1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-16 16:13:20 +01:00
invoiceninja/app/Http/Controllers/Auth/ContactLoginController.php

183 lines
6.9 KiB
PHP
Raw Normal View History

<?php
2019-05-11 05:32:07 +02:00
/**
* Invoice Ninja (https://invoiceninja.com).
2019-05-11 05:32:07 +02:00
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
2023-01-28 23:21:40 +01:00
* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
2019-05-11 05:32:07 +02:00
*
2021-06-16 08:58:16 +02:00
* @license https://www.elastic.co/licensing/elastic-license
2019-05-11 05:32:07 +02:00
*/
namespace App\Http\Controllers\Auth;
use App\Events\Contact\ContactLoggedIn;
use App\Http\Controllers\Controller;
use App\Http\ViewComposers\PortalComposer;
2021-09-01 09:01:39 +02:00
use App\Libraries\MultiDB;
use App\Models\Account;
use App\Models\ClientContact;
2021-06-01 14:06:47 +02:00
use App\Models\Company;
2020-07-08 14:02:16 +02:00
use App\Utils\Ninja;
use Auth;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
2021-12-12 11:39:12 +01:00
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
2021-12-12 11:39:12 +01:00
use Illuminate\Support\Facades\Hash;
class ContactLoginController extends Controller
{
use AuthenticatesUsers;
2021-12-12 11:39:12 +01:00
protected $redirectTo = '/client/invoices';
public function __construct()
{
$this->middleware('guest:contact', ['except' => ['logout']]);
}
2020-03-23 18:10:42 +01:00
public function showLoginForm(Request $request, $company_key = false)
{
2021-10-24 11:17:57 +02:00
$company = false;
2021-11-15 00:29:33 +01:00
$account = false;
if ($request->session()->has('company_key')) {
2021-12-09 11:50:29 +01:00
MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
2021-10-24 11:17:57 +02:00
$company = Company::where('company_key', $request->input('company_key'))->first();
2023-02-16 02:36:09 +01:00
} elseif ($request->has('company_key')) {
MultiDB::findAndSetDbByCompanyKey($request->input('company_key'));
2022-07-29 07:05:47 +02:00
$company = Company::where('company_key', $request->input('company_key'))->first();
2023-02-16 02:36:09 +01:00
} elseif ($company_key) {
MultiDB::findAndSetDbByCompanyKey($company_key);
$company = Company::where('company_key', $company_key)->first();
2022-07-29 07:05:47 +02:00
}
2021-10-24 11:17:57 +02:00
2023-08-04 08:40:44 +02:00
/** @var \App\Models\Company $company **/
if ($company) {
2021-12-07 12:46:05 +01:00
$account = $company->account;
2023-11-24 00:23:40 +01:00
} elseif (! $company && strpos($request->getHost(), config('ninja.app_domain')) !== false) {
$subdomain = explode('.', $request->getHost())[0];
2021-09-01 09:01:39 +02:00
MultiDB::findAndSetDbByDomain(['subdomain' => $subdomain]);
$company = Company::where('subdomain', $subdomain)->first();
} elseif (Ninja::isHosted()) {
2021-09-01 09:01:39 +02:00
MultiDB::findAndSetDbByDomain(['portal_domain' => $request->getSchemeAndHttpHost()]);
$company = Company::where('portal_domain', $request->getSchemeAndHttpHost())->first();
} elseif (Ninja::isSelfHost()) {
2023-08-04 08:40:44 +02:00
/** @var \App\Models\Account $account **/
2021-11-15 00:29:33 +01:00
$account = Account::first();
$company = $account->default_company;
2021-06-01 14:06:47 +02:00
} else {
$company = null;
}
if (! $account) {
2021-11-15 00:29:33 +01:00
$account_id = $request->get('account_id');
$account = Account::find($account_id);
}
2021-06-01 14:06:47 +02:00
return $this->render('auth.login', ['account' => $account, 'company' => $company]);
}
2020-03-23 18:10:42 +01:00
public function login(Request $request)
{
2019-07-17 05:09:37 +02:00
Auth::shouldUse('contact');
if (Ninja::isHosted() && $request->has('company_key')) {
2021-12-12 11:39:12 +01:00
MultiDB::findAndSetDbByCompanyKey($request->input('company_key'));
}
2021-09-01 09:36:36 +02:00
$this->validateLogin($request);
2019-07-17 05:09:37 +02:00
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
2019-07-17 05:09:37 +02:00
return $this->sendLockoutResponse($request);
}
2021-12-12 11:39:12 +01:00
if (Ninja::isHosted() && $request->has('password') && $company = Company::where('company_key', $request->input('company_key'))->first()) {
2023-08-04 08:40:44 +02:00
/** @var \App\Models\Company $company **/
$contact = ClientContact::where(['email' => $request->input('email'), 'company_id' => $company->id])
->whereHas('client', function ($query) {
$query->where('is_deleted', 0);
})->first();
2021-12-12 11:39:12 +01:00
if (! $contact) {
2021-12-18 10:30:53 +01:00
return $this->sendFailedLoginResponse($request);
}
2021-12-18 10:30:53 +01:00
if (Hash::check($request->input('password'), $contact->password)) {
2021-12-12 11:39:12 +01:00
return $this->authenticated($request, $contact);
}
} elseif ($this->attemptLogin($request)) {
2019-07-17 05:09:37 +02:00
return $this->sendLoginResponse($request);
}
2019-07-17 05:09:37 +02:00
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
2019-07-17 05:09:37 +02:00
return $this->sendFailedLoginResponse($request);
}
2021-12-12 11:39:12 +01:00
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
if ($response = $this->authenticated($request, $this->guard()->user())) {
return $response;
}
$this->setRedirectPath();
2021-12-12 11:39:12 +01:00
return $request->wantsJson()
? new JsonResponse([], 204)
: redirect()->intended($this->redirectPath());
}
public function authenticated(Request $request, ClientContact $client)
{
2021-12-12 11:39:12 +01:00
auth()->guard('contact')->loginUsingId($client->id, true);
2020-07-08 14:02:16 +02:00
event(new ContactLoggedIn($client, $client->company, Ninja::eventVars()));
if (session()->get('url.intended')) {
return redirect(session()->get('url.intended'));
}
2020-03-23 18:10:42 +01:00
$this->setRedirectPath();
return redirect($this->redirectTo);
}
2020-03-23 18:10:42 +01:00
public function logout()
{
Auth::guard('contact')->logout();
2022-01-25 03:43:44 +01:00
request()->session()->invalidate();
return redirect('/client/login');
}
private function setRedirectPath()
{
if (auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_INVOICES) {
$this->redirectTo = '/client/invoices';
} elseif (auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_RECURRING_INVOICES) {
$this->redirectTo = '/client/recurring_invoices';
} elseif (auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_QUOTES) {
$this->redirectTo = '/client/quotes';
} elseif (auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_CREDITS) {
$this->redirectTo = '/client/credits';
} elseif (auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_TASKS) {
$this->redirectTo = '/client/tasks';
} elseif (auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_EXPENSES) {
$this->redirectTo = '/client/expenses';
}
}
}