diff --git a/app/Http/Controllers/Auth/ContactForgotPasswordController.php b/app/Http/Controllers/Auth/ContactForgotPasswordController.php index cb5e421233..85e5c41bbe 100644 --- a/app/Http/Controllers/Auth/ContactForgotPasswordController.php +++ b/app/Http/Controllers/Auth/ContactForgotPasswordController.php @@ -72,7 +72,7 @@ class ContactForgotPasswordController extends Controller { //MultiDB::userFindAndSetDb($request->input('email')); - $user = MultiDB::hasContact(['email' => $request->input('email')]); + $user = MultiDB::hasContact($request->input('email')); $this->validateEmail($request); @@ -84,6 +84,10 @@ class ContactForgotPasswordController extends Controller ); if ($request->ajax()) { + + if($response == Password::RESET_THROTTLED) + return response()->json(['message' => ctrans('passwords.throttled'), 'status' => false], 429); + return $response == Password::RESET_LINK_SENT ? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201) : response()->json(['message' => 'Email not found', 'status' => false], 401); diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index f7d4fa9460..338e991da0 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -209,7 +209,7 @@ class LoginController extends BaseController else $timeout = $timeout/1000; - Cache::put($user->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put($user->hashed_id.'_'.$user->account_id.'_logged_in', Str::random(64), $timeout); $cu = CompanyUser::query() ->where('user_id', auth()->user()->id); @@ -366,8 +366,7 @@ class LoginController extends BaseController else $timeout = $timeout/1000; - - Cache::put($existing_user->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put($existing_user->hashed_id.'_'.$existing_user->account_id.'_logged_in', Str::random(64), $timeout); $cu = CompanyUser::query() ->where('user_id', auth()->user()->id); @@ -416,8 +415,7 @@ class LoginController extends BaseController else $timeout = $timeout/1000; - - Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); $cu = CompanyUser::whereUserId(auth()->user()->id); diff --git a/app/Http/Controllers/ConnectedAccountController.php b/app/Http/Controllers/ConnectedAccountController.php index ae519f1ec5..ae26922f8b 100644 --- a/app/Http/Controllers/ConnectedAccountController.php +++ b/app/Http/Controllers/ConnectedAccountController.php @@ -114,7 +114,7 @@ class ConnectedAccountController extends BaseController auth()->user()->save(); $timeout = auth()->user()->company()->default_password_timeout; - Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); return $this->itemResponse(auth()->user()); diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index c633371dc0..483a32bb3c 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -63,9 +63,11 @@ class UserController extends BaseController */ public function __construct(UserRepository $user_repo) { + parent::__construct(); $this->user_repo = $user_repo; + } /** @@ -376,7 +378,6 @@ class UserController extends BaseController */ public function update(UpdateUserRequest $request, User $user) { - $old_company_user = $user->company_user; $old_user = json_encode($user); $old_user_email = $user->getOriginal('email'); diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 63803aa464..7532d2f609 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -160,4 +160,23 @@ class Kernel extends HttpKernel 'check_client_existence' => CheckClientExistence::class, 'user_verified' => UserVerified::class, ]; + + + protected $middlewarePriority = [ + ContactTokenAuth::class, + ContactSetDb::class, + SetInviteDb::class, + ContactRegister::class, + ShopTokenAuth::class, + PhantomSecret::class, + ContactKeyLogin::class, + CheckClientExistence::class, + ClientPortalEnabled::class, + UrlSetDb::class, + SetWebDb::class, + SetDb::class, + SetDbByCompanyKey::class, + TokenAuth::class, + SubstituteBindings::class, + ]; } diff --git a/app/Http/Middleware/PasswordProtection.php b/app/Http/Middleware/PasswordProtection.php index 0652e08168..21e9c4a0da 100644 --- a/app/Http/Middleware/PasswordProtection.php +++ b/app/Http/Middleware/PasswordProtection.php @@ -31,7 +31,7 @@ class PasswordProtection */ public function handle($request, Closure $next) { - + $error = [ 'message' => 'Invalid Password', 'errors' => new stdClass, @@ -44,9 +44,9 @@ class PasswordProtection else $timeout = $timeout/1000; - if (Cache::get(auth()->user()->hashed_id.'