From 15b4d17bcc8ca76b021ec6d3b83d131318f6fa58 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 23 Nov 2022 12:26:52 +1100 Subject: [PATCH] enforce password protection across entire client portal if invoice passwords are required --- app/Console/Commands/DemoMode.php | 14 ++++++++++++++ app/Http/Middleware/ContactKeyLogin.php | 19 ++++++++++++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/app/Console/Commands/DemoMode.php b/app/Console/Commands/DemoMode.php index 936734e8efe3..20324049db61 100644 --- a/app/Console/Commands/DemoMode.php +++ b/app/Console/Commands/DemoMode.php @@ -22,6 +22,8 @@ use App\Jobs\Company\CreateCompanyTaskStatuses; use App\Jobs\Ninja\CompanySizeCheck; use App\Jobs\Util\VersionCheck; use App\Models\Account; +use App\Models\BankIntegration; +use App\Models\BankTransaction; use App\Models\Client; use App\Models\ClientContact; use App\Models\Company; @@ -223,6 +225,18 @@ class DemoMode extends Command 'company_id' => $company->id, ]); + $bi = BankIntegration::factory()->create([ + 'account_id' => $account->id, + 'company_id' => $company->id, + 'user_id' => $user->id, + ]); + + BankTransaction::factory()->count(50)->create([ + 'bank_integration_id' => $bi->id, + 'user_id' => $user->id, + 'company_id' => $company->id, + ]); + $this->info('Creating '.$this->count.' clients'); for ($x = 0; $x < $this->count; $x++) { diff --git a/app/Http/Middleware/ContactKeyLogin.php b/app/Http/Middleware/ContactKeyLogin.php index 2f216de885ba..deb37428cc57 100644 --- a/app/Http/Middleware/ContactKeyLogin.php +++ b/app/Http/Middleware/ContactKeyLogin.php @@ -41,6 +41,7 @@ class ContactKeyLogin $request->session()->invalidate(); } + //magic links survive for 1 hour if ($request->segment(2) && $request->segment(2) == 'magic_link' && $request->segment(3)) { $payload = Cache::get($request->segment(3)); @@ -66,7 +67,11 @@ class ContactKeyLogin } } elseif ($request->segment(3) && config('ninja.db.multi_db_enabled')) { if (MultiDB::findAndSetDbByContactKey($request->segment(3))) { - if ($client_contact = ClientContact::where('contact_key', $request->segment(3))->first()) { + if ($client_contact = ClientContact::with('company')->where('contact_key', $request->segment(3))->first()) { + + if($client_contact->company->settings->enable_client_portal_password) + return redirect()->route('client.login', ['company_key' => $client_contact->company->company_key]); + if (empty($client_contact->email)) { $client_contact->email = Str::random(6).'@example.com'; } @@ -82,7 +87,11 @@ class ContactKeyLogin } } } elseif ($request->segment(2) && $request->segment(2) == 'key_login' && $request->segment(3)) { - if ($client_contact = ClientContact::where('contact_key', $request->segment(3))->first()) { + if ($client_contact = ClientContact::with('company')->where('contact_key', $request->segment(3))->first()) { + + if($client_contact->company->settings->enable_client_portal_password) + return redirect()->route('client.login', ['company_key' => $client_contact->company->company_key]); + if (empty($client_contact->email)) { $client_contact->email = Str::random(6).'@example.com'; $client_contact->save(); @@ -125,7 +134,11 @@ class ContactKeyLogin return redirect($this->setRedirectPath()); } } elseif ($request->segment(3)) { - if ($client_contact = ClientContact::where('contact_key', $request->segment(3))->first()) { + if ($client_contact = ClientContact::with('company')->where('contact_key', $request->segment(3))->first()) { + + if($client_contact->company->settings->enable_client_portal_password) + return redirect()->route('client.login', ['company_key' => $client_contact->company->company_key]); + if (empty($client_contact->email)) { $client_contact->email = Str::random(6).'@example.com'; $client_contact->save();