1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-16 16:13:20 +01:00
invoiceninja/app/Http/Controllers/Auth/LoginController.php

747 lines
27 KiB
PHP
Raw Normal View History

2018-10-04 19:10:43 +02:00
<?php
2023-03-13 07:55:33 +01:00
2019-05-11 05:32:07 +02:00
/**
* Invoice Ninja (https://invoiceninja.com).
2019-05-11 05:32:07 +02:00
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
2023-01-28 23:21:40 +01:00
* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
2019-05-11 05:32:07 +02:00
*
2021-06-16 08:58:16 +02:00
* @license https://www.elastic.co/licensing/elastic-license
2019-05-11 05:32:07 +02:00
*/
2018-10-04 19:10:43 +02:00
2019-05-22 03:24:05 +02:00
namespace App\Http\Controllers\Auth;
2018-10-04 19:10:43 +02:00
2023-09-24 05:07:32 +02:00
use App\DataMapper\Analytics\LoginFailure;
use App\DataMapper\Analytics\LoginSuccess;
use App\Events\User\UserLoggedIn;
use App\Http\Controllers\BaseController;
use App\Http\Requests\Login\LoginRequest;
use App\Jobs\Account\CreateAccount;
use App\Jobs\Company\CreateCompanyToken;
use App\Libraries\MultiDB;
use App\Libraries\OAuth\OAuth;
use App\Libraries\OAuth\Providers\Google;
use App\Models\Account;
use App\Models\CompanyToken;
use App\Models\CompanyUser;
use App\Models\User;
2023-09-24 05:07:32 +02:00
use App\Transformers\CompanyUserTransformer;
2021-05-12 08:18:32 +02:00
use App\Utils\Ninja;
2023-09-24 05:07:32 +02:00
use App\Utils\Traits\User\LoginCache;
use App\Utils\Traits\UserSessionAttributes;
2022-03-13 11:40:29 +01:00
use App\Utils\TruthSource;
2023-09-24 05:07:32 +02:00
use Google_Client;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
2023-05-03 02:12:06 +02:00
use Illuminate\Http\JsonResponse;
2023-09-24 05:07:32 +02:00
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Response;
use Laravel\Socialite\Facades\Socialite;
2023-09-24 05:07:32 +02:00
use Microsoft\Graph\Model;
use PragmaRX\Google2FA\Google2FA;
use Turbo124\Beacon\Facades\LightLogs;
2018-10-04 19:10:43 +02:00
2019-04-19 04:58:40 +02:00
class LoginController extends BaseController
2018-10-04 19:10:43 +02:00
{
use AuthenticatesUsers;
use UserSessionAttributes;
2021-05-23 10:59:09 +02:00
use LoginCache;
2019-09-12 14:02:25 +02:00
protected $entity_type = CompanyUser::class;
2019-04-19 04:58:40 +02:00
2019-09-12 14:02:25 +02:00
protected $entity_transformer = CompanyUserTransformer::class;
2019-04-19 04:58:40 +02:00
2018-10-04 19:10:43 +02:00
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/dashboard';
2018-10-04 19:10:43 +02:00
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
2019-04-19 04:58:40 +02:00
parent::__construct();
2018-10-04 19:10:43 +02:00
}
/**
* Once the user is authenticated, we need to set
* the default company into a session variable.
*
2020-10-28 11:10:49 +01:00
* @param Request $request
* @param User $user
* @return void
2023-03-13 07:55:33 +01:00
* @deprecated .1 API ONLY we don't need to set any session variables
*/
2022-06-11 04:07:56 +02:00
public function authenticated(Request $request, User $user): void
{
2019-03-26 12:31:07 +01:00
//$this->setCurrentCompanyId($user->companies()->first()->account->default_company_id);
}
2019-05-23 02:25:55 +02:00
/**
* Login via API.
