mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-08 20:22:42 +01:00
Check for blank api secret
This commit is contained in:
Hillel Coren
parent
4c8414f616
commit
d472fcc93d
@ -23,7 +23,10 @@ class ApiCheck {
|
||||
{
|
||||
$loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register');
|
||||
$headers = Utils::getApiHeaders();
|
||||
$hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET));
|
||||
|
||||
if ($secret = env(API_SECRET)) {
|
||||
$hasApiSecret = hash_equals($request->api_secret ?: '', $secret);
|
||||
}
|
||||
|
||||
if ($loggingIn) {
|
||||
// check API secret
|
||||
|
||||
@ -303,11 +303,10 @@ Route::get('/testimonials', function() {
|
||||
Route::get('/compare-online-invoicing{sites?}', function() {
|
||||
return Redirect::to(NINJA_WEB_URL, 301);
|
||||
});
|
||||
Route::get('/forgot_password', function() {
|
||||
return Redirect::to(NINJA_APP_URL.'/forgot', 301);
|
||||
Route::get('/forgot', function() {
|
||||
return Redirect::to(NINJA_APP_URL.'/recover_password', 301);
|
||||
});
|
||||
|
||||
|
||||
if (!defined('CONTACT_EMAIL')) {
|
||||
define('CONTACT_EMAIL', Config::get('mail.from.address'));
|
||||
define('CONTACT_NAME', Config::get('mail.from.name'));
|
||||
|
||||
@ -10,16 +10,16 @@ class Document extends EntityModel
|
||||
'jpg' => 'jpeg',
|
||||
'tif' => 'tiff',
|
||||
);
|
||||
|
||||
|
||||
public static $allowedMimes = array(// Used by Dropzone.js; does not affect what the server accepts
|
||||
'image/png', 'image/jpeg', 'image/tiff', 'application/pdf', 'image/gif', 'image/vnd.adobe.photoshop', 'text/plain',
|
||||
'application/zip', 'application/msword',
|
||||
'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',
|
||||
'application/msword',
|
||||
'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',
|
||||
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
|
||||
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet','application/postscript', 'image/svg+xml',
|
||||
'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.ms-powerpoint',
|
||||
);
|
||||
|
||||
|
||||
public static $types = array(
|
||||
'png' => array(
|
||||
'mime' => 'image/png',
|
||||
@ -48,9 +48,6 @@ class Document extends EntityModel
|
||||
'txt' => array(
|
||||
'mime' => 'text/plain',
|
||||
),
|
||||
'zip' => array(
|
||||
'mime' => 'application/zip',
|
||||
),
|
||||
'doc' => array(
|
||||
'mime' => 'application/msword',
|
||||
),
|
||||
@ -70,18 +67,18 @@ class Document extends EntityModel
|
||||
'mime' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
|
||||
),
|
||||
);
|
||||
|
||||
|
||||
public function fill(array $attributes)
|
||||
{
|
||||
parent::fill($attributes);
|
||||
|
||||
|
||||
if(empty($this->attributes['disk'])){
|
||||
$this->attributes['disk'] = env('DOCUMENT_FILESYSTEM', 'documents');
|
||||
}
|
||||
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
|
||||
public function account()
|
||||
{
|
||||
return $this->belongsTo('App\Models\Account');
|
||||
@ -101,7 +98,7 @@ class Document extends EntityModel
|
||||
{
|
||||
return $this->belongsTo('App\Models\Invoice')->withTrashed();
|
||||
}
|
||||
|
||||
|
||||
public function getDisk(){
|
||||
return Storage::disk(!empty($this->disk)?$this->disk:env('DOCUMENT_FILESYSTEM', 'documents'));
|
||||
}
|
||||
@ -110,19 +107,19 @@ class Document extends EntityModel
|
||||
{
|
||||
$this->attributes['disk'] = $value?$value:env('DOCUMENT_FILESYSTEM', 'documents');
|
||||
}
|
||||
|
||||
|
||||
public function getDirectUrl(){
|
||||
return static::getDirectFileUrl($this->path, $this->getDisk());
|
||||
}
|
||||
|
||||
|
||||
public function getDirectPreviewUrl(){
|
||||
return $this->preview?static::getDirectFileUrl($this->preview, $this->getDisk(), true):null;
