From 0b6ac756b27caa50e4c91b5c4d6ba3738d91cb36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Viguier?= <ildyria@users.noreply.github.com>
Date: Wed, 1 Jan 2025 20:20:23 +0100
Subject: [PATCH] Force redirection if accessing urls where being logged is
 required (#2846)

---
 app/Http/Middleware/LoginRequired.php |  7 ++++++-
 routes/web_v2.php                     | 20 ++++++++++----------
 tests/Feature_v2/PagesTest.php        | 21 +++++++++++++++------
 3 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/app/Http/Middleware/LoginRequired.php b/app/Http/Middleware/LoginRequired.php
index eff990bae1b..6bd985b6f22 100644
--- a/app/Http/Middleware/LoginRequired.php
+++ b/app/Http/Middleware/LoginRequired.php
@@ -19,6 +19,7 @@ class LoginRequired
 {
 	public const ROOT = 'root';
 	public const ALBUM = 'album';
+	public const ALWAYS = 'always';
 
 	/**
 	 * Handle an incoming request.
@@ -35,7 +36,7 @@ class LoginRequired
 	 */
 	public function handle(Request $request, \Closure $next, string $requiredStatus): mixed
 	{
-		if (in_array($requiredStatus, [self::ALBUM, self::ROOT], true) === false) {
+		if (in_array($requiredStatus, [self::ALBUM, self::ROOT, self::ALWAYS], true) === false) {
 			throw new LycheeInvalidArgumentException($requiredStatus . ' is not a valid login requirement.');
 		}
 
@@ -44,6 +45,10 @@ public function handle(Request $request, \Closure $next, string $requiredStatus)
 			return $next($request);
 		}
 
+		if ($requiredStatus === self::ALWAYS) {
+			return redirect()->route('gallery');
+		}
+
 		if (!Configs::getValueAsBool('login_required')) {
 			// Login is not required. Proceed.
 			return $next($request);
diff --git a/routes/web_v2.php b/routes/web_v2.php
index 387ee645428..bba6ab7edab 100644
--- a/routes/web_v2.php
+++ b/routes/web_v2.php
@@ -35,17 +35,17 @@
 Route::get('/search/{albumId}', [VueController::class, 'view'])->middleware(['migration:complete']);
 Route::get('/search/{albumId}/{photoId}', [VueController::class, 'view'])->middleware(['migration:complete']);
 
-Route::get('/profile', [VueController::class, 'view'])->name('profile')->middleware(['migration:complete']);
-Route::get('/users', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/sharing', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/jobs', [VueController::class, 'view'])->middleware(['migration:complete']);
+Route::get('/profile', [VueController::class, 'view'])->name('profile')->middleware(['migration:complete', 'login_required:always']);
+Route::get('/users', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/sharing', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/jobs', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
 Route::get('/diagnostics', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/statistics', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/maintenance', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/users', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/settings', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/permissions', [VueController::class, 'view'])->middleware(['migration:complete']);
-Route::get('/fixTree', [VueController::class, 'view'])->middleware(['migration:complete']);
+Route::get('/statistics', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/maintenance', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/users', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/settings', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/permissions', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
+Route::get('/fixTree', [VueController::class, 'view'])->middleware(['migration:complete', 'login_required:always']);
 
 Route::match(['get', 'post'], '/migrate', [Admin\UpdateController::class, 'migrate'])
 	->name('migrate')
diff --git a/tests/Feature_v2/PagesTest.php b/tests/Feature_v2/PagesTest.php
index 0d42ed99c30..f9ac9d0788b 100644
--- a/tests/Feature_v2/PagesTest.php
+++ b/tests/Feature_v2/PagesTest.php
@@ -20,13 +20,7 @@ public function testIndex(): void
 	{
 		collect([
 			'/',
-			'/settings',
 			'/diagnostics',
-			'/jobs',
-			'/sharing',
-			'/users',
-			'/maintenance',
-			'/profile',
 			'/gallery',
 			'/gallery/' . $this->album4->id,
 			'/gallery/' . $this->album4->id . '/' . $this->photo4->id,
@@ -44,6 +38,21 @@ public function testIndex(): void
 		});
 	}
 
+	public function testRedirect(): void
+	{
+		collect([
+			'/settings',
+			'/jobs',
+			'/sharing',
+			'/users',
+			'/maintenance',
+			'/profile',
+		])->each(function ($addr) {
+			$response = $this->get($addr);
+			$this->assertRedirect($response);
+		});
+	}
+
 	public function testVueCrash(): void
 	{
 		$response = $this->get('/gallery/1234567890');