2019-05-23 02:25:55 +02:00
*
2023-03-13 07:55:33 +01:00
* @param LoginRequest $request The request
2020-10-28 11:10:49 +01:00
* @throws \Illuminate\Validation\ValidationException
2019-10-06 08:05:46 +02:00
*/
2021-07-19 02:57:13 +02:00
public function apiLogin(LoginRequest $request)
2019-04-19 03:59:07 +02:00
{
$this->forced_includes = ['company_users'];
2019-04-19 03:59:07 +02:00
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
2019-09-11 07:32:47 +02:00
return response()
->json(['message' => 'Too many login attempts, you are being throttled'], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
2019-09-11 02:37:53 +02:00
if ($this->attemptLogin($request)) {
LightLogs::create(new LoginSuccess())
2020-04-30 14:33:57 +02:00
->increment()
2023-03-13 07:55:33 +01:00
->batch();
2020-04-30 14:33:57 +02:00
/** @var \App\Models\User $user */
2020-08-08 01:58:10 +02:00
$user = $this->guard()->user();
2021-05-23 10:43:50 +02:00
//2FA
if ($user->google_2fa_secret && $request->has('one_time_password')) {
2021-03-16 13:10:15 +01:00
$google2fa = new Google2FA();
if (strlen($request->input('one_time_password')) == 0 || !$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password'))) {
2021-03-16 13:10:15 +01:00
return response()
->json(['message' => ctrans('texts.invalid_one_time_password')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
2021-03-16 13:10:15 +01:00
}
} elseif ($user->google_2fa_secret && !$request->has('one_time_password')) {
return response()
2021-03-18 12:46:58 +01:00
->json(['message' => ctrans('texts.invalid_one_time_password')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
2021-03-16 13:10:15 +01:00
2021-06-24 10:42:45 +02:00
/* If for some reason we lose state on the default company ie. a company is deleted - always make sure we can default to a company*/
if (!$user->account->default_company) {
2021-06-24 10:42:45 +02:00
$account = $user->account;
$account->default_company_id = $user->companies->first()->id;
$account->save();
$user = $user->fresh();
}
2024-01-14 05:05:00 +01:00
/** @var \App\Models\CompanyUser $cu */
2022-05-05 02:14:28 +02:00
$cu = $this->hydrateCompanyUser();
2020-11-13 10:09:20 +01:00
if ($cu->count() == 0) {
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2021-06-14 09:04:15 +02:00
/*On the hosted platform, only owners can login for free/pro accounts*/
if (Ninja::isHosted() && !$cu->first()->is_owner && !$user->account->isEnterpriseClient()) {
2021-06-14 09:04:15 +02:00
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2021-06-08 10:30:54 +02:00
2021-06-20 12:35:26 +02:00
event(new UserLoggedIn($user, $user->account->default_company, Ninja::eventVars($user->id)));
2021-04-29 00:44:40 +02:00
return $this->timeConstrainedResponse($cu);
} else {
LightLogs::create(new LoginFailure())
2020-04-30 14:33:57 +02:00
->increment()
2023-03-13 07:55:33 +01:00
->batch();
2020-04-30 14:33:57 +02:00
$this->incrementLoginAttempts($request);
2019-09-11 07:32:47 +02:00
return response()
->json(['message' => ctrans('texts.invalid_credentials')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
2019-04-19 03:59:07 +02:00
}
2019-10-07 00:00:02 +02:00
/**
* Refreshes the data feed with the current Company User.
*
2020-10-28 11:10:49 +01:00
* @param Request $request
2023-05-03 02:12:06 +02:00
* @return Response|JsonResponse
2019-10-07 00:00:02 +02:00
*/
2019-09-25 13:49:43 +02:00
public function refresh(Request $request)
{
2022-03-13 11:40:29 +01:00
$truth = app()->make(TruthSource::class);
if ($truth->getCompanyToken()) {
2022-03-13 11:40:29 +01:00
$company_token = $truth->getCompanyToken();
} else {
2022-03-13 11:40:29 +01:00
$company_token = CompanyToken::where('token', $request->header('X-API-TOKEN'))->first();
}
2020-08-11 12:57:45 +02:00
$cu = CompanyUser::query()
2022-06-11 04:07:56 +02:00
->where('user_id', $company_token->user_id);
if ($cu->count() == 0) {
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2023-02-09 10:24:35 +01:00
$cu->first()->account->companies->each(function ($company) use ($cu, $request) {
if ($company->tokens()->where('is_system', true)->count() == 0) {
(new CreateCompanyToken($company, $cu->first()->user, $request->server('HTTP_USER_AGENT')))->handle();
}
});
if ($request->has('current_company') && $request->input('current_company') == 'true') {
$cu->where('company_id', $company_token->company_id);
}
if (Ninja::isHosted() && !$cu->first()->is_owner && !$cu->first()->user->account->isEnterpriseClient()) {
2021-06-14 09:04:15 +02:00
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2021-06-14 09:04:15 +02:00
2020-08-11 12:57:45 +02:00
return $this->refreshResponse($cu);
2019-09-25 13:49:43 +02:00
}
/**
* A client side authentication has taken place.
