security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped

This commit is contained in:
root
2026-07-06 02:14:16 -04:00
parent 39228168c8
commit 90f9857b06
43 changed files with 4323 additions and 132 deletions
@@ -17,7 +17,12 @@ class TeacherPortalAuthenticate
public function handle(Request $request, Closure $next): Response
{
if (Auth::guard('web')->check()) {
Auth::setUser(Auth::guard('web')->user());
$user = Auth::guard('web')->user();
Auth::setUser($user);
if ($response = $this->denyUnavailableAccount($user)) {
return $response;
}
return $next($request);
}
@@ -30,6 +35,10 @@ class TeacherPortalAuthenticate
if ($sanctumUser) {
Auth::setUser($sanctumUser);
if ($response = $this->denyUnavailableAccount($sanctumUser)) {
return $response;
}
return $next($request);
}
@@ -40,6 +49,10 @@ class TeacherPortalAuthenticate
if ($jwtUser) {
Auth::setUser($jwtUser);
if ($response = $this->denyUnavailableAccount($jwtUser)) {
return $response;
}
return $next($request);
}
} catch (JWTException $e) {
@@ -49,4 +62,17 @@ class TeacherPortalAuthenticate
return response()->json(['message' => 'Unauthorized.'], 401);
}
private function denyUnavailableAccount(object $user): ?Response
{
$status = strtolower(trim((string) ($user->status ?? '')));
$isVerified = filter_var($user->is_verified ?? false, FILTER_VALIDATE_BOOLEAN);
$isSuspended = filter_var($user->is_suspended ?? false, FILTER_VALIDATE_BOOLEAN);
if (! $isVerified || $status !== 'active' || $isSuspended) {
return response()->json(['message' => 'Account unavailable.'], 403);
}
return null;
}
}