2018-10-04 19:10:43 +02:00
|
|
|
<?php
|
2019-05-11 05:32:07 +02:00
|
|
|
/**
|
|
|
|
* Invoice Ninja (https://invoiceninja.com)
|
|
|
|
*
|
|
|
|
* @link https://github.com/invoiceninja/invoiceninja source repository
|
|
|
|
*
|
|
|
|
* @copyright Copyright (c) 2019. Invoice Ninja LLC (https://invoiceninja.com)
|
|
|
|
*
|
|
|
|
* @license https://opensource.org/licenses/AAL
|
|
|
|
*/
|
2018-10-04 19:10:43 +02:00
|
|
|
|
2019-05-22 03:24:05 +02:00
|
|
|
namespace App\Http\Controllers\Auth;
|
2018-10-04 19:10:43 +02:00
|
|
|
|
2019-04-19 04:58:40 +02:00
|
|
|
use App\Http\Controllers\BaseController;
|
2018-10-04 19:10:43 +02:00
|
|
|
use App\Http\Controllers\Controller;
|
2019-05-22 02:56:47 +02:00
|
|
|
use App\Jobs\Account\CreateAccount;
|
|
|
|
use App\Libraries\MultiDB;
|
2019-05-22 05:18:18 +02:00
|
|
|
use App\Libraries\OAuth\OAuth;
|
2019-09-11 12:15:44 +02:00
|
|
|
use App\Models\CompanyUser;
|
2018-12-02 11:42:06 +01:00
|
|
|
use App\Models\User;
|
2019-09-11 12:15:44 +02:00
|
|
|
use App\Transformers\CompanyUserTransformer;
|
2019-04-19 04:58:40 +02:00
|
|
|
use App\Transformers\UserTransformer;
|
2018-11-02 11:54:46 +01:00
|
|
|
use App\Utils\Traits\UserSessionAttributes;
|
2018-10-04 19:10:43 +02:00
|
|
|
use Illuminate\Foundation\Auth\AuthenticatesUsers;
|
2018-11-02 11:54:46 +01:00
|
|
|
use Illuminate\Http\Request;
|
2018-12-02 11:42:06 +01:00
|
|
|
use Illuminate\Support\Facades\Auth;
|
2019-04-19 04:58:40 +02:00
|
|
|
use Illuminate\Support\Facades\Log;
|
2018-12-02 11:42:06 +01:00
|
|
|
use Laravel\Socialite\Facades\Socialite;
|
2018-10-04 19:10:43 +02:00
|
|
|
|
2019-04-19 04:58:40 +02:00
|
|
|
class LoginController extends BaseController
|
2018-10-04 19:10:43 +02:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| Login Controller
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| This controller handles authenticating users for the application and
|
|
|
|
| redirecting them to your home screen. The controller uses a trait
|
|
|
|
| to conveniently provide its functionality to your applications.
|
|
|
|
|
|
|
|
|
*/
|
2019-10-06 08:05:46 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @OA\Tag(
|
|
|
|
* name="login",
|
|
|
|
* description="Authentication",
|
|
|
|
* @OA\ExternalDocumentation(
|
|
|
|
* description="Find out more",
|
|
|
|
* url="http://docs.invoiceninja.com"
|
|
|
|
* )
|
|
|
|
* )
|
|
|
|
*/
|
2018-10-04 19:10:43 +02:00
|
|
|
|
|
|
|
use AuthenticatesUsers;
|
2018-11-02 11:54:46 +01:00
|
|
|
use UserSessionAttributes;
|
2019-09-23 00:24:25 +02:00
|
|
|
|
2019-09-12 14:02:25 +02:00
|
|
|
protected $entity_type = CompanyUser::class;
|
2019-04-19 04:58:40 +02:00
|
|
|
|
2019-09-12 14:02:25 +02:00
|
|
|
protected $entity_transformer = CompanyUserTransformer::class;
|
2019-04-19 04:58:40 +02:00
|
|
|
|
2018-10-04 19:10:43 +02:00
|
|
|
/**
|
|
|
|
* Where to redirect users after login.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
2018-10-17 14:26:27 +02:00
|
|
|
protected $redirectTo = '/dashboard';
|
2018-10-04 19:10:43 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new controller instance.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function __construct()
|
|
|
|
{
|
2019-05-22 05:18:18 +02:00
|
|
|
|
2019-04-19 04:58:40 +02:00
|
|
|
parent::__construct();
|
2019-05-22 05:18:18 +02:00
|
|
|
|
2018-10-04 19:10:43 +02:00
|
|
|
}
|
2018-10-18 07:04:36 +02:00
|
