mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-10 13:12:50 +01:00
Merge pull request #5040 from turbo124/v5-develop
Translations and fixes for password protected routes
This commit is contained in:
David Bomba
GitHub
commit
2a27562f29
@ -103,7 +103,7 @@ class CheckData extends Command
|
||||
if ($errorEmail) {
|
||||
Mail::raw($this->log, function ($message) use ($errorEmail, $database) {
|
||||
$message->to($errorEmail)
|
||||
->from(config('ninja.error_email'))
|
||||
->from(config('mail.from.address'), config('mail.from.name'))
|
||||
->subject('Check-Data: '.strtoupper($this->isValid ? Account::RESULT_SUCCESS : Account::RESULT_FAILURE)." [{$database}]");
|
||||
});
|
||||
} elseif (! $this->isValid) {
|
||||
|
||||
@ -31,12 +31,26 @@ class PasswordProtection
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
// {nlog($request->headers->all());
|
||||
// nlog($request->all());
|
||||
|
||||
$error = [
|
||||
'message' => 'Invalid Password',
|
||||
'errors' => new stdClass,
|
||||
];
|
||||
|
||||
if( $request->header('X-API-OAUTH-PASSWORD') && strlen($request->header('X-API-OAUTH-PASSWORD')) >=1 ){
|
||||
nlog(Cache::get(auth()->user()->hashed_id.'_logged_in'));
|
||||
nlog($request->header('X-API-OAUTH-PASSWORD'));
|
||||
|
||||
|
||||
if (Cache::get(auth()->user()->hashed_id.'_logged_in')) {
|
||||
|
||||
Cache::pull(auth()->user()->hashed_id.'_logged_in');
|
||||
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30));
|
||||
|
||||
return $next($request);
|
||||
|
||||
}elseif( $request->header('X-API-OAUTH-PASSWORD') && strlen($request->header('X-API-OAUTH-PASSWORD')) >=1){
|
||||
|
||||
//user is attempting to reauth with OAuth - check the token value
|
||||
//todo expand this to include all OAuth providers
|
||||
@ -48,51 +62,36 @@ class PasswordProtection
|
||||
|
||||
$query = [
|
||||
'oauth_user_id' => $google->harvestSubField($user),
|
||||
'oauth_provider_id'=> 'google',
|
||||
'oauth_provider_id'=> 'google'
|
||||
];
|
||||
|
||||
/* Cannot allow duplicates! */
|
||||
if ($existing_user = MultiDB::hasUser($query)) {
|
||||
//If OAuth and user also has a password set - check both
|
||||
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
|
||||
|
||||
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30));
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
elseif($existing_user = MultiDB::hasUser($query) && !auth()->uer()->has_password){
|
||||
|
||||
$error = [
|
||||
'message' => 'Access denied',
|
||||
'errors' => new stdClass,
|
||||
];
|
||||
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30));
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
return response()->json($error, 412);
|
||||
|
||||
|
||||
}elseif ($request->header('X-API-PASSWORD')) {
|
||||
}elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
|
||||
|
||||
//user is attempting to reauth with regular password
|
||||
//
|
||||
if (! Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
|
||||
return response()->json($error, 403);
|
||||
}
|
||||
|
||||
} elseif (Cache::get(auth()->user()->hashed_id.'_logged_in')) {
|
||||
|
||||
Cache::pull(auth()->user()->hashed_id.'_logged_in');
|
||||
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30));
|
||||
|
||||
return $next($request);
|
||||
|
||||
} else {
|
||||
|
||||
$error = [
|
||||
'message' => 'Access denied',
|
||||
'errors' => new stdClass,
|
||||
];
|
||||
|
||||
return response()->json($error, 412);
|
||||
}
|
||||
|
||||
Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30));
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@ -91,7 +91,7 @@ class NinjaMailerJob implements ShouldQueue
|
||||
} catch (\Exception $e) {
|
||||
|
||||
nlog("error failed with {$e->getMessage()}");
|
||||
nlog($e);
|
||||
// nlog($e);
|
||||
|
||||
