invoiceninja/app/Http/Middleware/Authenticate.php

<?php namespace App\Http\Middleware;

use Closure;
use Auth;
use Session;
use App\Models\Invitation;
use App\Models\Contact;
use App\Models\Account;

class Authenticate {
	/**
	 * Handle an incoming request.
	 *
	 * @param  \Illuminate\Http\Request  $request
	 * @param  \Closure  $next
	 * @return mixed
	 */
	public function handle($request, Closure $next, $guard = 'user')
	{
		$authenticated = Auth::guard($guard)->check();
		
		if($guard == 'client' && !empty($request->invitation_key)){
			$old_key = session('invitation_key');
			if($old_key && $old_key != $request->invitation_key){
				if($this->getInvitationContactId($old_key) != $this->getInvitationContactId($request->invitation_key)){
					// This is a different client; reauthenticate
					$authenticated = false;
					Auth::guard($guard)->logout();
				}
			}					
			Session::put('invitation_key', $request->invitation_key);					
		}
		
		if($guard=='client'){
			$invitation_key = session('invitation_key');
			$account_id = $this->getInvitationAccountId($invitation_key);
			
			if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account_id){
				// This is an admin; let them pretend to be a client
				$authenticated = true;
			}
			
			// Does this account require portal passwords?
			$account = Account::whereId($account_id)->first();
			if(!$account->enable_portal_password || !$account->isPro()){
				$authenticated = true;
			}
			
			if(!$authenticated){
				$contact = Contact::whereId($this->getInvitationContactId($invitation_key))->first();
				if($contact && !$contact->password){
					$authenticated = true;
				}
			}
		}
		
		if (!$authenticated)
		{
			if ($request->ajax())
			{
				return response('Unauthorized.', 401);
			}
			else
			{
				return redirect()->guest($guard=='client'?'/client/login':'/login');
			}
		}

		return $next($request);
	}
	
	protected function getInvitation($key){
		$invitation = Invitation::where('invitation_key', '=', $key)->first();
		if ($invitation && !$invitation->is_deleted) {
			return $invitation;
		}
		else return null;
	}
	
	protected function getInvitationContactId($key){
		$invitation = $this->getInvitation($key);
		
		return $invitation?$invitation->contact_id:null;
	}
	
	protected function getInvitationAccountId($key){
		$invitation = $this->getInvitation($key);
		
		return $invitation?$invitation->account_id:null;
	}
}
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`<?php namespace App\Http\Middleware;`

			`use Closure;`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`use Auth;`
			`use Session;`
			`use App\Models\Invitation;`
			`use App\Models\Contact;`
			`use App\Models\Account;`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00
			`class Authenticate {`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*/`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`public function handle($request, Closure $next, $guard = 'user')`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`{`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`$authenticated = Auth::guard($guard)->check();`

			`if($guard == 'client' && !empty($request->invitation_key)){`
			`$old_key = session('invitation_key');`
			`if($old_key && $old_key != $request->invitation_key){`
			`if($this->getInvitationContactId($old_key) != $this->getInvitationContactId($request->invitation_key)){`
			`// This is a different client; reauthenticate`
			`$authenticated = false;`
			`Auth::guard($guard)->logout();`
			`}`
			`}`
			`Session::put('invitation_key', $request->invitation_key);`
			`}`

			`if($guard=='client'){`
Restrict admin viewing of invoices to invoices in the same account 2016-03-08 02:25:43 +01:00			`$invitation_key = session('invitation_key');`
			`$account_id = $this->getInvitationAccountId($invitation_key);`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00
Restrict admin viewing of invoices to invoices in the same account 2016-03-08 02:25:43 +01:00			`if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account_id){`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`// This is an admin; let them pretend to be a client`
			`$authenticated = true;`
			`}`

			`// Does this account require portal passwords?`
Restrict admin viewing of invoices to invoices in the same account 2016-03-08 02:25:43 +01:00			`$account = Account::whereId($account_id)->first();`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`if(!$account->enable_portal_password \|\| !$account->isPro()){`
			`$authenticated = true;`
			`}`

			`if(!$authenticated){`
			`$contact = Contact::whereId($this->getInvitationContactId($invitation_key))->first();`
			`if($contact && !$contact->password){`
			`$authenticated = true;`
			`}`
			`}`
			`}`

			`if (!$authenticated)`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`{`
			`if ($request->ajax())`
			`{`
			`return response('Unauthorized.', 401);`
			`}`
			`else`
			`{`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00			`return redirect()->guest($guard=='client'?'/client/login':'/login');`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`}`
			`}`

			`return $next($request);`
			`}`
Finalize basic client portal password support 2016-03-05 04:22:54 +01:00
			`protected function getInvitation($key){`
			`$invitation = Invitation::where('invitation_key', '=', $key)->first();`
			`if ($invitation && !$invitation->is_deleted) {`
			`return $invitation;`
			`}`
			`else return null;`
			`}`

			`protected function getInvitationContactId($key){`
			`$invitation = $this->getInvitation($key);`

			`return $invitation?$invitation->contact_id:null;`
			`}`

			`protected function getInvitationAccountId($key){`
			`$invitation = $this->getInvitation($key);`

			`return $invitation?$invitation->account_id:null;`
			`}`
Bring in Laravel5 framework. 2015-03-12 01:44:39 +01:00			`}`