2017-01-30 20:40:43 +01:00
|
|
|
<?php
|
2015-03-12 01:44:39 +01:00
|
|
|
|
2017-01-30 20:40:43 +01:00
|
|
|
namespace App\Http\Middleware;
|
|
|
|
|
|
2018-02-24 21:20:21 +01:00
|
|
|
use App\Models\Account;
|
2017-01-30 20:40:43 +01:00
|
|
|
use App\Models\Contact;
|
|
|
|
|
use App\Models\Invitation;
|
2018-02-08 08:39:19 +01:00
|
|
|
use App\Models\ProposalInvitation;
|
2016-03-05 04:22:54 +01:00
|
|
|
use Auth;
|
2018-02-24 21:20:21 +01:00
|
|
|
use Utils;
|
2017-01-30 20:40:43 +01:00
|
|
|
use Closure;
|
2016-03-05 04:22:54 +01:00
|
|
|
use Session;
|
2015-03-12 01:44:39 +01:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
/**
|
2017-01-30 20:40:43 +01:00
|
|
|
* Class Authenticate.
|
2016-07-03 18:11:58 +02:00
|
|
|
*/
|
|
|
|
|
class Authenticate
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Handle an incoming request.
|
|
|
|
|
*
|
2017-01-30 20:40:43 +01:00
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
|
|
* @param \Closure $next
|
|
|
|
|
* @param string $guard
|
|
|
|
|
*
|
2016-07-03 18:11:58 +02:00
|
|
|
* @return mixed
|
|
|
|
|
*/
|
|
|
|
|
public function handle($request, Closure $next, $guard = 'user')
|
|
|
|
|
{
|
|
|
|
|
$authenticated = Auth::guard($guard)->check();
|
2018-02-08 08:39:19 +01:00
|
|
|
$invitationKey = $request->invitation_key ?: $request->proposal_invitation_key;
|
2016-06-04 22:02:18 +02:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
if ($guard == 'client') {
|
2018-02-08 08:39:19 +01:00
|
|
|
if (! empty($request->invitation_key) || ! empty($request->proposal_invitation_key)) {
|
2016-07-03 18:11:58 +02:00
|
|
|
$contact_key = session('contact_key');
|
|
|
|
|
if ($contact_key) {
|
|
|
|
|
$contact = $this->getContact($contact_key);
|
2018-02-08 08:39:19 +01:00
|
|
|
$invitation = $this->getInvitation($invitationKey, ! empty($request->proposal_invitation_key));
|
2016-05-24 23:45:38 +02:00
|
|
|
|
2017-01-30 20:40:43 +01:00
|
|
|
if (! $invitation) {
|
2016-07-03 18:11:58 +02:00
|
|
|
return response()->view('error', [
|
|
|
|
|
'error' => trans('texts.invoice_not_found'),
|
|
|
|
|
'hideHeader' => true,
|
|
|
|
|
]);
|
|
|
|
|
}
|
2016-05-24 23:02:28 +02:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
if ($contact && $contact->id != $invitation->contact_id) {
|
|
|
|
|
// This is a different client; reauthenticate
|
|
|
|
|
$authenticated = false;
|
|
|
|
|
Auth::guard($guard)->logout();
|
|
|
|
|
}
|
|
|
|
|
Session::put('contact_key', $invitation->contact->contact_key);
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-05-24 23:45:38 +02:00
|
|
|
|
2017-01-30 20:40:43 +01:00
|
|
|
if (! empty($request->contact_key)) {
|
2016-07-03 18:11:58 +02:00
|
|
|
$contact_key = $request->contact_key;
|
|
|
|
|
Session::put('contact_key', $contact_key);
|
|
|
|
|
} else {
|
|
|
|
|
$contact_key = session('contact_key');
|
|
|
|
|
}
|
2016-05-24 23:02:28 +02:00
|
|
|
|
2017-03-30 14:22:46 +02:00
|
|
|
$contact = false;
|
2016-07-03 18:11:58 +02:00
|
|
|
if ($contact_key) {
|
|
|
|
|
$contact = $this->getContact($contact_key);
|
2018-02-08 08:39:19 +01:00
|
|
|
} elseif ($invitation = $this->getInvitation($invitationKey, ! empty($request->proposal_invitation_key))) {
|
2016-07-03 18:11:58 +02:00
|
|
|
$contact = $invitation->contact;
|
|
|
|
|
Session::put('contact_key', $contact->contact_key);
|
2017-03-26 22:18:25 +02:00
|
|
|
}
|
|
|
|
|
if (! $contact) {
|
2017-11-14 09:58:08 +01:00
|
|
|
return \Redirect::to('client/session_expired');
|
2016-07-03 18:11:58 +02:00
|
|
|
}
|
2017-11-21 08:35:28 +01:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
$account = $contact->account;
|
2016-05-24 23:45:38 +02:00
|
|
|
|
2017-07-25 12:14:22 +02:00
|
|
|
if (Auth::guard('user')->check() && Auth::user('user')->account_id == $account->id) {
|
2016-07-03 18:11:58 +02:00
|
|
|
// This is an admin; let them pretend to be a client
|
|
|
|
|
$authenticated = true;
|
|
|
|
|
}
|
2016-06-04 22:02:18 +02:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
// Does this account require portal passwords?