|
||||
}
|
||||
|
||||
|
||||
public static function getDirectFileUrl($path, $disk, $prioritizeSpeed = false){
|
||||
$adapter = $disk->getAdapter();
|
||||
$fullPath = $adapter->applyPathPrefix($path);
|
||||
|
||||
|
||||
if($adapter instanceof \League\Flysystem\AwsS3v3\AwsS3Adapter) {
|
||||
$client = $adapter->getClient();
|
||||
$command = $client->getCommand('GetObject', [
|
||||
@ -136,12 +133,12 @@ class Document extends EntityModel
|
||||
$secret = env('RACKSPACE_TEMP_URL_SECRET');
|
||||
if($secret){
|
||||
$object = $adapter->getContainer()->getObject($fullPath);
|
||||
|
||||
|
||||
if(env('RACKSPACE_TEMP_URL_SECRET_SET')){
|
||||
// Go ahead and set the secret too
|
||||
$object->getService()->getAccount()->setTempUrlSecret($secret);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$url = $object->getUrl();
|
||||
$expiry = strtotime('+10 minutes');
|
||||
$urlPath = urldecode($url->getPath());
|
||||
@ -150,64 +147,64 @@ class Document extends EntityModel
|
||||
return sprintf('%s?temp_url_sig=%s&temp_url_expires=%d', $url, $hash, $expiry);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public function getRaw(){
|
||||
$disk = $this->getDisk();
|
||||
|
||||
|
||||
return $disk->get($this->path);
|
||||
}
|
||||
|
||||
|
||||
public function getStream(){
|
||||
$disk = $this->getDisk();
|
||||
|
||||
|
||||
return $disk->readStream($this->path);
|
||||
}
|
||||
|
||||
|
||||
public function getRawPreview(){
|
||||
$disk = $this->getDisk();
|
||||
|
||||
|
||||
return $disk->get($this->preview);
|
||||
}
|
||||
|
||||
|
||||
public function getUrl(){
|
||||
return url('documents/'.$this->public_id.'/'.$this->name);
|
||||
}
|
||||
|
||||
|
||||
public function getClientUrl($invitation){
|
||||
return url('client/documents/'.$invitation->invitation_key.'/'.$this->public_id.'/'.$this->name);
|
||||
}
|
||||
|
||||
|
||||
public function isPDFEmbeddable(){
|
||||
return $this->type == 'jpeg' || $this->type == 'png' || $this->preview;
|
||||
}
|
||||
|
||||
|
||||
public function getVFSJSUrl(){
|
||||
if(!$this->isPDFEmbeddable())return null;
|
||||
return url('documents/js/'.$this->public_id.'/'.$this->name.'.js');
|
||||
}
|
||||
|
||||
|
||||
public function getClientVFSJSUrl(){
|
||||
if(!$this->isPDFEmbeddable())return null;
|
||||
return url('client/documents/js/'.$this->public_id.'/'.$this->name.'.js');
|
||||
}
|
||||
|
||||
|
||||
public function getPreviewUrl(){
|
||||
return $this->preview?url('documents/preview/'.$this->public_id.'/'.$this->name.'.'.pathinfo($this->preview, PATHINFO_EXTENSION)):null;
|
||||
}
|
||||
|
||||
|
||||
public function toArray()
|
||||
{
|
||||
$array = parent::toArray();
|
||||
|
||||
|
||||
if(empty($this->visible) || in_array('url', $this->visible))$array['url'] = $this->getUrl();
|
||||
if(empty($this->visible) || in_array('preview_url', $this->visible))$array['preview_url'] = $this->getPreviewUrl();
|
||||
|
||||
|
||||
return $array;
|
||||
}
|
||||
|
||||
|
||||
public function cloneDocument(){
|
||||
$document = Document::createNew($this);
|
||||
$document->path = $this->path;
|
||||
@ -219,7 +216,7 @@ class Document extends EntityModel
|
||||
$document->size = $this->size;
|
||||
$document->width = $this->width;
|
||||
$document->height = $this->height;
|
||||
|
||||
|
||||
return $document;
|
||||
}
|
||||
}
|
||||
@ -230,11 +227,11 @@ Document::deleted(function ($document) {
|
||||
->where('documents.path', '=', $document->path)
|
||||
->where('documents.disk', '=', $document->disk)
|
||||
->count();
|
||||
|
||||
|
||||
if(!$same_path_count){
|
||||
$document->getDisk()->delete($document->path);
|
||||
}
|
||||
|
||||
|
||||
if($document->preview){
|
||||
