From caf653ed69cc6df293f5cc5ec615285d19700ed5 Mon Sep 17 00:00:00 2001
From: David Bomba <davidbomba@Davids-iMac.local>
Date: Thu, 28 Mar 2019 09:21:28 +1100
Subject: [PATCH] Force DB to be set only on company table

---
 app/Http/Middleware/setDb.php                 | 23 +++++++++++++++++--
 app/Jobs/Company/CreateCompany.php            |  2 +-
 app/Jobs/User/CreateUser.php                  |  1 -
 app/Libraries/MultiDB.php                     | 18 +++++++++++++++
 .../SendVerificationNotification.php          |  5 ++--
 app/Models/User.php                           |  1 -
 database/factories/UserFactory.php            |  1 -
 .../2014_10_13_000000_create_users_table.php  |  2 +-
 routes/api.php                                |  2 +-
 9 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/app/Http/Middleware/setDb.php b/app/Http/Middleware/setDb.php
index 769909a9f0..eadfda3d69 100644
--- a/app/Http/Middleware/setDb.php
+++ b/app/Http/Middleware/setDb.php
@@ -14,13 +14,32 @@ class SetDb
      * @param  \Closure  $next
      * @return mixed
      */
+    
     public function handle($request, Closure $next)
     {
-        if (config('ninja.db.multi_db_enabled'))
+
+        $error['error'] = ['message' => 'Database could not be set'];
+
+
+        if( $request->header('X-API-TOKEN') && ($user = CompanyToken::whereRaw("BINARY `token`= ?",[$request->header('X-API-TOKEN')])->first()->user ) && config('ninja.db.multi_db_enabled')) 
         {
-            MultiDB::setDB(auth()->user()->db);
+
+            if(! MultiDB::findAndSetDb($request->header('X-API-TOKEN')))
+            {
+
+            return response()->json(json_encode($error, JSON_PRETTY_PRINT) ,403);
+
+            }
+        
+        }
+        else {
+
+
+            return response()->json(json_encode($error, JSON_PRETTY_PRINT) ,403);
         }
 
         return $next($request);
     }
+
+
 }
diff --git a/app/Jobs/Company/CreateCompany.php b/app/Jobs/Company/CreateCompany.php
index ce9536e99f..f180dda5ab 100644
--- a/app/Jobs/Company/CreateCompany.php
+++ b/app/Jobs/Company/CreateCompany.php
@@ -42,9 +42,9 @@ class CreateCompany
         $company->name = $this->request['first_name'] . ' ' . $this->request['last_name'];
         $company->account_id = $this->account->id;
         $company->company_key = $this->createHash();
-        $company->db = config('database.default');
         $company->ip = request()->ip();
         $company->settings = CompanySettings::defaults();
+        $company->db = config('database.default');
         $company->save();
 
 
diff --git a/app/Jobs/User/CreateUser.php b/app/Jobs/User/CreateUser.php
index fc9c43c587..ece387f254 100644
--- a/app/Jobs/User/CreateUser.php
+++ b/app/Jobs/User/CreateUser.php
@@ -47,7 +47,6 @@ class CreateUser
         $user->password = bcrypt($this->request['password']);
         $user->accepted_terms_version = config('ninja.terms_version');
         $user->confirmation_code = $this->createDbHash(config('database.default'));
-        $user->db = config('database.default');
         $user->fill($this->request);
         $user->save();
 
diff --git a/app/Libraries/MultiDB.php b/app/Libraries/MultiDB.php
index bb751c584a..5bf5fe93e4 100644
--- a/app/Libraries/MultiDB.php
+++ b/app/Libraries/MultiDB.php
@@ -2,6 +2,7 @@
 
 namespace App\Libraries;
 
+use App\Models\CompanyToken;
 use App\Models\User;
 
 /**
@@ -74,6 +75,23 @@ class MultiDB
             return false;
     }
 
+    public static function findAndSetDb($token) :bool
+    {
+
+        foreach (self::$dbs as $db)
+        {
+
+            if($ct = CompanyToken::on($db)->whereRaw("BINARY `token`= ?", [$token])->first()) 
+            {
+
+                self::setDb($ct->company->db);
+                return true;
+            }
+
+        }
+        return false;
+
+    }
 
     /**
      * @param $database
diff --git a/app/Listeners/SendVerificationNotification.php b/app/Listeners/SendVerificationNotification.php
index c181142b69..b5ae81049b 100644
--- a/app/Listeners/SendVerificationNotification.php
+++ b/app/Listeners/SendVerificationNotification.php
@@ -27,13 +27,14 @@ class SendVerificationNotification
      * @return void
      */
     public function handle($event)
-    {
-        //send confirmation email using $event->user
+    {//todo handle the change of DB locaiton to Company Token table
+        /*send confirmation email using $event->user
         MultiDB::setDB($event->user->db);
 
         Mail::to($event->user->email)
             //->cc('')
             //->bcc('')
             ->queue(new VerifyUser($event->user));
+            */
     }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 3037f2b67f..4bbccc46c7 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -92,7 +92,6 @@ class User extends Authenticatable implements MustVerifyEmail
 
         return $ct->company;
 
-//        return $this->companies()->where('company_id', $this->getCurrentCompanyId())->first();
     }
 
     /**
diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php
index c5356a5184..e686612a4b 100644
--- a/database/factories/UserFactory.php
+++ b/database/factories/UserFactory.php
@@ -22,6 +22,5 @@ $factory->define(App\Models\User::class, function (Faker $faker) {
         'email_verified_at' => now(),
         'password'          => bcrypt(config('ninja.testvars.password')), // secret
         'remember_token'    => str_random(10),
-        'db'                => config('database.default')
     ];
 });
diff --git a/database/migrations/2014_10_13_000000_create_users_table.php b/database/migrations/2014_10_13_000000_create_users_table.php
index 18fcadd7bb..98d18d8832 100644
--- a/database/migrations/2014_10_13_000000_create_users_table.php
+++ b/database/migrations/2014_10_13_000000_create_users_table.php
@@ -204,7 +204,6 @@ class CreateUsersTable extends Migration
             $table->unsignedInteger('avatar_width')->nullable();
             $table->unsignedInteger('avatar_height')->nullable();
             $table->unsignedInteger('avatar_size')->nullable();
-            $table->string('db', 100);
             $table->text('signature');
             $table->string('password');
             $table->rememberToken();
@@ -224,6 +223,7 @@ class CreateUsersTable extends Migration
             $table->unsignedInteger('user_id')->index();
             $table->string('token')->nullable();
             $table->string('name')->nullable();
+            $table->string('db', 100)->nullable();
 
             $table->foreign('company_id')->references('id')->on('companies')->onDelete('cascade');
             $table->foreign('account_id')->references('id')->on('accounts')->onDelete('cascade');
diff --git a/routes/api.php b/routes/api.php
index 8281af34d3..4e1585347a 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -25,7 +25,7 @@ Route::group(['middleware' => ['api_secret_check']], function () {
 });
 
 
-Route::group(['middleware' => ['api_secret_check','token_auth']], function () {
+Route::group(['middleware' => ['db','api_secret_check','token_auth']], function () {
 
   Route::resource('clients', 'ClientController'); // name = (clients. index / create / show / update / destroy / edit