2021-02-21 22:27:00 +01:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Invoice Ninja (https://invoiceninja.com).
|
|
|
|
*
|
|
|
|
* @link https://github.com/invoiceninja/invoiceninja source repository
|
|
|
|
*
|
2024-04-12 06:15:41 +02:00
|
|
|
* @copyright Copyright (c) 2024. Invoice Ninja LLC (https://invoiceninja.com)
|
2021-02-21 22:27:00 +01:00
|
|
|
*
|
2021-06-16 08:58:16 +02:00
|
|
|
* @license https://www.elastic.co/licensing/elastic-license
|
2021-02-21 22:27:00 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
|
|
|
|
use App\Libraries\MultiDB;
|
|
|
|
use App\Libraries\OAuth\Providers\Google;
|
2021-03-21 23:02:22 +01:00
|
|
|
use App\Models\User;
|
|
|
|
use App\Transformers\UserTransformer;
|
2021-05-23 23:23:30 +02:00
|
|
|
use App\Utils\Traits\User\LoginCache;
|
2021-03-08 23:55:31 +01:00
|
|
|
use Google_Client;
|
2021-03-09 23:56:59 +01:00
|
|
|
use Illuminate\Http\Request;
|
2021-03-22 11:55:09 +01:00
|
|
|
use Illuminate\Support\Facades\Cache;
|
2022-06-26 05:27:32 +02:00
|
|
|
use Microsoft\Graph\Model;
|
2021-02-21 22:27:00 +01:00
|
|
|
|
|
|
|
class ConnectedAccountController extends BaseController
|
|
|
|
{
|
2021-05-23 23:23:30 +02:00
|
|
|
use LoginCache;
|
2021-02-21 22:27:00 +01:00
|
|
|
|
2021-03-20 01:54:47 +01:00
|
|
|
protected $entity_type = User::class;
|
2021-03-09 23:56:59 +01:00
|
|
|
|
2021-03-20 01:54:47 +01:00
|
|
|
protected $entity_transformer = UserTransformer::class;
|
2022-06-21 11:57:17 +02:00
|
|
|
|
2021-02-21 22:27:00 +01:00
|
|
|
public function __construct()
|
|
|
|
{
|
|
|
|
parent::__construct();
|
|
|
|
}
|
|
|
|
|
2021-02-22 01:18:52 +01:00
|
|
|
/**
|
|
|
|
* Connect an OAuth account to a regular email/password combination account
|
2021-02-21 22:27:00 +01:00
|
|
|
*
|
|
|
|
* @param Request $request
|
2023-07-26 04:59:36 +02:00
|
|
|
* @return \Illuminate\Http\JsonResponse
|
2021-02-21 22:27:00 +01:00
|
|
|
*
|
|
|
|
*
|
|
|
|
* @OA\Post(
|
|
|
|
* path="/api/v1/connected_account",
|
|
|
|
* operationId="connected_account",
|
|
|
|
* tags={"connected_account"},
|
|
|
|
* summary="Connect an oauth user to an existing user",
|
|
|
|
* description="Refreshes the dataset",
|
2023-02-10 10:21:10 +01:00
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-API-TOKEN"),
|
2021-02-21 22:27:00 +01:00
|
|
|
* @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/include"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/include_static"),
|
|
|
|
* @OA\Parameter(ref="#/components/parameters/clear_cache"),
|
|
|
|
* @OA\Response(
|
|
|
|
* response=200,
|
|
|
|
* description="The Company User response",
|
|
|
|
* @OA\Header(header="X-MINIMUM-CLIENT-VERSION", ref="#/components/headers/X-MINIMUM-CLIENT-VERSION"),
|
|
|
|
* @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
|
|
|
|
* @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/User"),
|
|
|
|
* ),
|
|
|
|
* @OA\Response(
|
|
|
|
* response=422,
|
|
|
|
* description="Validation error",
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/ValidationError"),
|
|
|
|
* ),
|
|
|
|
* @OA\Response(
|
|
|
|
* response="default",
|
|
|
|
* description="Unexpected Error",
|
|
|
|
* @OA\JsonContent(ref="#/components/schemas/Error"),
|
|
|
|
* ),
|
|
|
|
* )
|
|
|
|
*/
|
|
|
|
public function index(Request $request)
|
|
|
|
{
|
|
|
|
if ($request->input('provider') == 'google') {
|
|
|
|
return $this->handleGoogleOauth();
|
|
|
|
}
|
|
|
|
|
2022-06-25 00:46:27 +02:00
|
|
|
if ($request->input('provider') == 'microsoft') {
|
|
|
|
return $this->handleMicrosoftOauth($request);
|
|
|
|
}
|
|
|
|
|
2021-02-21 22:27:00 +01:00
|
|
|
return response()
|
|
|
|
->json(['message' => 'Provider not supported'], 400)
|
|
|
|
->header('X-App-Version', config('ninja.app_version'))
|
|
|
|
->header('X-Api-Version', config('ninja.minimum_client_version'));