|
|
|
2018-11-20 05:36:56 +01:00
|
|
|
/**
|
|
|
|
* Once the user is authenticated, we need to set
|
|
|
|
* the default company into a session variable
|
|
|
|
*
|
|
|
|
* @return void
|
2019-05-23 02:25:55 +02:00
|
|
|
* deprecated .1 API ONLY we don't need to set any session variables
|
2018-11-20 05:36:56 +01:00
|
|
|
*/
|
2018-12-02 11:42:06 +01:00
|
|
|
public function authenticated(Request $request, User $user) : void
|
2018-11-02 11:54:46 +01:00
|
|
|
{
|
2019-03-26 12:31:07 +01:00
|
|
|
//$this->setCurrentCompanyId($user->companies()->first()->account->default_company_id);
|
2018-11-02 11:54:46 +01:00
|
|
|
}
|
|
|
|
|
2019-05-23 02:25:55 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Login via API
|
|
|
|
*
|
|
|
|
* @param \Illuminate\Http\Request $request The request
|
|
|
|
*
|
|
|
|
* @return Response|User Process user login.
|
2019-10-07 00:00:02 +02:00
|
|
|
*
|
|
|
|
*
|
2019-10-06 08:05:46 +02:00
|
|
|
* @OA\Post(
|
|
|
|
* path="/api/v1/login",
|
|
|
|
* operationId="postLogin",
|
|
|
|
* tags={"login"},
|
|
|
|
* summary="Attempts authentication",
|
|
|
|
* description="Returns a CompanyUser object on success",
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/include"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/include_static"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/clear_cache"),
|
|
|
|
* @OA\RequestBody(
|
|
|
|
* description="User credentials",
|
|
|
|
* required=true,
|
|
|
|
* @OA\MediaType(
|
|
|
|
* mediaType="application/json",
|
|
|
|
* @OA\Schema(
|
|
|
|
* type="object",
|
|
|
|
* @OA\Property(
|
|
|
|
* property="email",
|
|
|
|
* description="The user email address",
|
|
|
|
* type="string",
|
|
|
|
* ),
|
|
|
|
* @OA\Property(
|
|
|
|
* property="password",
|
|
|
|
* example="1234567",
|
|
|
|
* description="The user password must meet minimum criteria ~ >6 characters",
|
|
|
|
* type="string"
|
|
|
|
* )
|
|
|
|
* )
|
|
|
|
* )
|
|
|
|
* ),
|
|
|
|
* @OA\Response(
|
|
|
|
* response=200,
|
|
|
|
* description="The Company User response",
|
2019-10-07 08:31:26 +02:00
|
|
|
* @OA\Header(header="X-API-Version", ref="#/components/headers/X-API-Version"),
|
2019-10-06 08:05:46 +02:00
|
|
|
* @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
|
|
|
|
* @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
|
2019-10-06 13:51:33 +02:00
|
|
|
* @OA\JsonContent(ref="#/components/schemas/CompanyUser"),
|
|
|
|
* ),
|
|
|
|
* @OA\Response(
|
|
|
|
* response=422,
|
|
|
|
* description="Validation error",
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/ValidationError"),
|
2019-10-06 08:05:46 +02:00
|
|
|
|
|
|
|
* ),
|
2019-10-06 13:24:54 +02:00
|
|
|
* @OA\Response(
|
|
|
|
* response="default",
|
|
|
|
* description="Unexpected Error",
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/Error"),
|
|
|
|
* ),
|
2019-10-06 08:05:46 +02:00
|
|
|
* )
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2019-04-19 03:59:07 +02:00
|
|
|
public function apiLogin(Request $request)
|
|
|
|
{
|
2019-07-14 11:34:49 +02:00
|
|
|
$this->forced_includes = ['company_users'];
|
|
|
|
|
2019-04-19 03:59:07 +02:00
|
|
|
$this->validateLogin($request);
|
|
|
|
|
2019-04-19 09:59:48 +02:00
|
|
|
if ($this->hasTooManyLoginAttempts($request)) {
|
|
|
|
$this->fireLockoutEvent($request);
|
|
|
|
|
2019-09-11 07:32:47 +02:00
|
|
|
return response()
|
|
|
|
