mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-10 21:22:58 +01:00
Reorder middleware to allow route model binding to be delayed
This commit is contained in:
David Bomba
parent
cd6e1fe5c6
commit
777c2dd24a
@ -72,7 +72,7 @@ class ContactForgotPasswordController extends Controller
|
||||
{
|
||||
//MultiDB::userFindAndSetDb($request->input('email'));
|
||||
|
||||
$user = MultiDB::hasContact(['email' => $request->input('email')]);
|
||||
$user = MultiDB::hasContact($request->input('email'));
|
||||
|
||||
$this->validateEmail($request);
|
||||
|
||||
@ -84,6 +84,10 @@ class ContactForgotPasswordController extends Controller
|
||||
);
|
||||
|
||||
if ($request->ajax()) {
|
||||
|
||||
if($response == Password::RESET_THROTTLED)
|
||||
return response()->json(['message' => ctrans('passwords.throttled'), 'status' => false], 429);
|
||||
|
||||
return $response == Password::RESET_LINK_SENT
|
||||
? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201)
|
||||
: response()->json(['message' => 'Email not found', 'status' => false], 401);
|
||||
|
||||
@ -209,7 +209,7 @@ class LoginController extends BaseController
|
||||
else
|
||||
$timeout = $timeout/1000;
|
||||
|
||||
Cache::put($user->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put($user->hashed_id.'_'.$user->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
$cu = CompanyUser::query()
|
||||
->where('user_id', auth()->user()->id);
|
||||
@ -366,8 +366,7 @@ class LoginController extends BaseController
|
||||
else
|
||||
$timeout = $timeout/1000;
|
||||
|
||||
|
||||
Cache::put($existing_user->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put($existing_user->hashed_id.'_'.$existing_user->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
$cu = CompanyUser::query()
|
||||
->where('user_id', auth()->user()->id);
|
||||
@ -416,8 +415,7 @@ class LoginController extends BaseController
|
||||
else
|
||||
$timeout = $timeout/1000;
|
||||
|
||||
|
||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
$cu = CompanyUser::whereUserId(auth()->user()->id);
|
||||
|
||||
|
||||
@ -114,7 +114,7 @@ class ConnectedAccountController extends BaseController
|
||||
auth()->user()->save();
|
||||
|
||||
$timeout = auth()->user()->company()->default_password_timeout;
|
||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
return $this->itemResponse(auth()->user());
|
||||
|
||||
|
||||
@ -63,9 +63,11 @@ class UserController extends BaseController
|
||||
*/
|
||||
public function __construct(UserRepository $user_repo)
|
||||
{
|
||||
|
||||
parent::__construct();
|
||||
|
||||
$this->user_repo = $user_repo;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -376,7 +378,6 @@ class UserController extends BaseController
|
||||
*/
|
||||
public function update(UpdateUserRequest $request, User $user)
|
||||
{
|
||||
|
||||
$old_company_user = $user->company_user;
|
||||
$old_user = json_encode($user);
|
||||
$old_user_email = $user->getOriginal('email');
|
||||
|
||||
@ -160,4 +160,23 @@ class Kernel extends HttpKernel
|
||||
'check_client_existence' => CheckClientExistence::class,
|
||||
'user_verified' => UserVerified::class,
|
||||
];
|
||||
|
||||
|
||||
protected $middlewarePriority = [
|
||||
ContactTokenAuth::class,
|
||||
ContactSetDb::class,
|
||||
SetInviteDb::class,
|
||||
ContactRegister::class,
|
||||
ShopTokenAuth::class,
|
||||
PhantomSecret::class,
|
||||
ContactKeyLogin::class,
|
||||
CheckClientExistence::class,
|
||||
ClientPortalEnabled::class,
|
||||
UrlSetDb::class,
|
||||
SetWebDb::class,
|
||||
SetDb::class,
|
||||
SetDbByCompanyKey::class,
|
||||
TokenAuth::class,
|
||||
SubstituteBindings::class,
|
||||
];
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@ class PasswordProtection
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
|
||||
|
||||
$error = [
|
||||
'message' => 'Invalid Password',
|
||||
'errors' => new stdClass,
|
||||
@ -44,9 +44,9 @@ class PasswordProtection
|
||||
else
|
||||
$timeout = $timeout/1000;
|
||||
|
||||
if (Cache::get(auth()->user()->hashed_id.'_logged_in')) {
|
||||
if (Cache::get(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in')) {
|
||||
|
||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
return $next($request);
|
||||
|
||||
@ -68,12 +68,13 @@ class PasswordProtection
|
||||
//If OAuth and user also has a password set - check both
|
||||
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
|
||||
|
||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){
|
||||
|
||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@ -83,7 +84,7 @@ class PasswordProtection
|
||||
|
||||
}elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
|
||||
|
||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
||||
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||
|
||||
return $next($request);
|
||||
|
||||
|
||||
@ -27,6 +27,7 @@ class SetDb
