Merge pull request #5615 from turbo124/v5-develop

Minor fixes for password protection cache
2024-11-10 13:12:50 +01:00 · 2021-05-05 15:57:14 +10:00 · 2021-05-05 15:57:14 +10:00 · 9ec47e09b2
commit 9ec47e09b2
parent d55a5df148 b9fece424f
3 changed files with 4 additions and 5 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -194,8 +194,8 @@ class LoginController extends BaseController
            }

            $user->setCompany($user->account->default_company);
-            $timeout = auth()->user()->company()->default_password_timeout / 60000;
-            Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
+            $timeout = $user->company()->default_password_timeout / 60000;
+            Cache::put($user->hashed_id.'_logged_in', Str::random(64), $timeout);

            $cu = CompanyUser::query()
                  ->where('user_id', auth()->user()->id);
--- a/app/Http/Middleware/PasswordProtection.php
+++ b/app/Http/Middleware/PasswordProtection.php
@ -46,8 +46,7 @@ class PasswordProtection

        if (Cache::get(auth()->user()->hashed_id.'_logged_in')) {

-            Cache::pull(auth()->user()->hashed_id.'_logged_in');
-            Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
+            Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);

            return $next($request);

--- a/app/Http/Requests/User/UpdateUserRequest.php
+++ b/app/Http/Requests/User/UpdateUserRequest.php
@ -23,7 +23,7 @@ class UpdateUserRequest extends Request
     */
    public function authorize() : bool
    {
-        return auth()->user()->id === $this->id || auth()->user()->isAdmin();
+        return auth()->user()->id == $this->user->id || auth()->user()->isAdmin();
    }

    public function rules()