* We now digest the token and confirm authentication with
* the authentication server, the correct user object
* is returned to us here and we send back the correct
* user object payload - or error.
*
* This can be extended to a create route also - need to pass a ?create query parameter and
2019-05-23 02:25:55 +02:00
* then process the signup
*
* return User $user
*/
public function oauthApiLogin()
{
2022-06-11 04:07:56 +02:00
$message = 'Provider not supported';
if (request()->input('provider') == 'google') {
return $this->handleGoogleOauth();
2022-06-11 04:07:56 +02:00
} elseif (request()->input('provider') == 'microsoft') {
2022-06-17 03:48:17 +02:00
return $this->handleMicrosoftOauth();
} elseif (request()->input('provider') == 'apple') {
2022-07-13 08:31:48 +02:00
if (request()->has('id_token')) {
2022-07-13 08:29:45 +02:00
$token = request()->input('id_token');
return $this->handleSocialiteLogin('apple', $token);
2022-07-11 10:48:24 +02:00
} else {
$message = 'Token is missing for the apple login';
}
}
2020-05-13 11:02:38 +02:00
return response()
2022-06-11 04:07:56 +02:00
->json(['message' => $message], 400)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
private function getSocialiteUser(string $provider, string $token)
2022-06-11 04:07:56 +02:00
{
return Socialite::driver($provider)->userFromToken($token);
}
2022-06-11 04:07:56 +02:00
private function handleSocialiteLogin($provider, $token)
{
$user = $this->getSocialiteUser($provider, $token);
2023-03-13 07:55:33 +01:00
2022-06-11 04:07:56 +02:00
if ($user) {
return $this->loginOrCreateFromSocialite($user, $provider);
}
return response()
->json(['message' => ctrans('texts.invalid_credentials')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
2022-06-11 04:07:56 +02:00
private function loginOrCreateFromSocialite($user, $provider)
{
$query = [
'oauth_user_id' => $user->id,
'oauth_provider_id' => $provider,
];
2023-03-13 07:55:33 +01:00
if ($existing_user = MultiDB::hasUser($query)) {
if (!$existing_user->account) {
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2022-06-11 04:07:56 +02:00
Auth::login($existing_user, true);
2022-06-11 04:07:56 +02:00
/** @var \App\Models\CompanyUser $cu */
$cu = $this->hydrateCompanyUser();
2022-06-11 04:07:56 +02:00
if ($cu->count() == 0) {
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2022-06-11 04:07:56 +02:00
if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient()) {
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2022-06-11 04:07:56 +02:00
return $this->timeConstrainedResponse($cu);
}
//If this is a result user/email combo - lets add their OAuth details details
if ($existing_login_user = MultiDB::hasUser(['email' => $user->email])) {
if (!$existing_login_user->account) {
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2022-06-11 04:07:56 +02:00
Auth::login($existing_login_user, true);
/** @var \App\Models\User $user */
$user = auth()->user();
2022-06-11 04:07:56 +02:00
$user->update([
2022-06-11 04:07:56 +02:00
'oauth_user_id' => $user->id,
'oauth_provider_id' => $provider,
]);
2022-06-11 04:07:56 +02:00
/** @var \App\Models\CompanyUser $cu */
2022-06-11 04:07:56 +02:00
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0) {
2022-06-11 04:07:56 +02:00
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2022-06-11 04:07:56 +02:00
if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient()) {
2022-06-11 04:07:56 +02:00
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2022-06-11 04:07:56 +02:00
return $this->timeConstrainedResponse($cu);
}
2023-03-13 07:55:33 +01:00
2022-12-13 10:47:49 +01:00
nlog("socialite");
nlog($user);
$name = OAuth::splitName($user->name);
2022-06-11 04:07:56 +02:00
2023-02-16 02:36:09 +01:00
if ($provider == 'apple') {
2022-12-14 07:35:36 +01:00
$name[0] = request()->has('first_name') ? request()->input('first_name') : $name[0];
$name[1] = request()->has('last_name') ? request()->input('last_name') : $name[1];
}
$new_account = [
'first_name' => $name[0],
'last_name' => $name[1],
'password' => '',
'email' => $user->email,
'oauth_user_id' => $user->id,
'oauth_provider_id' => $provider,
];
2022-06-11 04:07:56 +02:00
MultiDB::setDefaultDatabase();