$same_preview_count = DB::table('documents')
|
||||
->where('documents.account_id', '=', $document->account_id)
|
||||
@ -245,5 +242,5 @@ Document::deleted(function ($document) {
|
||||
$document->getDisk()->delete($document->preview);
|
||||
}
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
@ -378,7 +378,7 @@
|
||||
}
|
||||
|
||||
window.countUploadingDocuments = 0;
|
||||
@if (Auth::user()->account->hasFeature(FEATURE_DOCUMENTS))
|
||||
|
||||
function handleDocumentAdded(file){
|
||||
// open document when clicked
|
||||
if (file.url) {
|
||||
@ -419,7 +419,7 @@
|
||||
function handleDocumentError() {
|
||||
window.countUploadingDocuments--;
|
||||
}
|
||||
@endif
|
||||
|
||||
</script>
|
||||
|
||||
@stop
|
||||
|
||||
@ -222,7 +222,7 @@
|
||||
@endif
|
||||
<th style="min-width:120px" data-bind="text: costLabel">{{ $invoiceLabels['unit_cost'] }}</th>
|
||||
<th style="{{ $account->hide_quantity ? 'display:none' : 'min-width:120px' }}" data-bind="text: qtyLabel">{{ $invoiceLabels['quantity'] }}</th>
|
||||
<th style="min-width:180px;display:none;" data-bind="visible: $root.invoice_item_taxes.show">{{ trans('texts.tax') }}</th>
|
||||
<th style="min-width:120px;display:none;" data-bind="visible: $root.invoice_item_taxes.show">{{ trans('texts.tax') }}</th>
|
||||
<th style="min-width:120px;">{{ trans('texts.line_total') }}</th>
|
||||
<th style="min-width:32px;" class="hide-border"></th>
|
||||
</tr>
|
||||
@ -1409,7 +1409,7 @@
|
||||
}
|
||||
|
||||
window.countUploadingDocuments = 0;
|
||||
@if ($account->hasFeature(FEATURE_DOCUMENTS))
|
||||
|
||||
function handleDocumentAdded(file){
|
||||
// open document when clicked
|
||||
if (file.url) {
|
||||
@ -1454,7 +1454,6 @@
|
||||
function handleDocumentError() {
|
||||
window.countUploadingDocuments--;
|
||||
}
|
||||
@endif
|
||||
|
||||
</script>
|
||||
@if ($account->hasFeature(FEATURE_DOCUMENTS) && $account->invoice_embed_documents)
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
@if (isset($hideLogo) && $hideLogo)
|
||||
<title>{{ trans('texts.client_portal') }}</title>
|
||||
@else
|
||||
<title>{{ isset($title) ? ($title . ' | Invoice Ninja') : ('Invoice Ninja | ' . trans('texts.app_title')) }}</title>
|
||||
<title>{{ isset($title) ? ($title . ' | Invoice Ninja') : ('Invoice Ninja | ' . trans('texts.app_title')) }}</title>
|
||||
<meta name="description" content="{{ isset($description) ? $description : trans('texts.app_description') }}" />
|
||||
<link href="{{ asset('favicon-v2.png') }}" rel="shortcut icon" type="image/png">
|
||||
@endif
|
||||
@ -22,24 +22,37 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="csrf-token" content="{{ csrf_token() }}">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="msapplication-config" content="none"/>
|
||||
<meta name="msapplication-config" content="none"/>
|
||||
|
||||
<!-- http://stackoverflow.com/questions/19012698/browser-cache-issues-in-laravel-4-application -->
|
||||
<meta http-equiv="cache-control" content="max-age=0" />
|
||||
<meta http-equiv="cache-control" content="no-cache" />
|
||||
<meta http-equiv="cache-control" content="no-store" />
|
||||
<meta http-equiv="cache-control" content="must-revalidate" />
|
||||
<meta http-equiv="expires" content="0" />
|
||||
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
|
||||
<meta http-equiv="pragma" content="no-cache" />
|
||||
|
||||
<link rel="canonical" href="{{ NINJA_APP_URL }}/{{ Request::path() }}" />
|
||||
|
||||
<script src="{{ asset('built.js') }}?no_cache={{ NINJA_VERSION }}" type="text/javascript"></script>
|
||||
<script src="{{ asset('built.js') }}?no_cache={{ NINJA_VERSION }}" type="text/javascript"></script>
|
||||
|
||||
<script type="text/javascript">
|
||||
