Fixes logic for hosted login

2024-11-10 05:02:36 +01:00 · 2021-06-14 17:04:15 +10:00 · 2021-06-14 17:04:15 +10:00 · 1397c9ab1c
commit 1397c9ab1c
parent c67998219e
2 changed files with 21 additions and 9 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -222,14 +222,9 @@ class LoginController extends BaseController

            });

-            // $cu->first()->account->companies->each(function ($company) use($cu, $request){
-
-            //     if($company->tokens()->where('is_system', true)->count() == 0)
-            //     {
-            //         CreateCompanyToken::dispatchNow($company, $cu->first()->user, $request->server('HTTP_USER_AGENT'));
-            //     }
-
-            // });
+            /*On the hosted platform, only owners can login for free/pro accounts*/
+            if(Ninja::isHosted() && !$cu->first()->is_owner && !$user->account->isEnterpriseClient())
+                return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);

            return $this->timeConstrainedResponse($cu);

@ -318,6 +313,9 @@ class LoginController extends BaseController
        if($request->has('current_company') && $request->input('current_company') == 'true')
          $cu->where("company_id", $company_token->company_id);

+        if(Ninja::isHosted() && !$cu->first()->is_owner && !$cu->first()->user->account->isEnterpriseClient())
+            return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
        return $this->refreshResponse($cu);
    }

@ -379,6 +377,9 @@ class LoginController extends BaseController
                    }
                });

+                if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
                return $this->timeConstrainedResponse($cu);
                
            }
@ -407,6 +408,9 @@ class LoginController extends BaseController
                    }
                });

+                if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
                return $this->timeConstrainedResponse($cu);
            }

@ -439,6 +443,9 @@ class LoginController extends BaseController
                    }
                });

+                if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
                return $this->timeConstrainedResponse($cu);
            }

@ -478,6 +485,9 @@ class LoginController extends BaseController
                }
            });

+            if(Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
+                return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
            return $this->timeConstrainedResponse($cu);
        }

--- a/tests/Integration/MultiDBUserTest.php
+++ b/tests/Integration/MultiDBUserTest.php
@ -194,6 +194,8 @@ class MultiDBUserTest extends TestCase
                ],
        ];

+        $response = false;
+
        try {
            $response = $this->withHeaders([
                'X-API-SECRET' => config('ninja.api_secret'),
@ -203,7 +205,7 @@ class MultiDBUserTest extends TestCase
        } catch (ValidationException $e) {
            $message = json_decode($e->validator->getMessageBag(), 1);
            $this->assertNotNull($message);
-
+            nlog($message);
        }

        if ($response) {