Route totem.task.execute is outside the middleware (auth)

codestudiohq / laravel-totem

Manage Your Laravel Schedule From A Web Dashboard

MIT License

1.78k stars 224 forks source link

Route totem.task.execute is outside the middleware (auth) #304

Closed Nino1976 closed 2 years ago

Nino1976 commented 3 years ago

After adding [Totem::auth() ...] to [AppServiceProvider], the route [totem.task.execute] has no authentication. Is that correct? All other totem routes correctly return 403, if the user is not logged in or has no rights or no authorization.

best regards, nino

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

jacktran commented 2 years ago

@Nino1976 any solution for this issue ? i think this's security issue seem like it's missing parent::__contruct() in https://github.com/codestudiohq/laravel-totem/blob/8.0/src/Http/Controllers/ExecuteTasksController.php

qschmick commented 2 years ago

@jacktran @Nino1976 Yes, looks like there is a missing call to parent __construct. Can either of you open a PR

jacktran commented 2 years ago

hi @qschmick i don't have permission to create PR Or can you please help to create PR for it ?

qschmick commented 2 years ago

@jacktran You can fork and open the PR from there pointing at this repo