2022-06-11 04:07:56 +02:00
$account = (new CreateAccount($new_account, request()->getClientIp()))->handle();
2022-06-11 04:07:56 +02:00
Auth::login($account->default_company->owner(), true);
/** @var \App\Models\User $user */
$user = auth()->user();
$user->email_verified_at = now();
$user->save();
/** @var \App\Models\CompanyUser $cu */
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0) {
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
if (Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient()) {
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
return $this->timeConstrainedResponse($cu);
}
private function hydrateCompanyUser(): Builder
2022-05-05 02:14:28 +02:00
{
2023-05-29 07:53:36 +02:00
/** @var \App\Models\User $user */
$user = auth()->user();
$cu = CompanyUser::query()->where('user_id', $user->id);
2022-05-05 02:14:28 +02:00
if ($cu->count() == 0) {
2022-06-17 03:48:17 +02:00
return $cu;
}
2022-06-17 03:48:17 +02:00
2023-05-29 07:53:36 +02:00
if (CompanyUser::query()->where('user_id', $user->id)->where('company_id', $user->account->default_company_id)->exists()) {
$set_company = $user->account->default_company;
} else {
2023-05-29 07:53:36 +02:00
$set_company = CompanyUser::query()->where('user_id', $user->id)->first()->company;
2022-05-05 02:14:28 +02:00
}
$user->setCompany($set_company);
2022-05-05 02:14:28 +02:00
$this->setLoginCache($user);
2022-05-05 02:14:28 +02:00
$truth = app()->make(TruthSource::class);
$truth->setCompanyUser($cu->first());
$truth->setUser($user);
2022-05-05 02:14:28 +02:00
$truth->setCompany($set_company);
2023-05-29 07:53:36 +02:00
$user->account->companies->each(function ($company) use ($user) {
if ($company->tokens()->where('is_system', true)->count() == 0) {
2023-05-29 07:53:36 +02:00
(new CreateCompanyToken($company, $user, request()->server('HTTP_USER_AGENT')))->handle();
}
});
2022-05-05 02:14:28 +02:00
2023-05-29 07:53:36 +02:00
$truth->setCompanyToken(CompanyToken::where('user_id', $user->id)->where('company_id', $set_company->id)->first());
2022-05-05 02:14:28 +02:00
2023-05-29 07:53:36 +02:00
return CompanyUser::query()->where('user_id', $user->id);
2022-05-05 02:14:28 +02:00
}
2022-06-17 03:48:17 +02:00
private function handleMicrosoftOauth()
{
2023-02-16 02:36:09 +01:00
if (request()->has('accessToken')) {
2022-06-17 03:48:17 +02:00
$accessToken = request()->input('accessToken');
2023-02-16 02:36:09 +01:00
} elseif (request()->has('access_token')) {
2022-06-22 03:47:14 +02:00
$accessToken = request()->input('access_token');
2023-02-16 02:36:09 +01:00
} else {
2022-06-22 12:55:14 +02:00
return response()->json(['message' => 'Invalid response from oauth server, no access token in response.'], 400);
2023-02-16 02:36:09 +01:00
}
2022-06-17 03:48:17 +02:00
2022-06-17 04:52:08 +02:00
$graph = new \Microsoft\Graph\Graph();
2022-06-17 03:48:17 +02:00
$graph->setAccessToken($accessToken);
$user = $graph->createRequest('GET', '/me')
->setReturnType(Model\User::class)
->execute();
2022-06-17 03:48:17 +02:00
2023-09-24 05:07:32 +02:00
nlog($user);
2023-09-20 04:23:02 +02:00
if ($user) {
2022-06-17 04:52:08 +02:00
$account = request()->input('account');
2023-09-21 00:44:53 +02:00
$email = $user->getUserPrincipalName() ?? false;
2022-06-17 04:52:08 +02:00
$query = [
2022-06-17 08:46:33 +02:00
'oauth_user_id' => $user->getId(),
'oauth_provider_id' => 'microsoft',
2022-06-17 04:52:08 +02:00
];
if ($existing_user = MultiDB::hasUser($query)) {
if (!$existing_user->account) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2022-06-17 04:52:08 +02:00
return $this->existingOauthUser($existing_user);
}
2023-09-21 00:44:53 +02:00
// If this is a result user/email combo - lets add their OAuth details details
if ($email && $existing_login_user = MultiDB::hasUser(['email' => $email])) {
if (!$existing_login_user->account) {
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2022-06-17 04:52:08 +02:00
2023-09-21 00:44:53 +02:00
Auth::login($existing_login_user, true);
2022-06-17 04:52:08 +02:00
2023-09-21 00:44:53 +02:00
return $this->existingLoginUser($user->getId(), 'microsoft');
}
2023-03-13 07:55:33 +01:00
2022-06-17 04:52:08 +02:00
// Signup!
