Fix FLEXIAPI-394 Apply SpaceCheck on all the pages and URLs, backport from 2.1

CHANGELOG.md

@@ -78,6 +78,7 @@ v2.0
 - Fix FLEXIAPI-385 Use domains and not hosts in the EmailServer endpoints as defined in the API documentation
 - Fix FLEXIAPI-391 Add missing account view attribute in the actions.delete view
 - Fix FLEXIAPI-392 Fix the recover_by_code view and use the account space object
+- Fix FLEXIAPI-394 Apply SpaceCheck on all the pages and URLs, backport from 2.1
 
 v1.6
 ----

flexiapi/app/Http/Kernel.php

@@ -52,13 +52,15 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
             \App\Http\Middleware\Localization::class,
+            'space.check',
         ],
 
         'api' => [
             'throttle:600,1', // move to 600 instead of 60
             'bindings',
             'validate_json',
-            'localization'
+            'localization',
+            'space.check',
         ],
     ];
 

flexiapi/app/Http/Middleware/SpaceCheck.php

@@ -15,7 +15,7 @@ class SpaceCheck
             return abort(503, 'APP_ROOT_HOST is not configured');
         }
 
-        $space = space();
+        $space = space(reload: true);
 
         if ($space != null) {
             if (!str_ends_with($space->host, config('app.root_host'))) {
@@ -25,7 +25,7 @@ class SpaceCheck
             Config::set('app.url', '://' . $space->host);
             Config::set('app.sip_domain', $space->domain);
 
-            if ($request->user() && !$request->user()->superAdmin && $space?->isExpired()) {
+            if ($space->isExpired()) {
                 abort($request->expectsJson() ? 403 : 490, 'The related Space has expired');
             }
 

flexiapi/routes/api.php

@@ -54,7 +54,7 @@ Route::get('accounts/me/api_key/{auth_token}', 'Api\Account\ApiKeyController@gen
 
 Route::get('phone_countries', 'Api\PhoneCountryController@index');
 
-Route::group(['middleware' => ['auth.jwt', 'auth.digest_or_key', 'auth.check_blocked', 'space.check']], function () {
+Route::group(['middleware' => ['auth.jwt', 'auth.digest_or_key', 'auth.check_blocked']], function () {
     Route::get('accounts/auth_token/{auth_token}/attach', 'Api\Account\AuthTokenController@attach');
     Route::post('account_creation_tokens/consume', 'Api\Account\CreationTokenController@consume');
 

flexiapi/routes/web.php

@@ -48,12 +48,10 @@ use App\Http\Controllers\Admin\SpaceController;
 use App\Http\Controllers\Admin\StatisticsController;
 use Illuminate\Support\Facades\Route;
 
-Route::middleware(['space.check'])->group(function () {
-    Route::redirect('/', 'login')->name('account.home');
-    Route::get('about', 'AboutController@about')->name('about');
-});
+Route::redirect('/', 'login')->name('account.home');
+Route::get('about', 'AboutController@about')->name('about');
 
-Route::middleware(['web_panel_enabled', 'space.check'])->group(function () {
+Route::middleware(['web_panel_enabled'])->group(function () {
     Route::get('wizard/{provisioning_token}', 'Account\ProvisioningController@wizard')->name('provisioning.wizard');
 
     Route::get('login', 'Account\AuthenticateController@login')->name('account.login');
@@ -90,7 +88,7 @@ Route::name('provisioning.')->prefix('provisioning')->controller(ProvisioningCon
     Route::get('/', 'show')->name('show');
 });
 
-Route::middleware(['web_panel_enabled', 'space.check'])->group(function () {
+Route::middleware(['web_panel_enabled'])->group(function () {
     Route::middleware(['public_registration'])->group(function () {
         Route::redirect('register', 'register/email')->name('account.register');
 

flexiapi/tests/Feature/ApiSpaceWithMiddlewareTest.php

@@ -42,9 +42,7 @@ class ApiSpaceWithMiddlewareTest extends TestCaseWithSpaceMiddleware
 
         // Try to create a new user as an admin
         $admin->generateUserApiKey();
-        config()->set('app.root_host', $admin->domain);
-
-        space(reload: true);
+        config()->set('app.root_host', $superAdmin->space->host);
 
         $this->keyAuthenticated($admin)
             ->json($this->method, 'http://' . $admin->domain .  $this->accountRoute, [
@@ -55,19 +53,19 @@ class ApiSpaceWithMiddlewareTest extends TestCaseWithSpaceMiddleware
 
         // Unexpire the space and try again
         $space = $this->keyAuthenticated($superAdmin)
-            ->get($this->route . '/' . $admin->domain)
+            ->get('http://' . $superAdmin->domain .  $this->route . '/' . $admin->domain)
             ->json();
 
         $space['expire_at'] = Carbon::tomorrow()->toDateTimeString();
 
         $this->keyAuthenticated($superAdmin)
-            ->json('PUT', $this->route . '/' . $admin->domain, $space)
+            ->json('PUT', 'http://' . $superAdmin->domain .  $this->route . '/' . $admin->domain, $space)
             ->assertStatus(200);
 
         space(reload: true);
 
         $this->keyAuthenticated($admin)
-            ->json($this->method, $this->accountRoute, [
+            ->json($this->method, 'http://' . $admin->domain .  $this->accountRoute, [
                 'username' => 'new',
                 'algorithm' => 'SHA-256',
                 'password' => '123456',

flexiapi/tests/Feature/ApiStatisticsTest.php

@@ -39,7 +39,7 @@ class ApiStatisticsTest extends TestCase
 
         $id = '1234';
         $fromUsername = 'username';
-        $fromDomain = 'domain.com';
+        $fromDomain = $admin->domain;
 
         $account = Account::factory()->create([
             'username' => $fromUsername,
@@ -132,9 +132,9 @@ class ApiStatisticsTest extends TestCase
 
         $id = '1234';
         $fromUsername = 'username';
-        $fromDomain = 'domain.com';
+        $fromDomain = $admin->domain;
         $toUsername = 'usernameto';
-        $toDomain = 'domainto.com';
+        $toDomain = $admin->domain;
 
         $account = Account::factory()->create([
             'username' => $fromUsername,