From 14a6195733b8debe3f2ae458220c19de3d7b4859 Mon Sep 17 00:00:00 2001
From: Isaac Machakata <isaac@caasi.co.zw>
Date: Sun, 7 Apr 2024 04:03:35 +0200
Subject: [PATCH] refactor: do not allow users to browse with an invalid
 account from session

---
 app/Config/Filters.php        |  7 +++--
 app/Filters/AccountExists.php | 53 +++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 app/Filters/AccountExists.php

diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 3f2ff5d..e3c765c 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -2,6 +2,8 @@
 
 namespace Config;
 
+use App\Filters\AccountExists;
+use App\Filters\Authenticated;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
@@ -24,7 +26,8 @@ class Filters extends BaseConfig
         'honeypot'      => Honeypot::class,
         'invalidchars'  => InvalidChars::class,
         'secureheaders' => SecureHeaders::class,
-        'auth'          => \App\Filters\Authenticated::class,
+        'auth'          => Authenticated::class,
+        'account_exists' => AccountExists::class
     ];
 
     /**
@@ -35,7 +38,7 @@ class Filters extends BaseConfig
      */
     public array $globals = [
         'before' => [
-            // 'honeypot',
+            'account_exists',
             // 'csrf',
             // 'invalidchars',
         ],
diff --git a/app/Filters/AccountExists.php b/app/Filters/AccountExists.php
new file mode 100644
index 0000000..d66cd59
--- /dev/null
+++ b/app/Filters/AccountExists.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Filters;
+
+use App\Models\Account;
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class AccountExists implements FilterInterface
+{
+    /**
+     * Do whatever processing this filter needs to do.
+     * By default it should not return anything during
+     * normal execution. However, when an abnormal state
+     * is found, it should return an instance of
+     * CodeIgniter\HTTP\Response. If it does, script
+     * execution will end and that Response will be
+     * sent back to the client, allowing for error pages,
+     * redirects, etc.
+     *
+     * @param RequestInterface $request
+     * @param array|null       $arguments
+     *
+     * @return RequestInterface|ResponseInterface|string|void
+     */
+    public function before(RequestInterface $request, $arguments = null)
+    {
+        if ($user = session()->get('user')) {
+            if (!model(Account::class)->find($user->ID)) {
+                session()->delete('user');
+                return response()->redirect('/auth/login');
+            }
+        }
+    }
+
+    /**
+     * Allows After filters to inspect and modify the response
+     * object as needed. This method does not allow any way
+     * to stop execution of other after filters, short of
+     * throwing an Exception or Error.
+     *
+     * @param RequestInterface  $request
+     * @param ResponseInterface $response
+     * @param array|null        $arguments
+     *
+     * @return ResponseInterface|void
+     */
+    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+    {
+        //
+    }
+}