     }
 
-    public function register(): void
-    {
-        $this->app->register(BasicAuthenticationServiceProvider::class);
-
-        $this->registerConsoleCommand(CreateCredentialsCommand::class, CreateCredentialsCommand::class);
-    }
-
     public function boot(): void
     {
-        /** @var Application $application */
-        $application = $this->app;
-
         if (
             (bool) config('basicauthentication.enabled', false) === false
-            || $application->runningInConsole()
-            || $application->runningUnitTests()
+            || $this->app->runningInConsole()
+            || $this->app->runningUnitTests()
         ) {
             return;
         }
 
-        /** @var Router $router */
-        $router = $application->make(Router::class);
-        $router->pushMiddlewareToGroup('web', BasicAuthenticationMiddleware::class);
+        $this->app[Kernel::class]
+            ->pushMiddleware(BasicAuthenticationMiddleware::class);
+    }
+
+    public function register(): void
+    {
+        $this->app->register(BasicAuthenticationServiceProvider::class);
+
+        $this->registerConsoleCommand(CreateCredentialsCommand::class, CreateCredentialsCommand::class);
     }
 
     public function registerPermissions(): array

composer.json

@@ -15,7 +15,7 @@
     "require": {
         "php": "^8.0.2",
         "composer/installers": "^1.0 || ^2.0",
-        "october/system": ">=2.0"
+        "october/rain": ">=2.0"
     },
     "repositories": [
         {

http/middleware/BasicAuthenticationMiddleware.php

@@ -6,36 +6,22 @@
 
 use Closure;
 use Illuminate\Contracts\Hashing\Hasher;
-use Illuminate\Contracts\Session\Session;
 use Illuminate\Contracts\Translation\Translator;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Support\Str;
-use InvalidArgumentException;
-use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
+use Throwable;
 use Vdlp\BasicAuthentication\Models\Credential;
 
 final class BasicAuthenticationMiddleware
 {
-    private Session $session;
-    private Translator $translator;
-    private Hasher $hasher;
-
-    public function __construct(Session $session, Translator $translator, Hasher $hasher)
-    {
-        $this->session = $session;
-        $this->translator = $translator;
-        $this->hasher = $hasher;
+    public function __construct(
+        private Translator $translator,
+        private Hasher $hasher,
+    ) {
     }
 
-    /**
-     * @return mixed
-     *
-     * @throws SuspiciousOperationException
-     * @throws InvalidArgumentException
-     */
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next): mixed
     {
         if ($this->isIpAddressWhitelisted((string) $request->ip())) {
             return $next($request);
@@ -47,7 +33,7 @@ public function handle(Request $request, Closure $next)
                 ->where('hostname', $request->getHost())
                 ->where('is_enabled', true)
                 ->firstOrFail(['hostname', 'username', 'password', 'realm', 'whitelist']);
-        } catch (ModelNotFoundException $exception) {
+        } catch (Throwable) {
             // @ignoreException
             return $next($request);
         }
@@ -59,13 +45,6 @@ public function handle(Request $request, Closure $next)
             return $next($request);
         }
 
-        $sessionKey = str_slug(str_replace('.', '_', $credential->hostname) . '_basic_authentication');
-
-        // Session is authorized.
-        if ($this->session->has($sessionKey)) {
-            return $next($request);
-        }
-
         $needsRehash = $this->hasher->needsRehash($credential->password);
 
         // Validate credentials.
@@ -80,8 +59,6 @@ public function handle(Request $request, Closure $next)
                 return $this->getUnauthorizedResponse($credential);
             }
 
-            $this->session->put($sessionKey, $request->getUser());
-
             return $next($request);
         }
 

updates/version.yaml

@@ -16,3 +16,4 @@ v3.0.2:
 v3.1.0: "Add October CMS 3.x to supported versions."
 v3.2.0: "Basic Authentication added to October CMS backend routes."
 v3.2.1: "Minor changes to plugin documentation."
+v3.2.2: "Fix Basic Authentication Middleware registration."