invoiceninja/app/Http/Middleware/Authenticate.php

<?php namespace App\Http\Middleware;

use Closure;
use Auth;
use Session;
use App\Models\Invitation;
use App\Models\Contact;
use App\Models\Account;

class Authenticate {
	/**
	 * Handle an incoming request.
	 *
	 * @param  \Illuminate\Http\Request  $request
	 * @param  \Closure  $next
	 * @return mixed
	 */
	public function handle($request, Closure $next, $guard = 'user')
	{
		$authenticated = Auth::guard($guard)->check();
		
		if($guard=='client'){
			if(!empty($request->invitation_key)){
				$contact_key = session('contact_key');
				if($contact_key) {
					$contact = $this->getContact($contact_key);
					$invitation = $this->getInvitation($request->invitation_key);

					if (!$invitation) {
						return response()->view('error', [
							'error' => trans('texts.invoice_not_found'),
							'hideHeader' => true,
						]);
					}

					if ($contact->id != $invitation->contact_id) {
						// This is a different client; reauthenticate
						$authenticated = false;
						Auth::guard($guard)->logout();
					}
					Session::put('contact_key', $invitation->contact->contact_key);
				}
			}

			if (!empty($request->contact_key)) {
				$contact_key = $request->contact_key;
				Session::put('contact_key', $contact_key);
			} else {
				$contact_key = session('contact_key');
			}

			if ($contact_key) {
				$contact = $this->getContact($contact_key);
			} elseif (!empty($request->invitation_key)) {
				$invitation = $this->getInvitation($request->invitation_key);
				$contact = $invitation->contact;
				Session::put('contact_key', $contact->contact_key);
			} else {
				return \Redirect::to('client/sessionexpired');
			}
			$account = $contact->account;

			if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account->id){
				// This is an admin; let them pretend to be a client
				$authenticated = true;
			}
			
			// Does this account require portal passwords?
			if($account && (!$account->enable_portal_password || !$account->hasFeature(FEATURE_CLIENT_PORTAL_PASSWORD))){
				$authenticated = true;
			}
			
			if(!$authenticated && $contact && !$contact->password){
				$authenticated = true;
			}
		}
		
		if (!$authenticated)
		{
			if ($request->ajax())
			{
				return response('Unauthorized.', 401);
			}
			else
			{
				return redirect()->guest($guard=='client'?'/client/login':'/login');
			}
		}

		return $next($request);
	}
	
	protected function getInvitation($key){
		$invitation = Invitation::withTrashed()->where('invitation_key', '=', $key)->first();
		if ($invitation && !$invitation->is_deleted) {
			return $invitation;
		}
		else return null;
	}

	protected function getContact($key){
		$contact = Contact::withTrashed()->where('contact_key', '=', $key)->first();
		if ($contact && !$contact->is_deleted) {
			return $contact;
		}
		else return null;
	}
}
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`<?php namespace App\Http\Middleware;`

			`use Closure;`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`use Auth;`
			`use Session;`
			`use App\Models\Invitation;`
			`use App\Models\Contact;`
			`use App\Models\Account;`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00
			`class Authenticate {`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*/`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`public function handle($request, Closure $next, $guard = 'user')`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`{`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`$authenticated = Auth::guard($guard)->check();`

Fix contact authentication 2016-05-24 23:45:38 +02:00			`if($guard=='client'){`
			`if(!empty($request->invitation_key)){`
			`$contact_key = session('contact_key');`
			`if($contact_key) {`
			`$contact = $this->getContact($contact_key);`
			`$invitation = $this->getInvitation($request->invitation_key);`

			`if (!$invitation) {`
			`return response()->view('error', [`
			`'error' => trans('texts.invoice_not_found'),`
			`'hideHeader' => true,`
			`]);`
			`}`
Add contact_key 2016-05-24 23:02:28 +02:00
Fix contact authentication 2016-05-24 23:45:38 +02:00			`if ($contact->id != $invitation->contact_id) {`
			`// This is a different client; reauthenticate`
			`$authenticated = false;`
			`Auth::guard($guard)->logout();`
			`}`
			`Session::put('contact_key', $invitation->contact->contact_key);`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`}`
Add contact_key 2016-05-24 23:02:28 +02:00			`}`
Fix contact authentication 2016-05-24 23:45:38 +02:00
Add contact_key 2016-05-24 23:02:28 +02:00			`if (!empty($request->contact_key)) {`
			`$contact_key = $request->contact_key;`
			`Session::put('contact_key', $contact_key);`
			`} else {`
			`$contact_key = session('contact_key');`
			`}`

			`if ($contact_key) {`
			`$contact = $this->getContact($contact_key);`
			`} elseif (!empty($request->invitation_key)) {`
			`$invitation = $this->getInvitation($request->invitation_key);`
Fix contact authentication 2016-05-24 23:45:38 +02:00			`$contact = $invitation->contact;`
			`Session::put('contact_key', $contact->contact_key);`
Add contact_key 2016-05-24 23:02:28 +02:00			`} else {`
			`return \Redirect::to('client/sessionexpired');`
			`}`
Fix contact authentication 2016-05-24 23:45:38 +02:00			`$account = $contact->account;`

Add contact_key 2016-05-24 23:02:28 +02:00			`if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account->id){`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`// This is an admin; let them pretend to be a client`
			`$authenticated = true;`
			`}`

			`// Does this account require portal passwords?`
Finalize multi-plan support * Allow admins to change plan * Check features instead of plans * Support linking/unlinking accounts * Support creating/deleting accounts 2016-04-19 04:35:18 +02:00			`if($account && (!$account->enable_portal_password \|\| !$account->hasFeature(FEATURE_CLIENT_PORTAL_PASSWORD))){`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`$authenticated = true;`
			`}`

Add contact_key 2016-05-24 23:02:28 +02:00			`if(!$authenticated && $contact && !$contact->password){`
			`$authenticated = true;`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`}`
			`}`

			`if (!$authenticated)`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`{`
			`if ($request->ajax())`
			`{`
			`return response('Unauthorized.', 401);`
			`}`
			`else`
			`{`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`return redirect()->guest($guard=='client'?'/client/login':'/login');`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`}`
			`}`

			`return $next($request);`
			`}`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00
			`protected function getInvitation($key){`
Ensure archived invoices are viewable 2016-03-14 19:49:38 +01:00			`$invitation = Invitation::withTrashed()->where('invitation_key', '=', $key)->first();`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`if ($invitation && !$invitation->is_deleted) {`
			`return $invitation;`
			`}`
			`else return null;`
			`}`
Add contact_key 2016-05-24 23:02:28 +02:00
			`protected function getContact($key){`
			`$contact = Contact::withTrashed()->where('contact_key', '=', $key)->first();`
			`if ($contact && !$contact->is_deleted) {`
			`return $contact;`
			`}`
			`else return null;`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`}`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`}`