->json(['message' => 'Too many login attempts, you are being throttled'], 401)
|
|
|
|
->header('X-App-Version', config('ninja.app_version'))
|
|
|
|
->header('X-Api-Version', config('ninja.api_version'));
|
2019-04-19 09:59:48 +02:00
|
|
|
}
|
|
|
|
|
2019-09-11 02:37:53 +02:00
|
|
|
if ($this->attemptLogin($request)) {
|
|
|
|
|
|
|
|
$user = $this->guard()->user();
|
|
|
|
|
2019-11-22 22:10:53 +01:00
|
|
|
$user->setCompany($user->company_user->account->default_company);
|
2019-09-11 02:37:53 +02:00
|
|
|
|
2019-09-12 14:02:25 +02:00
|
|
|
$ct = CompanyUser::whereUserId($user->id);
|
|
|
|
return $this->listResponse($ct);
|
2019-09-11 12:15:44 +02:00
|
|
|
|
2019-09-11 02:37:53 +02:00
|
|
|
}
|
2019-04-19 09:59:48 +02:00
|
|
|
else {
|
|
|
|
|
|
|
|
$this->incrementLoginAttempts($request);
|
|
|
|
|
2019-09-11 07:32:47 +02:00
|
|
|
return response()
|
|
|
|
->json(['message' => ctrans('texts.invalid_credentials')], 401)
|
|
|
|
->header('X-App-Version', config('ninja.app_version'))
|
|
|
|
->header('X-Api-Version', config('ninja.api_version'));
|
2019-04-19 09:59:48 +02:00
|
|
|
}
|
2019-04-19 03:59:07 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2019-10-07 00:00:02 +02:00
|
|
|
/**
|
|
|
|
* Refreshes the data feed with the current Company User
|
|
|
|
*
|
|
|
|
* @return CompanyUser Refresh Feed.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @OA\Post(
|
|
|
|
* path="/api/v1/refresh",
|
|
|
|
* operationId="refresh",
|
|
|
|
* tags={"refresh"},
|
|
|
|
* summary="Refreshes the dataset",
|
|
|
|
* description="Refreshes the dataset",
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/include"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/include_static"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/clear_cache"),
|
|
|
|
* @OA\Response(
|
|
|
|
* response=200,
|
|
|
|
* description="The Company User response",
|
2019-10-07 08:31:26 +02:00
|
|
|
* @OA\Header(header="X-API-Version", ref="#/components/headers/X-API-Version"),
|
2019-10-07 00:00:02 +02:00
|
|
|
* @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
|
|
|
|
* @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/CompanyUser"),
|
|
|
|
* ),
|
|
|
|
* @OA\Response(
|
|
|
|
* response=422,
|
|
|
|
* description="Validation error",
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/ValidationError"),
|
|
|
|
|
|
|
|
* ),
|
|
|
|
* @OA\Response(
|
|
|
|
* response="default",
|
|
|
|
* description="Unexpected Error",
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/Error"),
|
|
|
|
* ),
|
|
|
|
* )
|
|
|
|
*
|
|
|
|
*/
|
2019-09-25 13:49:43 +02:00
|
|
|
public function refresh(Request $request)
|
|
|
|
{
|
|
|
|
$ct = CompanyUser::whereUserId(auth()->user()->id);
|
|
|
|
return $this->listResponse($ct);
|
|
|
|
}
|
|
|
|
|
2018-11-20 05:36:56 +01:00
|
|
|
/**
|
|
|
|
* Redirect the user to the provider authentication page
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
2018-12-02 11:42:06 +01:00
|
|
|
public function redirectToProvider(string $provider)
|
2018-10-18 07:04:36 +02:00
|
|
|
{
|
2019-05-23 02:25:55 +02:00
|
|
|
//'https://www.googleapis.com/auth/gmail.send','email','profile','openid'
|
|
|
|
//
|
2019-05-22 01:00:12 +02:00
|
|
|
if(request()->has('code'))
|
|
|
|
return $this->handleProviderCallback($provider);
|
|
|
|
else
|
2019-12-04 02:26:57 +01:00
|
|
|
return Socialite::driver($provider)->scopes('https://www.googleapis.com/auth/gmail.send')->redirect();