|
|
|
|
}
|
|
|
|
|
2022-06-25 00:46:27 +02:00
|
|
|
private function handleMicrosoftOauth($request)
|
|
|
|
{
|
2023-06-30 06:30:27 +02:00
|
|
|
$access_token = false;
|
|
|
|
$access_token = $request->has('access_token') ? $request->input('access_token') : $request->input('accessToken');
|
2022-06-25 00:49:12 +02:00
|
|
|
|
2023-06-30 06:30:27 +02:00
|
|
|
if (!$access_token) {
|
2022-06-25 00:49:12 +02:00
|
|
|
return response()->json(['message' => 'No access_token parameter found!'], 400);
|
2023-02-16 02:36:09 +01:00
|
|
|
}
|
2022-06-25 00:46:27 +02:00
|
|
|
|
|
|
|
$graph = new \Microsoft\Graph\Graph();
|
2023-06-30 06:30:27 +02:00
|
|
|
$graph->setAccessToken($access_token);
|
2022-06-25 00:46:27 +02:00
|
|
|
|
|
|
|
$user = $graph->createRequest("GET", "/me")
|
|
|
|
->setReturnType(Model\User::class)
|
|
|
|
->execute();
|
|
|
|
|
2023-02-16 02:36:09 +01:00
|
|
|
if ($user) {
|
2023-09-21 00:44:53 +02:00
|
|
|
$email = $user->getUserPrincipalName() ?? false;
|
2022-06-25 00:46:27 +02:00
|
|
|
|
2022-11-08 07:20:39 +01:00
|
|
|
nlog("microsoft");
|
|
|
|
nlog($email);
|
|
|
|
|
2023-02-16 02:36:09 +01:00
|
|
|
if (auth()->user()->email != $email && MultiDB::checkUserEmailExists($email)) {
|
2022-06-25 00:46:27 +02:00
|
|
|
return response()->json(['message' => ctrans('texts.email_already_register')], 400);
|
2023-02-16 02:36:09 +01:00
|
|
|
}
|
2022-06-25 00:46:27 +02:00
|
|
|
|
|
|
|
$connected_account = [
|
|
|
|
'email' => $email,
|
|
|
|
'oauth_user_id' => $user->getId(),
|
|
|
|
'oauth_provider_id' => 'microsoft',
|
2024-01-14 05:05:00 +01:00
|
|
|
'email_verified_at' => now()
|
2022-06-25 00:46:27 +02:00
|
|
|
];
|
|
|
|
|
2024-02-13 05:25:18 +01:00
|
|
|
|
2024-01-14 05:51:31 +01:00
|
|
|
/** @var \App\Models\User $user */
|
|
|
|
$user = auth()->user();
|
|
|
|
|
|
|
|
$user->update($connected_account);
|
|
|
|
$user->email_verified_at = now();
|
|
|
|
$user->save();
|
2024-01-14 05:05:00 +01:00
|
|
|
|
2022-06-25 00:46:27 +02:00
|
|
|
$this->setLoginCache(auth()->user());
|
2024-01-14 05:05:00 +01:00
|
|
|
|
2022-06-25 00:46:27 +02:00
|
|
|
return $this->itemResponse(auth()->user());
|
|
|
|
}
|
|
|
|
|
|
|
|
return response()
|
|
|
|
->json(['message' => ctrans('texts.invalid_credentials')], 401)
|
|
|
|
->header('X-App-Version', config('ninja.app_version'))
|
|
|
|
->header('X-Api-Version', config('ninja.minimum_client_version'));
|
|
|
|
}
|
|
|
|
|
2021-02-21 22:27:00 +01:00
|
|
|
private function handleGoogleOauth()
|
|
|
|
{
|
|
|
|
$user = false;
|
|
|
|
|
|
|
|
$google = new Google();
|
|
|
|
|
2021-03-16 12:33:48 +01:00
|
|
|
$user = $google->getTokenResponse(request()->input('id_token'));
|
2021-02-21 22:27:00 +01:00
|
|
|
|
|
|
|
if ($user) {
|
|
|
|
$client = new Google_Client();
|
|
|
|
$client->setClientId(config('ninja.auth.google.client_id'));
|
|
|
|
$client->setClientSecret(config('ninja.auth.google.client_secret'));
|
|
|
|
$client->setRedirectUri(config('ninja.app_url'));
|
2021-03-21 22:06:26 +01:00
|
|
|
$refresh_token = '';
|
|
|
|
$token = '';
|
|
|
|
|
2021-07-27 00:33:44 +02:00
|
|
|
$email = $google->harvestEmail($user);
|
|
|
|
|
2022-06-21 11:57:17 +02:00
|
|
|
if (auth()->user()->email != $email && MultiDB::checkUserEmailExists($email)) {
|
2021-07-28 00:01:26 +02:00
|
|
|
return response()->json(['message' => ctrans('texts.email_already_register')], 400);
|
2022-06-21 11:57:17 +02:00
|
|
|
}
|
2021-07-27 00:33:44 +02:00
|
|
|
|
2021-03-21 22:06:26 +01:00
|
|
|
$connected_account = [
|
2021-07-27 00:33:44 +02:00
|
|
|
'email' => $email,
|
2021-03-21 22:06:26 +01:00
|
|
|
'oauth_user_id' => $google->harvestSubField($user),
|
|
|
|
'oauth_provider_id' => 'google',
|
2024-01-14 05:05:00 +01:00
|
|
|
'email_verified_at' => now(),
|
2021-03-21 22:06:26 +01:00
|
|
|
];
|