_logged_in')) { + if (Cache::get(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in')) { - Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); return $next($request); @@ -68,12 +68,13 @@ class PasswordProtection //If OAuth and user also has a password set - check both if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) { - Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); + return $next($request); } elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){ - Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); return $next($request); } } @@ -83,7 +84,7 @@ class PasswordProtection }elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) { - Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); + Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); return $next($request); diff --git a/app/Http/Middleware/SetDb.php b/app/Http/Middleware/SetDb.php index 9410482bcc..c94ec5d034 100644 --- a/app/Http/Middleware/SetDb.php +++ b/app/Http/Middleware/SetDb.php @@ -27,6 +27,7 @@ class SetDb */ public function handle($request, Closure $next) { + $error = [ 'message' => 'Invalid Token', 'errors' => new stdClass, diff --git a/app/Libraries/MultiDB.php b/app/Libraries/MultiDB.php index d2ff11741f..59ddc7ec1e 100644 --- a/app/Libraries/MultiDB.php +++ b/app/Libraries/MultiDB.php @@ -146,18 +146,18 @@ class MultiDB * @param array $data * @return User|null */ - public static function hasContact(array $data) : ?ClientContact + public static function hasContact(string $email) : ?ClientContact { if (! config('ninja.db.multi_db_enabled')) { - return ClientContact::where($data)->withTrashed()->first(); + return ClientContact::where('email', $email)->withTrashed()->first(); } foreach (self::$dbs as $db) { - self::setDB($db); - - $user = ClientContacts::where($data)->withTrashed()->first(); + + $user = ClientContact::on($db)->where('email', $email)->withTrashed()->first(); if ($user) { + self::setDB($db); return $user; } } @@ -205,7 +205,6 @@ class MultiDB foreach (self::$dbs as $db) { if ($ct = CompanyToken::on($db)->whereRaw('BINARY `token`= ?', [$token])->first()) { self::setDb($ct->company->db); - return true; } } diff --git a/app/Models/Company.php b/app/Models/Company.php index 47ea068fea..6b5d6c693d 100644 --- a/app/Models/Company.php +++ b/app/Models/Company.php @@ -12,6 +12,7 @@ namespace App\Models; use App\Models\Presenters\CompanyPresenter; +use App\Models\User; use App\Services\Notification\NotificationService; use App\Utils\Ninja; use App\Utils\Traits\CompanySettingsSaver; @@ -20,8 +21,8 @@ use App\Utils\Traits\ThrottlesEmail; use Illuminate\Database\Eloquent\Relations\BelongsTo; use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Notifications\Notification; -use Laracasts\Presenter\PresentableTrait; use Illuminate\Support\Facades\Cache; +use Laracasts\Presenter\PresentableTrait; class Company extends BaseModel { @@ -431,9 +432,11 @@ class Company extends BaseModel } public function owner() - { + {nlog("in owner"); $c = $this->company_users->where('is_owner', true)->first(); +nlog($c); + return User::find($c->user_id); } diff --git a/app/Models/User.php b/app/Models/User.php index f9fb94e5b5..b33feb1d58 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -159,7 +159,7 @@ class User extends Authenticatable implements MustVerifyEmail */ public function setCompany($company) { - config(['ninja.company_id' => $company->id]); + // config(['ninja.company_id' => $company->id]); $this->company = $company; } @@ -170,15 +170,19 @@ class User extends Authenticatable implements MustVerifyEmail public function getCompany() { if ($this->company) { + nlog("company Found"); return $this->company; } if (request()->header('X-API-TOKEN')) { - $company_token = CompanyToken::whereRaw('BINARY `token`= ?', [request()->header('X-API-TOKEN')])->first(); + nlog("no company - using token to resolve"); + $company_token = CompanyToken::with(['company'])->whereRaw('BINARY `token`= ?', [request()->header('X-API-TOKEN')])->first(); + return $company_token->company; } - return Company::find(config('ninja.company_id')); + throw new \Exception('No Company Found'); + //return Company::find(config('ninja.company_id')); } /** diff --git a/resources/views/portal/ninja2020/auth/login.blade.php b/resources/views/portal/ninja2020/auth/login.blade.php index 6147c76bea..ca00982085 100644 --- a/resources/views/portal/ninja2020/auth/login.blade.php +++ b/resources/views/portal/ninja2020/auth/login.blade.php @@ -17,6 +17,13 @@ @endif
+ + @if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid()) +
+ Invoice Ninja logo +
+ @endif +

{{ ctrans('texts.client_portal') }}

diff --git a/resources/views/portal/ninja2020/auth/passwords/request.blade.php b/resources/views/portal/ninja2020/auth/passwords/request.blade.php index bc67fd1f07..2025ce6b8d 100644 --- a/resources/views/portal/ninja2020/auth/passwords/request.blade.php +++ b/resources/views/portal/ninja2020/auth/passwords/request.blade.php @@ -12,6 +12,11 @@ @endif
+ @if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid()) +
+ Invoice Ninja logo +
+ @endif

{{ ctrans('texts.password_recovery') }}

{{ ctrans('texts.reset_password_text') }}

diff --git a/resources/views/portal/ninja2020/auth/passwords/reset.blade.php b/resources/views/portal/ninja2020/auth/passwords/reset.blade.php index 7a9eb94373..99d60d6bfe 100644 --- a/resources/views/portal/ninja2020/auth/passwords/reset.blade.php +++ b/resources/views/portal/ninja2020/auth/passwords/reset.blade.php @@ -13,6 +13,12 @@
+ + @if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid()) +
+ Invoice Ninja logo +
+ @endif

{{ ctrans('texts.password_recovery') }}

{{ ctrans('texts.reset_password_text') }}