invoiceninja/app/Http/Controllers/ClientPortal/EntityViewController.php

<?php

namespace App\Http\Controllers\ClientPortal;

use App\Http\Controllers\Controller;
use App\Models\Invoice;
use App\Utils\Traits\MakesHash;
use Illuminate\Support\Facades\Hash;

class EntityViewController extends Controller
{
    use MakesHash;

    /**
     * Available options for viewing.
     *
     * @var array
     */
    private $entity_types = ['invoice', 'quote'];

    /**
     * Show the entity outside client portal.
     *
     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
     */
    public function index(string $entity_type, string $invitation_key)
    {
        if (! in_array($entity_type, $this->entity_types)) {
            abort(404);
        }

        $invitation_entity = sprintf('App\\Models\\%sInvitation', ucfirst($entity_type));

        $key = $entity_type.'_id';

        $invitation = $invitation_entity::whereRaw('BINARY `key`= ?', [$invitation_key])
                                        ->with('contact.client')
                                        ->firstOrFail();

        $contact = $invitation->contact;
        $client = $contact->client;
        $entity = $invitation->{$entity_type};

        if (is_null($contact->password) || empty($contact->password)) {
            return redirect("/client/password/reset?email={$contact->email}");
        }

        if ((bool) $invitation->contact->client->getSetting('enable_client_portal_password') !== false) {
            session()->flash("{$entity_type}_VIEW_{$entity->hashed_id}", true);
        }

        if (! session("{$entity_type}_VIEW_{$entity->hashed_id}")) {
            return redirect()->route('client.entity_view.password', compact('entity_type', 'invitation_key'));
        }

        return $this->render('view_entity.index', [
            'root' => 'themes',
            'entity' => $entity,
        ]);
    }

    /**
     * Show the form for entering password.
     *
     * @param string $entity_type
     * @param string $invitation_key
     *
     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
     */
    public function password(string $entity_type, string $invitation_key)
    {
        return $this->render('view_entity.password', [
            'root' => 'themes',
            'entity_type' => $entity_type,
        ]);
    }

    /**`
     * Handle the password check.
     *
     * @param string $entity_type
     * @param string $invitation_key
     *
     * @return \Illuminate\Routing\Redirector|\Illuminate\Http\RedirectResponse|mixed
     */
    public function handlePassword(string $entity_type, string $invitation_key)
    {
        if (! in_array($entity_type, $this->entity_types)) {
            abort(404);
        }

        $invitation_entity = sprintf('App\\Models\\%sInvitation', ucfirst($entity_type));

        $key = $entity_type.'_id';

        $invitation = $invitation_entity::whereRaw('BINARY `key`= ?', [$invitation_key])->firstOrFail();

        $contact = $invitation->contact;

        $check = Hash::check(request()->password, $contact->password);

        $entity_class = sprintf('App\\Models\\%s', ucfirst($entity_type));

        $entity = $entity_class::findOrFail($invitation->{$key});

        if ($check) {
            session()->flash("{$entity_type}_VIEW_{$entity->hashed_id}", true);

            return redirect()->route('client.entity_view', compact('entity_type', 'invitation_key'));
        }

        session()->flash('PASSWORD_FAILED', true);

        return back();
    }
}
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00			`<?php`

			`namespace App\Http\Controllers\ClientPortal;`

			`use App\Http\Controllers\Controller;`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`use App\Models\Invoice;`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00			`use App\Utils\Traits\MakesHash;`
			`use Illuminate\Support\Facades\Hash;`

			`class EntityViewController extends Controller`
			`{`
			`use MakesHash;`

			`/**`
			`* Available options for viewing.`
			`*`
			`* @var array`
			`*/`
			`private $entity_types = ['invoice', 'quote'];`

			`/**`
			`* Show the entity outside client portal.`
			`*`
			`* @return \Illuminate\Contracts\View\Factory\|\Illuminate\View\View`
			`*/`
			`public function index(string $entity_type, string $invitation_key)`
			`{`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! in_array($entity_type, $this->entity_types)) {`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00			`abort(404);`
			`}`

			`$invitation_entity = sprintf('App\\Models\\%sInvitation', ucfirst($entity_type));`

Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`$key = $entity_type.'_id';`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00
Allow circumvention of client portal passwords using designated hash 2020-09-07 06:49:57 +02:00			$invitation = $invitation_entity::whereRaw('BINARY `key`= ?', [$invitation_key])
			`->with('contact.client')`
			`->firstOrFail();`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00
			`$contact = $invitation->contact;`
Allow circumvention of client portal passwords using designated hash 2020-09-07 06:49:57 +02:00			`$client = $contact->client;`
			`$entity = $invitation->{$entity_type};`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00
			`if (is_null($contact->password) \|\| empty($contact->password)) {`
			`return redirect("/client/password/reset?email={$contact->email}");`
			`}`

			`if ((bool) $invitation->contact->client->getSetting('enable_client_portal_password') !== false) {`
			`session()->flash("{$entity_type}_VIEW_{$entity->hashed_id}", true);`
			`}`

Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! session("{$entity_type}_VIEW_{$entity->hashed_id}")) {`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00			`return redirect()->route('client.entity_view.password', compact('entity_type', 'invitation_key'));`
			`}`

			`return $this->render('view_entity.index', [`
			`'root' => 'themes',`
			`'entity' => $entity,`
			`]);`
			`}`

			`/**`
			`* Show the form for entering password.`
			`*`
			`* @param string $entity_type`
			`* @param string $invitation_key`
			`*`
			`* @return \Illuminate\Contracts\View\Factory\|\Illuminate\View\View`
			`*/`
			`public function password(string $entity_type, string $invitation_key)`
			`{`
			`return $this->render('view_entity.password', [`
			`'root' => 'themes',`
			`'entity_type' => $entity_type,`
			`]);`
			`}`

			/**`
			`* Handle the password check.`
			`*`
			`* @param string $entity_type`
			`* @param string $invitation_key`
			`*`
			`* @return \Illuminate\Routing\Redirector\|\Illuminate\Http\RedirectResponse\|mixed`
			`*/`
			`public function handlePassword(string $entity_type, string $invitation_key)`
			`{`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! in_array($entity_type, $this->entity_types)) {`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00			`abort(404);`
			`}`

			`$invitation_entity = sprintf('App\\Models\\%sInvitation', ucfirst($entity_type));`

Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`$key = $entity_type.'_id';`
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			$invitation = $invitation_entity::whereRaw('BINARY `key`= ?', [$invitation_key])->firstOrFail();
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00
			`$contact = $invitation->contact;`

			`$check = Hash::check(request()->password, $contact->password);`

			`$entity_class = sprintf('App\\Models\\%s', ucfirst($entity_type));`

			`$entity = $entity_class::findOrFail($invitation->{$key});`

			`if ($check) {`
			`session()->flash("{$entity_type}_VIEW_{$entity->hashed_id}", true);`

			`return redirect()->route('client.entity_view', compact('entity_type', 'invitation_key'));`
			`}`

			`session()->flash('PASSWORD_FAILED', true);`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Password protected invoices (#3635) * Password protected invoices (wip) * Add support for invitations * Update comments & php-cs-fixer * Add Forgot your password 2020-04-16 23:19:21 +02:00			`return back();`
			`}`
			`}`