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
2022-06-21 11:57:17 +02:00
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
$logged_in_user->update($connected_account);
|
|
|
|
$logged_in_user->email_verified_at = now();
|
|
|
|
$logged_in_user->save();
|
2021-03-21 22:06:26 +01:00
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
$this->setLoginCache($logged_in_user);
|
|
|
|
|
|
|
|
return $this->itemResponse($logged_in_user);
|
2021-03-21 22:06:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return response()
|
|
|
|
->json(['message' => ctrans('texts.invalid_credentials')], 401)
|
|
|
|
->header('X-App-Version', config('ninja.app_version'))
|
|
|
|
->header('X-Api-Version', config('ninja.minimum_client_version'));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function handleGmailOauth(Request $request)
|
|
|
|
{
|
|
|
|
$user = false;
|
|
|
|
|
|
|
|
$google = new Google();
|
|
|
|
|
|
|
|
$user = $google->getTokenResponse($request->input('id_token'));
|
|
|
|
|
|
|
|
if ($user) {
|
|
|
|
$client = new Google_Client();
|
|
|
|
$client->setClientId(config('ninja.auth.google.client_id'));
|
|
|
|
$client->setClientSecret(config('ninja.auth.google.client_secret'));
|
|
|
|
$client->setRedirectUri(config('ninja.app_url'));
|
|
|
|
$token = $client->authenticate($request->input('server_auth_code'));
|
2021-02-21 22:27:00 +01:00
|
|
|
|
|
|
|
$refresh_token = '';
|
|
|
|
|
|
|
|
if (array_key_exists('refresh_token', $token)) {
|
|
|
|
$refresh_token = $token['refresh_token'];
|
|
|
|
}
|
|
|
|
|
|
|
|
$connected_account = [
|
|
|
|
'email' => $google->harvestEmail($user),
|
|
|
|
'oauth_user_id' => $google->harvestSubField($user),
|
2023-04-25 00:31:24 +02:00
|
|
|
// 'oauth_user_token' => $token,
|
|
|
|
// 'oauth_user_refresh_token' => $refresh_token,
|
2021-02-21 22:27:00 +01:00
|
|
|
'oauth_provider_id' => 'google',
|
2023-04-25 00:31:24 +02:00
|
|
|
// 'email_verified_at' =>now(),
|
2021-02-21 22:27:00 +01:00
|
|
|
];
|
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
if ($logged_in_user->email != $google->harvestEmail($user)) {
|
2021-05-20 11:50:11 +02:00
|
|
|
return response()->json(['message' => 'Primary Email differs to OAuth email. Emails must match.'], 400);
|
2022-06-21 11:57:17 +02:00
|
|
|
}
|
2021-05-20 11:50:11 +02:00
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
$logged_in_user->update($connected_account);
|
|
|
|
$logged_in_user->email_verified_at = now();
|
|
|
|
$logged_in_user->oauth_user_token = $token;
|
|
|
|
$logged_in_user->oauth_user_refresh_token = $refresh_token;
|
|
|
|
$logged_in_user->save();
|
2022-06-21 11:57:17 +02:00
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
$this->activateGmail($logged_in_user);
|
2021-03-23 07:19:06 +01:00
|
|
|
|
2024-02-16 03:38:22 +01:00
|
|
|
return $this->itemResponse($logged_in_user);
|
2021-02-21 22:27:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return response()
|
|
|
|
->json(['message' => ctrans('texts.invalid_credentials')], 401)
|
|
|
|
->header('X-App-Version', config('ninja.app_version'))
|
|
|
|
->header('X-Api-Version', config('ninja.minimum_client_version'));
|
|
|
|
}
|
2021-03-23 07:19:06 +01:00
|
|
|
|
|
|
|
private function activateGmail(User $user)
|
|
|
|
{
|
|
|
|
$company = $user->company();
|
|
|
|
$settings = $company->settings;
|
|
|
|
|
2022-06-21 11:57:17 +02:00
|
|
|
if ($settings->email_sending_method == 'default') {
|
2021-03-23 07:19:06 +01:00
|
|
|
$settings->email_sending_method = 'gmail';
|
2022-06-21 11:57:17 +02:00
|
|
|
$settings->gmail_sending_user_id = (string) $user->hashed_id;
|
2021-03-23 07:19:06 +01:00
|
|
|
|
|
|
|
$company->settings = $settings;
|
|
|
|
$company->save();
|
2022-06-21 11:57:17 +02:00
|
|
|
}
|
2021-03-23 07:19:06 +01:00
|
|
|
}
|
2021-02-21 22:27:00 +01:00
|
|
|
}
|