2023-03-13 07:55:33 +01:00
if (request()->has('create') && request()->input('create') == 'true') {
$new_account = [
'first_name' => $user->getGivenName() ?: '',
'last_name' => $user->getSurname() ?: '',
'password' => '',
'email' => $email,
'oauth_user_id' => $user->getId(),
'oauth_provider_id' => 'microsoft',
];
return $this->createNewAccount($new_account);
}
2022-06-17 04:52:08 +02:00
2023-03-13 07:55:33 +01:00
return response()->json(['message' => 'User not found. If you believe this is an error, please send an email to contact@invoiceninja.com'], 400);
2022-06-17 04:52:08 +02:00
}
2022-07-15 09:41:30 +02:00
2022-06-22 12:55:14 +02:00
return response()->json(['message' => 'Unable to authenticate this user'], 400);
2022-06-17 04:52:08 +02:00
}
/**
* send login response to oauthed users
*
* @param \App\Models\User $existing_user
* @return Response | JsonResponse
*/
2022-06-17 04:52:08 +02:00
private function existingOauthUser($existing_user)
{
Auth::login($existing_user, true);
/** @var \App\Models\CompanyUser $cu */
2022-06-17 04:52:08 +02:00
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2022-06-17 04:52:08 +02:00
if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient()) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2022-06-17 04:52:08 +02:00
return $this->timeConstrainedResponse($cu);
}
private function existingLoginUser($oauth_user_id, $provider)
{
/** @var \App\Models\User $user */
$user = auth()->user();
$user->update([
2022-06-17 04:52:08 +02:00
'oauth_user_id' => $oauth_user_id,
'oauth_provider_id' => $provider,
]);
2022-06-17 04:52:08 +02:00
/** @var \App\Models\CompanyUser $cu */
2022-06-17 04:52:08 +02:00
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2022-06-17 04:52:08 +02:00
if (Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient()) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2022-06-17 04:52:08 +02:00
return $this->timeConstrainedResponse($cu);
2022-06-17 03:48:17 +02:00
}
private function handleGoogleOauth()
{
$user = false;
$google = new Google();
2023-02-16 02:36:09 +01:00
if (request()->has('id_token')) {
2022-10-26 08:15:52 +02:00
$user = $google->getTokenResponse(request()->input('id_token'));
2023-11-26 08:41:42 +01:00
} elseif(request()->has('access_token')) {
$user = $google->harvestUser(request()->input('access_token'));
2023-11-26 08:41:42 +01:00
} else {
2022-10-26 08:15:52 +02:00
return response()->json(['message' => 'Illegal request'], 403);
2023-02-16 02:36:09 +01:00
}
if (is_array($user)) {
$query = [
2020-05-13 07:40:55 +02:00
'oauth_user_id' => $google->harvestSubField($user),
'oauth_provider_id' => 'google',
];
if ($existing_user = MultiDB::hasUser($query)) {
if (!$existing_user->account) {
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2022-06-17 04:52:08 +02:00
return $this->existingOauthUser($existing_user);
}
2021-05-22 06:45:09 +02:00
//If this is a result user/email combo - lets add their OAuth details details
if ($existing_login_user = MultiDB::hasUser(['email' => $google->harvestEmail($user)])) {
if (!$existing_login_user->account) {
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2021-05-22 06:45:09 +02:00
Auth::login($existing_login_user, true);
2022-06-17 04:52:08 +02:00
return $this->existingLoginUser($google->harvestSubField($user), 'google');
2021-05-22 06:45:09 +02:00
}
}
2020-05-13 08:20:05 +02:00
if ($user) {
2021-05-23 23:23:30 +02:00
//check the user doesn't already exist in some form
if ($existing_login_user = MultiDB::hasUser(['email' => $google->harvestEmail($user)])) {
if (!$existing_login_user->account) {
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
}
2022-06-11 04:07:56 +02:00
2021-05-23 23:23:30 +02:00
Auth::login($existing_login_user, true);
2022-06-17 04:52:08 +02:00
return $this->existingLoginUser($google->harvestSubField($user), 'google');
2021-05-23 23:23:30 +02:00
}
2023-03-13 07:55:33 +01:00
if (request()->has('create') && request()->input('create') == 'true') {
//user not found anywhere - lets sign them up.