|
2018-10-18 07:04:36 +02:00
|
|
|
}
|
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
|
|
|
|
public function redirectToProviderAndCreate(string $provider)
|
2018-10-18 07:04:36 +02:00
|
|
|
{
|
2019-05-23 02:25:55 +02:00
|
|
|
|
|
|
|
$redirect_url = config('services.' . $provider . '.redirect') . '/create';
|
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
if(request()->has('code'))
|
|
|
|
return $this->handleProviderCallbackAndCreate($provider);
|
|
|
|
else
|
2019-12-04 02:26:57 +01:00
|
|
|
return Socialite::driver($provider)->scopes('https://www.googleapis.com/auth/gmail.send')->redirectUrl($redirect_url)->redirect();
|
2019-05-23 00:28:03 +02:00
|
|
|
|
2019-05-23 02:25:55 +02:00
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function handleProviderCallbackAndCreate(string $provider)
|
|
|
|
{
|
2019-12-04 02:26:57 +01:00
|
|
|
$redirect_url = config('services.' . $provider . '.redirect') . '/create';
|
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
$socialite_user = Socialite::driver($provider)
|
2019-12-04 02:26:57 +01:00
|
|
|
->redirectUrl($redirect_url)
|
2019-05-23 00:28:03 +02:00
|
|
|
->stateless()
|
|
|
|
->user();
|
2018-12-02 11:42:06 +01:00
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
/* Handle existing users who attempt to create another account with existing OAuth credentials */
|
2018-12-02 11:42:06 +01:00
|
|
|
if($user = OAuth::handleAuth($socialite_user, $provider))
|
|
|
|
{
|
2019-12-04 03:03:51 +01:00
|
|
|
$user->oauth_user_token = $socialite_user->token;
|
2019-12-04 03:00:59 +01:00
|
|
|
$user->save();
|
2019-05-23 00:28:03 +02:00
|
|
|
Auth::login($user, true);
|
|
|
|
|
|
|
|
return redirect($this->redirectTo);
|
2019-05-22 02:56:47 +02:00
|
|
|
}
|
2019-05-22 03:00:23 +02:00
|
|
|
else if(MultiDB::checkUserEmailExists($socialite_user->getEmail()))
|
2019-05-22 02:56:47 +02:00
|
|
|
{
|
2019-05-23 00:28:03 +02:00
|
|
|
Session::flash('error', 'User exists in system, but not with this authentication method'); //todo add translations
|
2019-05-22 02:56:47 +02:00
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
return view('auth.login');
|
2019-05-22 02:56:47 +02:00
|
|
|
}
|
|
|
|
/** 3. Automagically creating a new account here. */
|
|
|
|
else {
|
|
|
|
//todo
|
|
|
|
$name = OAuth::splitName($socialite_user->getName());
|
|
|
|
|
|
|
|
$new_account = [
|
|
|
|
'first_name' => $name[0],
|
|
|
|
'last_name' => $name[1],
|
|
|
|
'password' => '',
|
|
|
|
'email' => $socialite_user->getEmail(),
|
2019-05-23 00:28:03 +02:00
|
|
|
'oauth_user_id' => $socialite_user->getId(),
|
2019-12-04 02:14:55 +01:00
|
|
|
'oauth_user_token' => $socialite_user->token,
|
2019-05-23 00:28:03 +02:00
|
|
|
'oauth_provider_id' => $provider
|
2019-05-22 02:56:47 +02:00
|
|
|
];
|
|
|
|
|
2019-12-04 03:27:28 +01:00
|
|
|
MultiDB::setDefaultDatabase();
|
|
|
|
|
2019-05-22 02:56:47 +02:00
|
|
|
$account = CreateAccount::dispatchNow($new_account);
|
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
Auth::login($account->default_company->owner(), true);
|
|
|
|
|
|
|
|
$cookie = cookie('db', $account->default_company->db);
|
2018-11-20 05:36:56 +01:00
|
|
|
|
2019-05-23 00:28:03 +02:00
|
|
|
return redirect($this->redirectTo)->withCookie($cookie);
|
|
|
|
}
|
2018-10-18 07:04:36 +02:00
|
|
|
|
|
|
|
}
|
2019-05-23 00:28:03 +02:00
|
|
|
|