|
2017-01-30 20:40:43 +01:00
|
|
|
if ($account && (! $account->enable_portal_password || ! $account->hasFeature(FEATURE_CLIENT_PORTAL_PASSWORD))) {
|
2016-07-03 18:11:58 +02:00
|
|
|
$authenticated = true;
|
|
|
|
|
}
|
2016-06-04 22:02:18 +02:00
|
|
|
|
2017-01-30 20:40:43 +01:00
|
|
|
if (! $authenticated && $contact && ! $contact->password) {
|
2016-07-03 18:11:58 +02:00
|
|
|
$authenticated = true;
|
|
|
|
|
}
|
2017-02-15 21:58:27 +01:00
|
|
|
|
|
|
|
|
if (env('PHANTOMJS_SECRET') && $request->phantomjs_secret && hash_equals(env('PHANTOMJS_SECRET'), $request->phantomjs_secret)) {
|
|
|
|
|
$authenticated = true;
|
|
|
|
|
}
|
2017-11-21 08:35:28 +01:00
|
|
|
|
|
|
|
|
if ($authenticated) {
|
|
|
|
|
$request->merge(['contact' => $contact]);
|
2018-02-14 19:29:30 +01:00
|
|
|
$account->loadLocalizationSettings($contact->client);
|
2017-11-21 08:35:28 +01:00
|
|
|
}
|
2016-07-03 18:11:58 +02:00
|
|
|
}
|
2016-06-04 22:02:18 +02:00
|
|
|
|
2017-01-30 20:40:43 +01:00
|
|
|
if (! $authenticated) {
|
2016-07-03 18:11:58 +02:00
|
|
|
if ($request->ajax()) {
|
|
|
|
|
return response('Unauthorized.', 401);
|
|
|
|
|
} else {
|
2018-02-24 21:20:21 +01:00
|
|
|
if ($guard == 'client') {
|
|
|
|
|
$url = '/client/login';
|
|
|
|
|
if (Utils::isNinja()) {
|
|
|
|
|
if ($account && Utils::getSubdomain() == 'app') {
|
|
|
|
|
$url .= '?account_key=' . $account->account_key;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if ($account && Account::count() > 1) {
|
|
|
|
|
$url .= '?account_key=' . $account->account_key;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$url = '/login';
|
|
|
|
|
}
|
|
|
|
|
return redirect()->guest($url);
|
2016-07-03 18:11:58 +02:00
|
|
|
}
|
|
|
|
|
}
|
2015-03-12 01:44:39 +01:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
return $next($request);
|
|
|
|
|
}
|
2016-06-04 22:02:18 +02:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
/**
|
|
|
|
|
* @param $key
|
2017-01-30 20:40:43 +01:00
|
|
|
*
|
2016-07-03 18:11:58 +02:00
|
|
|
* @return \Illuminate\Database\Eloquent\Model|null|static
|
|
|
|
|
*/
|
2018-02-08 08:39:19 +01:00
|
|
|
protected function getInvitation($key, $isProposal = false)
|
2016-07-03 18:11:58 +02:00
|
|
|
{
|
2017-03-13 18:25:29 +01:00
|
|
|
if (! $key) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-20 11:57:21 +01:00
|
|
|
// check for extra params at end of value (from website feature)
|
|
|
|
|
list($key) = explode('&', $key);
|
2017-03-26 22:18:25 +02:00
|
|
|
$key = substr($key, 0, RANDOM_KEY_LENGTH);
|
2017-02-20 11:57:21 +01:00
|
|
|
|
2018-02-08 08:39:19 +01:00
|
|
|
if ($isProposal) {
|
|
|
|
|
$invitation = ProposalInvitation::withTrashed()->where('invitation_key', '=', $key)->first();
|
|
|
|
|
} else {
|
|
|
|
|
$invitation = Invitation::withTrashed()->where('invitation_key', '=', $key)->first();
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 20:40:43 +01:00
|
|
|
if ($invitation && ! $invitation->is_deleted) {
|
2016-07-03 18:11:58 +02:00
|
|
|
return $invitation;
|
|
|
|
|
} else {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-05-24 23:02:28 +02:00
|
|
|
|
2016-07-03 18:11:58 +02:00
|
|
|
/**
|
|
|
|
|
* @param $key
|
2017-01-30 20:40:43 +01:00
|
|
|
*
|
2016-07-03 18:11:58 +02:00
|
|
|
* @return \Illuminate\Database\Eloquent\Model|null|static
|
|
|
|
|
*/
|
|
|
|
|
protected function getContact($key)
|
|
|
|
|
{
|
|
|
|
|
$contact = Contact::withTrashed()->where('contact_key', '=', $key)->first();
|
2017-01-30 20:40:43 +01:00
|
|
|
if ($contact && ! $contact->is_deleted) {
|
2016-07-03 18:11:58 +02:00
|
|
|
return $contact;
|
|
|
|
|
} else {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-12 01:44:39 +01:00
|
|
|
}
|
