Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-08 20:22:42 +01:00
Code Issues Releases Activity

Fix contact authentication

Browse Source
This commit is contained in:
Joshua Dwire 2016-05-24 17:45:38 -04:00
parent 724f5738aa
commit 29c4f16970
1 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
app/Http/Middleware/Authenticate.php
View File

@ -19,22 +19,29 @@ class Authenticate {
{
$authenticated = Auth::guard($guard)->check();
if($guard == 'client' && !empty($request->invitation_key)){
$contact_key = session('contact_key');
if($contact_key) {
$contact = $this->getContact($contact_key);
$invitation = $this->getInvitation($request->invitation_key);
if ($contact->id != $invitation->contact_id) {
// This is a different client; reauthenticate
$authenticated = false;
Auth::guard($guard)->logout();
}
Session::put('contact_key', $contact->contact_key);
}
}
if($guard=='client'){
if(!empty($request->invitation_key)){
$contact_key = session('contact_key');
if($contact_key) {
$contact = $this->getContact($contact_key);
$invitation = $this->getInvitation($request->invitation_key);
if (!$invitation) {
return response()->view('error', [
'error' => trans('texts.invoice_not_found'),
'hideHeader' => true,
]);
}
if ($contact->id != $invitation->contact_id) {
// This is a different client; reauthenticate
$authenticated = false;
Auth::guard($guard)->logout();
}
Session::put('contact_key', $invitation->contact->contact_key);
}
}
if (!empty($request->contact_key)) {
$contact_key = $request->contact_key;
Session::put('contact_key', $contact_key);
@ -44,14 +51,15 @@ class Authenticate {
if ($contact_key) {
$contact = $this->getContact($contact_key);
$account = $contact->account;
} elseif (!empty($request->invitation_key)) {
$invitation = $this->getInvitation($request->invitation_key);
$account = $invitation->account;
$contact = $invitation->contact;
Session::put('contact_key', $contact->contact_key);
} else {
return \Redirect::to('client/sessionexpired');
}
$account = $contact->account;
if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account->id){
// This is an admin; let them pretend to be a client
$authenticated = true;