if($this->nmo->entity)
|
||||
$this->entityEmailFailed($e->getMessage());
|
||||
|
||||
@ -37,7 +37,7 @@ class MailSentListener implements ShouldQueue
|
||||
public function handle(MessageSent $event)
|
||||
{
|
||||
|
||||
if(property_exists($event->message, 'invitation')){
|
||||
if(property_exists($event->message, 'invitation') && $event->message->invitation){
|
||||
|
||||
MultiDB::setDb($event->message->invitation->company->db);
|
||||
|
||||
|
||||
@ -74,6 +74,10 @@ class UserRepository extends BaseRepository
|
||||
}
|
||||
|
||||
$user->account_id = $account->id;
|
||||
|
||||
if(strlen($user->password) >=1)
|
||||
$user->has_password = true;
|
||||
|
||||
$user->save();
|
||||
|
||||
if (isset($data['company_user'])) {
|
||||
|
||||
@ -140,7 +140,7 @@ class PaymentMethod
|
||||
|
||||
if ($this->validGatewayForAmount($gateway->fees_and_limits->{$type}, $this->amount) && $gateway->fees_and_limits->{$type}->is_enabled) {
|
||||
|
||||
if($type == GatewayType::BANK_TRANSFER);
|
||||
// if($type == GatewayType::BANK_TRANSFER);
|
||||
|
||||
$this->payment_methods[] = [$gateway->id => $type];
|
||||
}
|
||||
|
||||
@ -271,7 +271,7 @@ class HtmlEngine
|
||||
|
||||
$data['$company.city_state_postal'] = ['value' => $this->company->present()->cityStateZip($this->settings->city, $this->settings->state, $this->settings->postal_code, false) ?: ' ', 'label' => ctrans('texts.city_state_postal')];
|
||||
$data['$company.postal_city_state'] = ['value' => $this->company->present()->cityStateZip($this->settings->city, $this->settings->state, $this->settings->postal_code, true) ?: ' ', 'label' => ctrans('texts.postal_city_state')];
|
||||
$data['$company.name'] = ['value' => $this->company->present()->name() ?: ' ', 'label' => ctrans('texts.company_name')];
|
||||
$data['$company.name'] = ['value' => $this->settings->name ?: ' ', 'label' => ctrans('texts.company_name')];
|
||||
$data['$company.address1'] = ['value' => $this->settings->address1 ?: ' ', 'label' => ctrans('texts.address1')];
|
||||
$data['$company.address2'] = ['value' => $this->settings->address2 ?: ' ', 'label' => ctrans('texts.address2')];
|
||||
$data['$company.city'] = ['value' => $this->settings->city ?: ' ', 'label' => ctrans('texts.city')];
|
||||
|
||||
@ -4144,10 +4144,29 @@ $LANG = array(
|
||||
'group_documents' => 'Group documents',
|
||||
'quote_approval_confirmation_label' => 'Are you sure you want to approve this quote?',
|
||||
|
||||
'click_agree_to_accept_terms' => 'Click "Agree" to Accept Terms.',
|
||||
'agree' => 'Agree',
|
||||
'click_agree_to_accept_terms' => 'Click "Agree" to Accept Terms.',
|
||||
'agree' => 'Agree',
|
||||
|
||||
'pending_approval' => 'Pending Approval',
|
||||
'pending_approval' => 'Pending Approval',
|
||||
'migration_select_company_label' => 'Select companies to migrate',
|
||||
'force_migration' => 'Force migration',
|
||||
'require_password_with_social_login' => 'Require Password with Social Login',
|
||||
'stay_logged_in' => 'Stay Logged In',
|
||||
'session_about_to_expire' => 'Warning: Your session is about to expire',
|
||||
'count_hours' => ':count Hours',
|
||||
'count_day' => '1 Day',
|
||||
'count_days' => ':count Days',
|
||||
'web_session_timeout' => 'Web Session Timeout',
|
||||
'security_settings' => 'Security Settings',
|
||||
'resend_email' => 'Resend Email',
|
||||
'confirm_your_email_address' => 'Please confirm your email address',
|
||||
'freshbooks' => 'FreshBooks',
|
||||
'invoice2go' => 'Invoice2go',
|
||||
'invoicely' => 'Invoicely',
|
||||
'waveaccounting' => 'Wave Accounting',
|
||||
'zoho' => 'Zoho',
|
||||
'accounting' => 'Accounting',
|
||||
'required_files_missing' => 'Please provide all CSVs.',
|
||||
);
|
||||
|
||||
return $LANG;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user