$name = OAuth::splitName($google->harvestName($user));
2023-03-13 07:55:33 +01:00
$new_account = [
'first_name' => $name[0],
'last_name' => $name[1],
'password' => '',
'email' => $google->harvestEmail($user),
'oauth_user_id' => $google->harvestSubField($user),
'oauth_provider_id' => 'google',
];
return $this->createNewAccount($new_account);
}
2023-03-13 07:55:33 +01:00
return response()->json(['message' => 'User not found. If you believe this is an error, please send an email to contact@invoiceninja.com'], 400);
2022-06-17 04:52:08 +02:00
}
return response()
->json(['message' => ctrans('texts.invalid_credentials')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
2022-06-17 04:52:08 +02:00
}
private function createNewAccount($new_account)
{
MultiDB::setDefaultDatabase();
$account = (new CreateAccount($new_account, request()->getClientIp()))->handle();
if (!$account instanceof Account) {
2022-06-17 04:52:08 +02:00
return $account;
}
2021-05-05 08:44:31 +02:00
2022-06-17 04:52:08 +02:00
Auth::login($account->default_company->owner(), true);
/** @var \App\Models\User $user */
$user = auth()->user();
$user->email_verified_at = now();
$user->save();
/** @var \App\Models\CompanyUser $cu */
2022-06-17 04:52:08 +02:00
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
}
2021-06-14 09:04:15 +02:00
if (Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient()) {
2022-06-17 04:52:08 +02:00
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
}
2022-06-17 04:52:08 +02:00
return $this->timeConstrainedResponse($cu);
}
2021-05-24 11:39:21 +02:00
public function redirectToProvider(string $provider)
{
$scopes = [];
2021-06-10 09:17:02 +02:00
$parameters = [];
if ($provider == 'google') {
$scopes = ['https://www.googleapis.com/auth/gmail.send', 'email', 'profile', 'openid'];
$parameters = ['access_type' => 'offline', 'prompt' => 'consent select_account', 'redirect_uri' => config('ninja.app_url') . '/auth/google'];
2021-05-24 11:39:21 +02:00
}
2023-02-16 02:36:09 +01:00
if ($provider == 'microsoft') {
2022-06-24 12:41:18 +02:00
$scopes = ['email', 'Mail.Send', 'offline_access', 'profile', 'User.Read openid'];
2023-03-13 07:55:33 +01:00
$parameters = ['response_type' => 'code', 'redirect_uri' => config('ninja.app_url') . "/auth/microsoft"];
2022-06-17 07:42:14 +02:00
}
2023-09-24 05:07:32 +02:00
if(request()->hasHeader('X-REACT') || request()->query('react')) {
Cache::put("react_redir:".auth()->user()?->account->key, 'true', 300);
2023-09-24 05:07:32 +02:00
}
2021-05-24 11:39:21 +02:00
if (request()->has('code')) {
return $this->handleProviderCallback($provider);
} else {
if (!in_array($provider, ['google', 'microsoft'])) {
return abort(400, 'Invalid provider');
}
2021-06-10 09:17:02 +02:00
return Socialite::driver($provider)->with($parameters)->scopes($scopes)->redirect();
2021-05-24 11:39:21 +02:00
}
}
public function handleProviderCallback(string $provider)
{
if ($provider == 'microsoft') {
2022-06-17 07:42:14 +02:00
return $this->handleMicrosoftProviderCallback();
}
2022-06-17 07:42:14 +02:00
