invoiceninja/app/Http/Middleware/TokenAuth.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com)
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2019. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://opensource.org/licenses/AAL
 */

namespace App\Http\Middleware;

use App\Events\User\UserLoggedIn;
use App\Models\CompanyToken;
use App\Models\User;
use Closure;

class TokenAuth
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        if( $request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?",[$request->header('X-API-TOKEN')])->first() ) ) 
        {
            $user = $company_token->user;
            
            /*
            |
            | Necessary evil here: As we are authenticating on CompanyToken, 
            | we need to link the company to the user manually. This allows
            | us to decouple a $user and their attached companies completely.
            |
            */
            $user->setCompany($company_token->company); 

            //stateless, don't remember the user.
            auth()->login($user, false); 

            event(new UserLoggedIn($user));
        }
        else {

            return response()->json(json_encode(['message' => 'Invalid token'], JSON_PRETTY_PRINT) ,403);
        }

        return $next($request);
    }
}
Setting up for tests 2019-03-26 05:46:08 +01:00			`<?php`
Update copyright 2019-05-11 05:32:07 +02:00			`/**`
			`* Invoice Ninja (https://invoiceninja.com)`
			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
			`* @copyright Copyright (c) 2019. Invoice Ninja LLC (https://invoiceninja.com)`
			`*`
			`* @license https://opensource.org/licenses/AAL`
			`*/`
Setting up for tests 2019-03-26 05:46:08 +01:00
			`namespace App\Http\Middleware;`

Tests for unique users 2019-06-05 07:33:48 +02:00			`use App\Events\User\UserLoggedIn;`
Setting up for tests 2019-03-26 05:46:08 +01:00			`use App\Models\CompanyToken;`
			`use App\Models\User;`
			`use Closure;`

			`class TokenAuth`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`

Refactor the way we harvest the company entity 2019-06-12 01:15:17 +02:00			if( $request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?",[$request->header('X-API-TOKEN')])->first() ) )
Test for API 2019-03-27 05:50:13 +01:00			`{`
Refactor the way we harvest the company entity 2019-06-12 01:15:17 +02:00			`$user = $company_token->user;`
move away from session variables 2019-03-27 10:38:28 +01:00
Refactor the way we harvest the company entity 2019-06-12 01:15:17 +02:00			`/*`
			`\|`
			`\| Necessary evil here: As we are authenticating on CompanyToken,`
			`\| we need to link the company to the user manually. This allows`
			`\| us to decouple a $user and their attached companies completely.`
			`\|`
			`*/`
			`$user->setCompany($company_token->company);`

			`//stateless, don't remember the user.`
			`auth()->login($user, false);`

Tests for unique users 2019-06-05 07:33:48 +02:00			`event(new UserLoggedIn($user));`
Setting up for tests 2019-03-26 05:46:08 +01:00			`}`
			`else {`

Working on API Login Authentication 2019-04-18 08:11:37 +02:00			`return response()->json(json_encode(['message' => 'Invalid token'], JSON_PRETTY_PRINT) ,403);`
Setting up for tests 2019-03-26 05:46:08 +01:00			`}`

			`return $next($request);`
			`}`
			`}`