1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 21:22:58 +01:00
invoiceninja/app/Http/Controllers/Auth/ContactLoginController.php

159 lines
5.2 KiB
PHP
Raw Normal View History

<?php
2019-05-11 05:32:07 +02:00
/**
* Invoice Ninja (https://invoiceninja.com).
2019-05-11 05:32:07 +02:00
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
2019-05-11 05:32:07 +02:00
*
2021-06-16 08:58:16 +02:00
* @license https://www.elastic.co/licensing/elastic-license
2019-05-11 05:32:07 +02:00
*/
namespace App\Http\Controllers\Auth;
use App\Events\Contact\ContactLoggedIn;
use App\Http\Controllers\Controller;
2021-09-01 09:01:39 +02:00
use App\Libraries\MultiDB;
use App\Models\Account;
use App\Models\ClientContact;
2021-06-01 14:06:47 +02:00
use App\Models\Company;
2020-07-08 14:02:16 +02:00
use App\Utils\Ninja;
use Auth;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Route;
2021-12-12 11:39:12 +01:00
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Hash;
class ContactLoginController extends Controller
{
use AuthenticatesUsers;
2021-12-12 11:39:12 +01:00
protected $redirectTo = '/client/invoices';
public function __construct()
{
$this->middleware('guest:contact', ['except' => ['logout']]);
}
2020-03-23 18:10:42 +01:00
public function showLoginForm(Request $request)
{
2021-10-24 11:17:57 +02:00
$company = false;
2021-11-15 00:29:33 +01:00
$account = false;
2021-12-09 11:50:29 +01:00
if($request->session()->has('company_key')){
MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
2021-10-24 11:17:57 +02:00
$company = Company::where('company_key', $request->input('company_key'))->first();
}
2021-12-07 12:46:05 +01:00
if($company){
$account = $company->account;
}
elseif (!$company && strpos($request->getHost(), 'invoicing.co') !== false) {
$subdomain = explode('.', $request->getHost())[0];
2021-09-01 09:01:39 +02:00
MultiDB::findAndSetDbByDomain(['subdomain' => $subdomain]);
$company = Company::where('subdomain', $subdomain)->first();
2021-09-01 09:36:36 +02:00
2021-09-01 09:01:39 +02:00
} elseif(Ninja::isHosted()){
MultiDB::findAndSetDbByDomain(['portal_domain' => $request->getSchemeAndHttpHost()]);
$company = Company::where('portal_domain', $request->getSchemeAndHttpHost())->first();
}
elseif (Ninja::isSelfHost()) {
2021-11-15 00:29:33 +01:00
$account = Account::first();
$company = $account->default_company;
2021-06-01 14:06:47 +02:00
} else {
$company = null;
}
2021-11-15 00:29:33 +01:00
if(!$account){
$account_id = $request->get('account_id');
$account = Account::find($account_id);
}
2021-06-01 14:06:47 +02:00
return $this->render('auth.login', ['account' => $account, 'company' => $company]);
}
2020-03-23 18:10:42 +01:00
public function login(Request $request)
{
2019-07-17 05:09:37 +02:00
Auth::shouldUse('contact');
2021-12-12 11:39:12 +01:00
if(Ninja::isHosted() && $request->has('company_key'))
MultiDB::findAndSetDbByCompanyKey($request->input('company_key'));
2021-09-01 09:36:36 +02:00
$this->validateLogin($request);
2019-07-17 05:09:37 +02:00
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
2019-07-17 05:09:37 +02:00
return $this->sendLockoutResponse($request);
}
2021-12-12 11:39:12 +01:00
2021-12-13 05:22:16 +01:00
if(Ninja::isHosted() && $request->has('password') && $company = Company::where('company_key', $request->input('company_key'))->first()){
2021-12-12 11:39:12 +01:00
$contact = ClientContact::where(['email' => $request->input('email'), 'company_id' => $company->id])
->whereHas('client', function ($query) {
$query->where('is_deleted',0);
})->first();
2021-12-12 11:39:12 +01:00
2021-12-18 10:30:53 +01:00
if(!$contact)
return $this->sendFailedLoginResponse($request);
2021-12-12 11:39:12 +01:00
if(Hash::check($request->input('password'), $contact->password))
return $this->authenticated($request, $contact);
}
elseif ($this->attemptLogin($request)) {
2019-07-17 05:09:37 +02:00
return $this->sendLoginResponse($request);
}
2019-07-17 05:09:37 +02:00
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
2019-07-17 05:09:37 +02:00
return $this->sendFailedLoginResponse($request);
}
2021-12-12 11:39:12 +01:00
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
if ($response = $this->authenticated($request, $this->guard()->user())) {
return $response;
}
return $request->wantsJson()
? new JsonResponse([], 204)
: redirect()->intended($this->redirectPath());
}
public function authenticated(Request $request, ClientContact $client)
{
2021-12-12 11:39:12 +01:00
auth()->guard('contact')->loginUsingId($client->id, true);
2020-07-08 14:02:16 +02:00
event(new ContactLoggedIn($client, $client->company, Ninja::eventVars()));
if (session()->get('url.intended')) {
return redirect(session()->get('url.intended'));
}
2020-03-23 18:10:42 +01:00
return redirect(route('client.dashboard'));
}
2020-03-23 18:10:42 +01:00
public function logout()
{
Auth::guard('contact')->logout();
return redirect('/client/login');
}
}