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
|
||||
$error = [
|
||||
'message' => 'Invalid Token',
|
||||
'errors' => new stdClass,
|
||||
|
||||
@ -146,18 +146,18 @@ class MultiDB
|
||||
* @param array $data
|
||||
* @return User|null
|
||||
*/
|
||||
public static function hasContact(array $data) : ?ClientContact
|
||||
public static function hasContact(string $email) : ?ClientContact
|
||||
{
|
||||
if (! config('ninja.db.multi_db_enabled')) {
|
||||
return ClientContact::where($data)->withTrashed()->first();
|
||||
return ClientContact::where('email', $email)->withTrashed()->first();
|
||||
}
|
||||
|
||||
foreach (self::$dbs as $db) {
|
||||
self::setDB($db);
|
||||
|
||||
$user = ClientContacts::where($data)->withTrashed()->first();
|
||||
|
||||
$user = ClientContact::on($db)->where('email', $email)->withTrashed()->first();
|
||||
|
||||
if ($user) {
|
||||
self::setDB($db);
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
@ -205,7 +205,6 @@ class MultiDB
|
||||
foreach (self::$dbs as $db) {
|
||||
if ($ct = CompanyToken::on($db)->whereRaw('BINARY `token`= ?', [$token])->first()) {
|
||||
self::setDb($ct->company->db);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
namespace App\Models;
|
||||
|
||||
use App\Models\Presenters\CompanyPresenter;
|
||||
use App\Models\User;
|
||||
use App\Services\Notification\NotificationService;
|
||||
use App\Utils\Ninja;
|
||||
use App\Utils\Traits\CompanySettingsSaver;
|
||||
@ -20,8 +21,8 @@ use App\Utils\Traits\ThrottlesEmail;
|
||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
use Illuminate\Notifications\Notification;
|
||||
use Laracasts\Presenter\PresentableTrait;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Laracasts\Presenter\PresentableTrait;
|
||||
|
||||
class Company extends BaseModel
|
||||
{
|
||||
@ -431,9 +432,11 @@ class Company extends BaseModel
|
||||
}
|
||||
|
||||
public function owner()
|
||||
{
|
||||
{nlog("in owner");
|
||||
$c = $this->company_users->where('is_owner', true)->first();
|
||||
|
||||
nlog($c);
|
||||
|
||||
return User::find($c->user_id);
|
||||
}
|
||||
|
||||
|
||||
@ -159,7 +159,7 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||
*/
|
||||
public function setCompany($company)
|
||||
{
|
||||
config(['ninja.company_id' => $company->id]);
|
||||
// config(['ninja.company_id' => $company->id]);
|
||||
|
||||
$this->company = $company;
|
||||
}
|
||||
@ -170,15 +170,19 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||
public function getCompany()
|
||||
{
|
||||
if ($this->company) {
|
||||
nlog("company Found");
|
||||
return $this->company;
|
||||
}
|
||||
|
||||
if (request()->header('X-API-TOKEN')) {
|
||||
$company_token = CompanyToken::whereRaw('BINARY `token`= ?', [request()->header('X-API-TOKEN')])->first();
|
||||
nlog("no company - using token to resolve");
|
||||
$company_token = CompanyToken::with(['company'])->whereRaw('BINARY `token`= ?', [request()->header('X-API-TOKEN')])->first();
|
||||
|
||||
return $company_token->company;
|
||||
}
|
||||
|
||||
return Company::find(config('ninja.company_id'));
|
||||
throw new \Exception('No Company Found');
|
||||
//return Company::find(config('ninja.company_id'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -17,6 +17,13 @@
|
||||
@endif
|
||||
<div class="col-span-2 h-screen flex">
|
||||
<div class="m-auto md:w-1/2 lg:w-1/4">
|
||||
|
||||
@if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid())
|
||||
<div>
|
||||
<img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<div class="flex flex-col">
|
||||
<h1 class="text-center text-3xl">{{ ctrans('texts.client_portal') }}</h1>
|
||||
<form action="{{ route('client.login') }}" method="post" class="mt-6">
|
||||
|
||||
@ -12,6 +12,11 @@
|
||||
@endif
|
||||
<div class="col-span-2 h-screen flex">
|
||||
<div class="m-auto w-1/2 md:w-1/3 lg:w-1/4">
|
||||
@if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid())
|
||||
<div>
|
||||
<img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
|
||||
</div>
|
||||
@endif
|
||||
<div class="flex flex-col">
|
||||
<h1 class="text-center text-3xl">{{ ctrans('texts.password_recovery') }}</h1>
|
||||
<p class="text-center mt-1 text-gray-600">{{ ctrans('texts.reset_password_text') }}</p>
|
||||
|
||||
@ -13,6 +13,12 @@
|
||||
|
||||
<div class="col-span-2 h-screen flex">
|
||||
<div class="m-auto w-1/2 md:w-1/3 lg:w-1/4">
|
||||
|
||||
@if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid())
|
||||
<div>
|
||||
<img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
|
||||
</div>
|
||||
@endif
|
||||
<div class="flex flex-col">
|
||||
<h1 class="text-center text-3xl">{{ ctrans('texts.password_recovery') }}</h1>
|
||||
<p class="text-center mt-1 text-gray-600">{{ ctrans('texts.reset_password_text') }}</p>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user