2021-06-10 09:17:02 +02:00
$socialite_user = Socialite::driver($provider)->user();
$oauth_user_token = '';
if ($socialite_user->refreshToken) {
$client = new Google_Client();
$client->setClientId(config('ninja.auth.google.client_id'));
$client->setClientSecret(config('ninja.auth.google.client_secret'));
$client->fetchAccessTokenWithRefreshToken($socialite_user->refreshToken);
$oauth_user_token = $client->getAccessToken();
}
2021-05-24 11:39:21 +02:00
if ($user = OAuth::handleAuth($socialite_user, $provider)) {
2021-06-01 09:24:51 +02:00
nlog('found user and updating their user record');
2021-06-10 07:06:28 +02:00
$name = OAuth::splitName($socialite_user->getName());
2021-05-24 11:39:21 +02:00
2021-06-01 07:24:47 +02:00
$update_user = [
'first_name' => $name[0],
'last_name' => $name[1],
'email' => $socialite_user->getEmail(),
'oauth_user_id' => $socialite_user->getId(),
2021-06-01 08:06:00 +02:00
'oauth_provider_id' => $provider,
2021-06-01 07:24:47 +02:00
];
2021-05-24 11:39:21 +02:00
2021-06-01 09:24:51 +02:00
$user->update($update_user);
$user->oauth_user_token = $oauth_user_token;
$user->oauth_user_refresh_token = $socialite_user->refreshToken;
$user->save();
} else {
nlog('user not found for oauth');
2021-06-01 07:24:47 +02:00
}
2021-05-24 11:39:21 +02:00
$redirect_url = '/#/';
2023-05-29 04:54:41 +02:00
$request_from_react = Cache::pull("react_redir:".auth()->user()?->account?->key);
2023-06-30 08:29:10 +02:00
// if($request_from_react)
2023-09-24 05:07:32 +02:00
$redirect_url = config('ninja.react_url')."/#/settings/user_details/connect";
return redirect($redirect_url);
2021-05-24 11:39:21 +02:00
}
2022-06-17 07:42:14 +02:00
public function handleMicrosoftProviderCallback($provider = 'microsoft')
{
$socialite_user = Socialite::driver($provider)->user();
2022-06-17 08:14:52 +02:00
$oauth_user_token = $socialite_user->accessTokenResponseBody['access_token'];
2022-06-17 07:42:14 +02:00
2022-06-22 11:15:31 +02:00
$oauth_expiry = now()->addSeconds($socialite_user->accessTokenResponseBody['expires_in']) ?: now()->addSeconds(300);
2023-02-16 02:36:09 +01:00
if ($user = OAuth::handleAuth($socialite_user, $provider)) {
2022-06-17 07:42:14 +02:00
nlog('found user and updating their user record');
$name = OAuth::splitName($socialite_user->getName());
$update_user = [
'first_name' => $name[0],
'last_name' => $name[1],
'email' => $socialite_user->getEmail(),
'oauth_user_id' => $socialite_user->getId(),
'oauth_provider_id' => $provider,
2022-06-22 11:15:31 +02:00
'oauth_user_token_expiry' => $oauth_expiry,
2022-06-17 07:42:14 +02:00
];
$user->update($update_user);
$user->oauth_user_refresh_token = $socialite_user->accessTokenResponseBody['refresh_token'];
$user->oauth_user_token = $oauth_user_token;
$user->save();
} else {
nlog('user not found for oauth');
2022-06-17 07:42:14 +02:00
}
2023-06-30 08:30:37 +02:00
$redirect_url = config('ninja.react_url')."/#/settings/user_details/connect";
return redirect($redirect_url);
// return redirect('/#/');
2022-06-17 07:42:14 +02:00
}
2018-10-04 19:10:43 +02:00
}