var NINJA = NINJA || {};
|
||||
NINJA.fontSize = 9;
|
||||
NINJA.isRegistered = {{ \Utils::isRegistered() ? 'true' : 'false' }};
|
||||
|
||||
|
||||
window.onerror = function (errorMsg, url, lineNumber, column, error) {
|
||||
if (errorMsg.indexOf('Script error.') > -1) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (errorMsg.indexOf('No unicode cmap for font') > -1) {
|
||||
alert("Please force refresh the page to update the font cache.\n\n - Windows: Ctrl + F5\n - Mac/Apple: Apple + R or Command + R\n - Linux: F5");
|
||||
}
|
||||
|
||||
try {
|
||||
// Use StackTraceJS to parse the error context
|
||||
// Use StackTraceJS to parse the error context
|
||||
if (error) {
|
||||
var message = error.message ? error.message : error;
|
||||
StackTrace.fromError(error).then(function(result) {
|
||||
@ -51,7 +64,7 @@
|
||||
} else {
|
||||
logError(errorMsg);
|
||||
}
|
||||
|
||||
|
||||
trackEvent('/error', errorMsg);
|
||||
} catch(err) {}
|
||||
|
||||
@ -78,7 +91,7 @@
|
||||
'sSearch': ''
|
||||
}
|
||||
} );
|
||||
|
||||
|
||||
/* This causes problems with some languages. ie, fr_CA
|
||||
var appLocale = '{{App::getLocale()}}';
|
||||
$.extend( true, $.fn.datepicker.defaults, {
|
||||
@ -108,7 +121,7 @@
|
||||
_fbq.loaded = true;
|
||||
}
|
||||
})();
|
||||
|
||||
|
||||
@else
|
||||
function fbq() {
|
||||
// do nothing
|
||||
@ -116,7 +129,7 @@
|
||||
@endif
|
||||
|
||||
window._fbq = window._fbq || [];
|
||||
|
||||
|
||||
</script>
|
||||
|
||||
|
||||
@ -132,7 +145,7 @@
|
||||
|
||||
<body class="body">
|
||||
|
||||
@if (isset($_ENV['TAG_MANAGER_KEY']) && $_ENV['TAG_MANAGER_KEY'])
|
||||
@if (isset($_ENV['TAG_MANAGER_KEY']) && $_ENV['TAG_MANAGER_KEY'])
|
||||
<!-- Google Tag Manager -->
|
||||
<noscript><iframe src="//www.googletagmanager.com/ns.html?id={{ $_ENV['TAG_MANAGER_KEY'] }}"
|
||||
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
|
||||
@ -140,20 +153,20 @@
|
||||
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
|
||||
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
|
||||
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
|
||||
})(window,document,'script','dataLayer','{{ $_ENV['TAG_MANAGER_KEY'] }}');</script>
|
||||
})(window,document,'script','dataLayer','{{ $_ENV['TAG_MANAGER_KEY'] }}');</script>
|
||||
<!-- End Google Tag Manager -->
|
||||
|
||||
<script>
|
||||
function trackEvent(category, action) {}
|
||||
</script>
|
||||
@elseif (isset($_ENV['ANALYTICS_KEY']) && $_ENV['ANALYTICS_KEY'])
|
||||
@elseif (isset($_ENV['ANALYTICS_KEY']) && $_ENV['ANALYTICS_KEY'])
|
||||
<script>
|
||||
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||
|
||||
ga('create', '{{ $_ENV['ANALYTICS_KEY'] }}', 'auto');
|
||||
ga('create', '{{ $_ENV['ANALYTICS_KEY'] }}', 'auto');
|
||||
ga('send', 'pageview');
|
||||
|
||||
function trackEvent(category, action) {
|
||||
@ -165,7 +178,7 @@
|
||||
function trackEvent(category, action) {}
|
||||
</script>
|
||||
@endif
|
||||
|
||||
|
||||
@yield('body')
|
||||
|
||||
<script type="text/javascript">
|
||||
@ -174,7 +187,7 @@
|
||||
$(function() {
|
||||
$('form.warn-on-exit input, form.warn-on-exit textarea, form.warn-on-exit select').change(function() {
|
||||
NINJA.formIsChanged = true;
|
||||
});
|
||||
});
|
||||
|
||||
@if (Session::has('trackEventCategory') && Session::has('trackEventAction'))
|
||||
@if (Session::get('trackEventAction') === '/buy_pro_plan')
|
||||
@ -195,12 +208,12 @@
|
||||
} else {
|
||||
return undefined;
|
||||
}
|
||||
});
|
||||
});
|
||||
function openUrl(url, track) {
|
||||
trackEvent('/view_link', track ? track : url);
|
||||
window.open(url, '_blank');
|
||||
}
|
||||
</script>
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user