Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5049 from turbo124/v5-develop

Browse Source 
Fixes for 2FA
This commit is contained in:
David Bomba 2021-03-08 07:49:56 +11:00 committed by GitHub
commit 06bc8dd290
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 100 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/Http/Controllers/BaseController.php
View File

@ -504,4 +504,18 @@ class BaseController extends Controller
return redirect('/setup');
}
public function checkFeature($feature)
{
if(auth()->user()->account->hasFeature($feature))
return true;
return false;
}
public function featureFailure()
{
return response()->json(['message' => 'Upgrade to a paid plan for this feature.'], 403);
}
}

5
app/Http/Controllers/InvoiceController.php
View File

@ -30,6 +30,7 @@ use App\Jobs\Entity\EmailEntity;
use App\Jobs\Invoice\StoreInvoice;
use App\Jobs\Invoice\ZipInvoices;
use App\Jobs\Util\UnlinkFile;
use App\Models\Account;
use App\Models\Client;
use App\Models\Invoice;
use App\Models\Quote;
@ -906,7 +907,9 @@ class InvoiceController extends BaseController
*/
public function upload(UploadInvoiceRequest $request, Invoice $invoice)
{
if(!$this->checkFeature(Account::FEATURE_DOCUMENTS))
return $this->featureFailure();
if ($request->has('documents'))
$this->saveDocuments($request->file('documents'), $invoice);

2
app/Http/Controllers/TwoFactorController.php
View File

@ -24,7 +24,7 @@ class TwoFactorController extends BaseController
return response()->json(['message' => '2FA already enabled'], 400);
elseif(! $user->phone)
return response()->json(['message' => ctrans('texts.set_phone_for_two_factor')], 400);
elseif(! $user->confirmed)
elseif(! $user->isVerified())
return response()->json(['message' => 'Please confirm your account first'], 400);
$google2fa = new Google2FA();

75
app/Http/Controllers/WebCronController.php Normal file
View File

@ -0,0 +1,75 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Artisan;
class WebCronController extends Controller
{
public function __construct()
{
}
/**
* Store a newly created resource in storage.
*
* @return Response
*
* @OA\Get(
* path="/api/v1/webcron",
* operationId="webcron",
* tags={"webcron"},
* summary="Executes the task scheduler via a webcron service",
* description="Executes the task scheduler via a webcron service",
* @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
* @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
* @OA\Response(
* response=200,
* description="Success response",
* @OA\Header(header="X-MINIMUM-CLIENT-VERSION", ref="#/components/headers/X-MINIMUM-CLIENT-VERSION"),
* @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
* @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
* ),
* @OA\Response(
* response=422,
* description="Validation error",
* @OA\JsonContent(ref="#/components/schemas/ValidationError"),
* ),
* @OA\Response(
* response="default",
* description="Unexpected Error",
* @OA\JsonContent(ref="#/components/schemas/Error"),
* ),
* )
*/
public function index(Request $request)
{
set_time_limit(0);
if(!config('ninja.webcron_secret'))
return response()->json(['message' => 'Web cron has not been configured'], 403);
if($request->has('secret') && (config('ninja.webcron_secret') == $request->query('secret')))
{
Artisan::call('schedule:run');
return response()->json(['message' => 'Executing web cron'], 200);
}
return response()->json(['message' => 'Invalid secret'], 403);
}
}

8
app/Models/Account.php
View File

@ -167,17 +167,17 @@ class Account extends BaseModel
// Enterprise; No Trial allowed; grandfathered for old pro users
case self::FEATURE_USERS:// Grandfathered for old Pro users
if ($planDetails && $planDetails['trial']) {
if ($plan_details && $plan_details['trial']) {
// Do they have a non-trial plan?
$planDetails = $this->getPlanDetails(false, false);
$plan_details = $this->getPlanDetails(false, false);
}
return $self_host || ! empty($planDetails) && ($planDetails['plan'] == self::PLAN_ENTERPRISE);
return $self_host || ! empty($plan_details) && ($plan_details['plan'] == self::PLAN_ENTERPRISE);
// Enterprise; No Trial allowed
case self::FEATURE_DOCUMENTS:
case self::FEATURE_USER_PERMISSIONS:
return $self_host || ! empty($planDetails) && $planDetails['plan'] == self::PLAN_ENTERPRISE && ! $planDetails['trial'];
return $self_host || ! empty($plan_details) && $plan_details['plan'] == self::PLAN_ENTERPRISE && ! $plan_details['trial'];
default:
return false;

1
config/ninja.php
View File

@ -141,4 +141,5 @@ return [
'snappdf_chromium_path' => env('SNAPPDF_CHROMIUM_PATH', false),
'v4_migration_version' => '4.5.31',
'flutter_canvas_kit' => env('FLUTTER_CANVAS_KIT', false),
'webcron_secret' => env('WEBCRON_SECRET', false),
];

2
routes/api.php
View File

@ -182,5 +182,5 @@ Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id
Route::post('api/v1/postmark_webhook', 'PostMarkController@webhook');
Route::get('token_hash_router', 'OneTimeTokenController@router');
Route::get('webcron', 'WebCronController@index');
Route::fallback('BaseController@notFound');