invoiceninja/app/Http/Middleware/PasswordProtection.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://opensource.org/licenses/AAL
 */

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use stdClass;

class PasswordProtection
{
    /**
     * Handle an incoming request.
     *
     * @param  Request  $request
     * @param Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $error = [
            'message' => 'Invalid Password',
            'errors' => new stdClass,
        ];

        if ($request->header('X-API-PASSWORD')) {
            if (! Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
                return response()->json($error, 403);
            }
        } elseif (Cache::get(auth()->user()->email.'_logged_in')) {
            Cache::pull(auth()->user()->email.'_logged_in');
            Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30));

            return $next($request);
        } else {
            $error = [
                'message' => 'Access denied',
                'errors' => new stdClass,
            ];

            return response()->json($error, 412);
        }

        Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30));

        return $next($request);
    }
}
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`<?php`
			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Fix for password protected authorization (#3198) * Remove unnecessary save() on invoice * Update copyright * Working on Credit Repository * Implement credits as a paymentable entity * Add credit_id to transformer * fix rules for update payment * Fix random deleted_at keys in transformers * Fix for password_protect check 2020-01-07 01:13:47 +01:00			`* @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`*`
			`* @license https://opensource.org/licenses/AAL`
			`*/`

			`namespace App\Http\Middleware;`

			`use Closure;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use Illuminate\Http\Request;`
Fixes for settings (#3009) * Add Includes * Clean up company settings + tests * Update Company Settings Schema * Fixes for tests * fixes for tests * fixes for settings 2019-10-23 03:01:25 +02:00			`use Illuminate\Support\Facades\Cache;`
			`use Illuminate\Support\Facades\Hash;`
Track signup platform (#3014) * update company settings and OpenAPI definitions * Fixes for tests * Add extra variables to company settings * Track signup platform when new account signup processed 2019-10-24 06:46:24 +02:00			`use Illuminate\Support\Str;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use stdClass;`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00
			`class PasswordProtection`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param Request $request`
			`* @param Closure $next`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`$error = [`
			`'message' => 'Invalid Password',`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`'errors' => new stdClass,`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`];`

Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`if ($request->header('X-API-PASSWORD')) {`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`return response()->json($error, 403);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`} elseif (Cache::get(auth()->user()->email.'_logged_in')) {`
			`Cache::pull(auth()->user()->email.'_logged_in');`
			`Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30));`
Fixes and Refactors for Invoice Emails. (#3339) * Working on emailing invoices * Working on emailing and displaying email * Working on emailing and displaying email * Email invoices * Fixes for html emails * Ensure valid client prior to store * Ensure client exists when storing an entity * Update variable name send -> send_email for client_contacts * Mailable download files * Extend timeouts of password protected routes when a protected route is hit * Add default portal design to company settings * Minor fixes * Fixes for Tests * Fixes for invoicing emails * Refactors for InvoiceEmail * Implement abstractservice * Refactors for services * Refactors for emails * Fixes for Invoice Emails 2020-02-17 10:37:44 +01:00
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`return $next($request);`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`} else {`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`$error = [`
			`'message' => 'Access denied',`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`'errors' => new stdClass,`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`];`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`return response()->json($error, 412);`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00			`}`

Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30));`
Default gateway type ID (#3008) * Show Recurring Invoice - Client Portal * Password protect some routes * Password Protection Routes * Add default_gateway_type_id to gateway table 2019-10-22 13:27:03 +02:00
			`return $next($request);`
			`}`
			`}`