2019-05-22 05:18:18 +02:00
|
|
|
/**
|
|
|
|
* We use this function when OAUTHING via the web interface
|
|
|
|
*
|
|
|
|
* @return redirect
|
|
|
|
*/
|
|
|
|
public function handleProviderCallback(string $provider)
|
|
|
|
{
|
2019-12-04 02:26:57 +01:00
|
|
|
|
|
|
|
$redirect_url = config('services.' . $provider . '.redirect');
|
|
|
|
|
2019-05-22 05:21:23 +02:00
|
|
|
$socialite_user = Socialite::driver($provider)
|
2019-12-04 02:26:57 +01:00
|
|
|
->redirectUrl($redirect_url)
|
2019-05-22 05:21:23 +02:00
|
|
|
->stateless()
|
|
|
|
->user();
|
2019-05-22 05:18:18 +02:00
|
|
|
|
|
|
|
if($user = OAuth::handleAuth($socialite_user, $provider))
|
|
|
|
{
|
2019-12-04 03:03:51 +01:00
|
|
|
$user->oauth_user_token = $socialite_user->token;
|
2019-12-04 03:00:59 +01:00
|
|
|
$user->save();
|
2019-05-22 05:18:18 +02:00
|
|
|
Auth::login($user, true);
|
|
|
|
|
2019-05-22 05:22:31 +02:00
|
|
|
return redirect($this->redirectTo);
|
2019-05-22 05:18:18 +02:00
|
|
|
}
|
|
|
|
else if(MultiDB::checkUserEmailExists($socialite_user->getEmail()))
|
|
|
|
{
|
|
|
|
Session::flash('error', 'User exists in system, but not with this authentication method'); //todo add translations
|
|
|
|
|
|
|
|
return view('auth.login');
|
|
|
|
}
|
|
|
|
/** 3. Automagically creating a new account here. */
|
|
|
|
else {
|
|
|
|
//todo
|
|
|
|
$name = OAuth::splitName($socialite_user->getName());
|
|
|
|
|
|
|
|
$new_account = [
|
|
|
|
'first_name' => $name[0],
|
|
|
|
'last_name' => $name[1],
|
|
|
|
'password' => '',
|
|
|
|
'email' => $socialite_user->getEmail(),
|
|
|
|
'oauth_user_id' => $socialite_user->getId(),
|
2019-12-04 02:14:55 +01:00
|
|
|
'oauth_user_token' => $socialite_user->token,
|
2019-05-22 05:18:18 +02:00
|
|
|
'oauth_provider_id' => $provider
|
|
|
|
];
|
|
|
|
|
|
|
|
$account = CreateAccount::dispatchNow($new_account);
|
|
|
|
|
2019-05-22 05:24:40 +02:00
|
|
|
Auth::login($account->default_company->owner(), true);
|
2019-05-22 05:18:18 +02:00
|
|
|
|
2019-05-22 05:43:51 +02:00
|
|
|
$cookie = cookie('db', $account->default_company->db);
|
|
|
|
|
|
|
|
return redirect($this->redirectTo)->withCookie($cookie);
|
2019-05-22 05:18:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A client side authentication has taken place.
|
|
|
|
* We now digest the token and confirm authentication with
|
|
|
|
* the authentication server, the correct user object
|
|
|
|
* is returned to us here and we send back the correct
|
|
|
|
* user object payload - or error.
|
|
|
|
*
|
2019-05-23 02:25:55 +02:00
|
|
|
* This can be extended to a create route also - need to pass a ?create query parameter and
|
|
|
|
* then process the signup
|
|
|
|
*
|
2019-05-22 05:18:18 +02:00
|
|
|
* return User $user
|
|
|
|
*/
|
|
|
|
public function oauthApiLogin()
|
|
|
|
{
|
|
|
|
|
|
|
|
$user = false;
|
|
|
|
|
|
|
|
$oauth = new OAuth();
|
|
|
|
|
|
|
|
$user = $oauth->getProvider(request()->input('provider'))->getTokenResponse(request()->input('token'));
|
|
|
|
|
2019-09-17 07:42:10 +02:00
|
|
|
if ($user) {
|
|
|
|
$ct = CompanyUser::whereUserId($user);
|
|
|
|
return $this->listResponse($ct);
|
|
|
|
// return $this->itemResponse($user);
|
|
|
|
}
|
2019-05-22 05:18:18 +02:00
|
|
|
else
|
|
|
|
return $this->errorResponse(['message' => 'Invalid credentials'], 401);
|
|
|
|
|
|
|
|
}
|
2019-05-23 00:28:03 +02:00
|
|
|
|
|
|
|
|
2018-10-04 19:10:43 +02:00
|
|
|
}
|