invoiceninja/app/Http/Middleware/ContactTokenAuth.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://www.elastic.co/licensing/elastic-license
 */

namespace App\Http\Middleware;

use App\Events\Contact\ContactLoggedIn;
use App\Models\ClientContact;
use App\Utils\Ninja;
use Closure;
use Illuminate\Http\Request;
use stdClass;

class ContactTokenAuth
{
    /**
     * Handle an incoming request.
     *
     * @param  Request  $request
     * @param Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($request->header('X-API-TOKEN') && ($client_contact = ClientContact::with(['company'])->where('token', $request->header('X-API-TOKEN'))->first())) {
            $error = [
                'message' => 'Authentication disabled for user.',
                'errors' => new stdClass(),
            ];

            //client_contact who once existed, but has been soft deleted
            if (! $client_contact) {
                return response()->json($error, 403);
            }

            $error = [
                'message' => 'Access is locked.',
                'errors' => new stdClass(),
            ];

            //client_contact who has been disabled
            if ($client_contact->is_locked) {
                return response()->json($error, 403);
            }

            //stateless, don't remember the contact.
            auth()->guard('contact')->loginUsingId($client_contact->id, false);

            event(new ContactLoggedIn($client_contact, $client_contact->company, Ninja::eventVars()));
        } else {
            $error = [
                'message' => 'Invalid token',
                'errors' => new stdClass(),
            ];

            return response()->json($error, 403);
        }

        return $next($request);
    }
}
Working on client login routes 2019-07-08 02:08:57 +02:00			`<?php`
			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright year 2023-01-28 23:21:40 +01:00			`* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*`
Update license in codebase 2021-06-16 08:58:16 +02:00			`* @license https://www.elastic.co/licensing/elastic-license`
Working on client login routes 2019-07-08 02:08:57 +02:00			`*/`

			`namespace App\Http\Middleware;`

Handle list filters from Contact Routes 2019-07-10 05:10:18 +02:00			`use App\Events\Contact\ContactLoggedIn;`
Working on client login routes 2019-07-08 02:08:57 +02:00			`use App\Models\ClientContact;`
Refactor for events 2020-07-08 14:02:16 +02:00			`use App\Utils\Ninja;`
Working on client login routes 2019-07-08 02:08:57 +02:00			`use Closure;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use Illuminate\Http\Request;`
			`use stdClass;`
Working on client login routes 2019-07-08 02:08:57 +02:00
			`class ContactTokenAuth`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param Request $request`
			`* @param Closure $next`
Working on client login routes 2019-07-08 02:08:57 +02:00			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
refactor queries 2022-02-26 08:48:22 +01:00			`if ($request->header('X-API-TOKEN') && ($client_contact = ClientContact::with(['company'])->where('token', $request->header('X-API-TOKEN'))->first())) {`
fix error formatting 2019-09-24 00:37:38 +02:00			`$error = [`
			`'message' => 'Authentication disabled for user.',`
cs fixer 2024-01-14 05:05:00 +01:00			`'errors' => new stdClass(),`
fix error formatting 2019-09-24 00:37:38 +02:00			`];`

Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`//client_contact who once existed, but has been soft deleted`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! $client_contact) {`
Invoice Designer (#3283) * Working self-updater package * Fixes for travis * Working on invoice designs * Working on invoice builder * Tests for invoice design * Working on invoice designs * Minor fixes * Minor fixes for randomdataseeder 2020-02-05 05:06:03 +01:00			`return response()->json($error, 403);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`
fix error formatting 2019-09-24 00:37:38 +02:00
			`$error = [`
			`'message' => 'Access is locked.',`
cs fixer 2024-01-14 05:05:00 +01:00			`'errors' => new stdClass(),`
fix error formatting 2019-09-24 00:37:38 +02:00			`];`
Working on client login routes 2019-07-08 02:08:57 +02:00
			`//client_contact who has been disabled`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if ($client_contact->is_locked) {`
Invoice Designer (#3283) * Working self-updater package * Fixes for travis * Working on invoice designs * Working on invoice builder * Tests for invoice design * Working on invoice designs * Minor fixes * Minor fixes for randomdataseeder 2020-02-05 05:06:03 +01:00			`return response()->json($error, 403);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`
Working on client login routes 2019-07-08 02:08:57 +02:00
			`//stateless, don't remember the contact.`
Login contacts using their ID - allows us to login contacts with the same email address 2021-12-07 22:45:24 +01:00			`auth()->guard('contact')->loginUsingId($client_contact->id, false);`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
php-cs-fixer format 2020-11-25 15:19:52 +01:00			`event(new ContactLoggedIn($client_contact, $client_contact->company, Ninja::eventVars()));`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
fix error formatting 2019-09-24 00:37:38 +02:00			`$error = [`
			`'message' => 'Invalid token',`
cs fixer 2024-01-14 05:05:00 +01:00			`'errors' => new stdClass(),`
fix error formatting 2019-09-24 00:37:38 +02:00			`];`

Invoice Designer (#3283) * Working self-updater package * Fixes for travis * Working on invoice designs * Working on invoice builder * Tests for invoice design * Working on invoice designs * Minor fixes * Minor fixes for randomdataseeder 2020-02-05 05:06:03 +01:00			`return response()->json($error, 403);`
Working on client login routes 2019-07-08 02:08:57 +02:00			`}`

			`return $next($request);`
			`}`
			`}`