diff --git a/VERSION.txt b/VERSION.txt index 831c6cd60031..0c5d745ebb0d 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -5.1.11 \ No newline at end of file +5.1.13 \ No newline at end of file diff --git a/app/Http/Controllers/OneTimeTokenController.php b/app/Http/Controllers/OneTimeTokenController.php new file mode 100644 index 000000000000..17d1a7da7ed3 --- /dev/null +++ b/app/Http/Controllers/OneTimeTokenController.php @@ -0,0 +1,108 @@ + 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_J2FhIhcf9GT5BlWUNeQ1FhnZACaYZrOI&scope=read_write +', + 'stripe_connect' => 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_J2Fh2tZfMlaaItUfbUwBBx4JPss8jCz9&scope=read_write' + ]; + + public function __construct() + { + parent::__construct(); + } + + /** + * Store a newly created resource in storage. + * + * @param CreateOneTimeTokenRequest $request + * @return Response + * + * @OA\Post( + * path="/api/v1/one_time_token", + * operationId="oneTimeToken", + * tags={"one_time_token"}, + * summary="Attempts to create a one time token", + * description="Attempts to create a one time token", + * @OA\Parameter(ref="#/components/parameters/X-Api-Secret"), + * @OA\Parameter(ref="#/components/parameters/X-Requested-With"), + * @OA\Response( + * response=200, + * description="The Company User response", + * @OA\Header(header="X-MINIMUM-CLIENT-VERSION", ref="#/components/headers/X-MINIMUM-CLIENT-VERSION"), + * @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"), + * @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit") + * ), + * @OA\Response( + * response=422, + * description="Validation error", + * @OA\JsonContent(ref="#/components/schemas/ValidationError"), + * ), + * @OA\Response( + * response="default", + * description="Unexpected Error", + * @OA\JsonContent(ref="#/components/schemas/Error"), + * ), + * ) + */ + public function create(OneTimeTokenRequest $request) + { + + $hash = Str::random(64); + + $data = [ + 'user_id' => auth()->user()->id, + 'company_key'=> auth()->company()->company_key, + 'context' => $requst->input('context'), + ]; + + Cache::put( $hash, $data, 3600 ); + + return response()->json(['hash' => $hash], 200); + + } + + public function router(OneTimeRouterRequest $request) + { + $data = Cache::get($request->input('hash')); + + MultiDB::findAndSetDbByCompanyKey($data['company_key']); + + $user = User::findOrFail($data['user_id']); + + Auth::login($user, true); + + Cache::forget($request->input('hash')); + + $this->sendTo($data['context']); + + } + + /* We need to merge all contexts here and redirect to the correct location */ + private function sendTo($context) + { + + return redirect(); + } +} diff --git a/app/Http/Middleware/SetEmailDb.php b/app/Http/Middleware/SetEmailDb.php index 2ae4e7d4890b..8a977d0f30a8 100644 --- a/app/Http/Middleware/SetEmailDb.php +++ b/app/Http/Middleware/SetEmailDb.php @@ -33,10 +33,12 @@ class SetEmailDb ]; if ($request->input('email') && config('ninja.db.multi_db_enabled')) { - nlog("trying to find db"); - if (! MultiDB::userFindAndSetDb($request->input('email'))) { + + + if (! MultiDB::userFindAndSetDb($request->input('email'))) return response()->json($error, 400); - } + + } // else { // return response()->json($error, 403); diff --git a/app/Http/Middleware/UserVerified.php b/app/Http/Middleware/UserVerified.php index ce8a899764aa..06b45d9c4926 100644 --- a/app/Http/Middleware/UserVerified.php +++ b/app/Http/Middleware/UserVerified.php @@ -13,6 +13,7 @@ namespace App\Http\Middleware; use App\Libraries\MultiDB; use App\Models\User; +use App\Utils\Ninja; use Closure; use Hashids\Hashids; use Illuminate\Http\Request; @@ -38,16 +39,14 @@ class UserVerified */ public function handle($request, Closure $next) { + if(Ninja::isSelfHost()) + return $next($request); $error = [ 'message' => 'Email confirmation required.', 'errors' => new \stdClass, ]; - // nlog(auth()->user()->toArray()); - // nlog($this->user->toArray()); - // nlog((bool)$this->user->isVerified()); - if ($this->user && !$this->user->isVerified()) return response()->json($error, 403); diff --git a/app/Http/Requests/OneTimeToken/OneTimeRouterRequest.php b/app/Http/Requests/OneTimeToken/OneTimeRouterRequest.php new file mode 100644 index 000000000000..93bb35ad3a69 --- /dev/null +++ b/app/Http/Requests/OneTimeToken/OneTimeRouterRequest.php @@ -0,0 +1,45 @@ + 'required', + ]; + } + + protected function prepareForValidation() + { + // $input = $this->all(); + // $this->replace($input); + } +} diff --git a/app/Http/Requests/OneTimeToken/OneTimeTokenRequest.php b/app/Http/Requests/OneTimeToken/OneTimeTokenRequest.php new file mode 100644 index 000000000000..a5bee734c2cb --- /dev/null +++ b/app/Http/Requests/OneTimeToken/OneTimeTokenRequest.php @@ -0,0 +1,45 @@ + 'required', + ]; + } + + protected function prepareForValidation() + { + // $input = $this->all(); + // $this->replace($input); + } +} diff --git a/app/Http/Requests/User/StoreUserRequest.php b/app/Http/Requests/User/StoreUserRequest.php index 512994be8b3e..d61b46e59726 100644 --- a/app/Http/Requests/User/StoreUserRequest.php +++ b/app/Http/Requests/User/StoreUserRequest.php @@ -14,6 +14,7 @@ namespace App\Http\Requests\User; use App\DataMapper\DefaultSettings; use App\Factory\UserFactory; use App\Http\Requests\Request; +use App\Http\ValidationRules\User\AttachableUser; use App\Http\ValidationRules\ValidUserForCompany; use App\Libraries\MultiDB; use App\Models\User; @@ -39,9 +40,9 @@ class StoreUserRequest extends Request $rules['last_name'] = 'required|string|max:100'; if (config('ninja.db.multi_db_enabled')) { - $rules['email'] = ['email', new ValidUserForCompany(), Rule::unique('users')->ignore($this->input('company_user.account.id'), 'account_id')]; + $rules['email'] = ['email', new ValidUserForCompany(), new AttachableUser()]; } else { - $rules['email'] = ['email',Rule::unique('users')->ignore($this->input('company_user.account.id'), 'account_id')]; + $rules['email'] = ['email', new AttachableUser()]; } @@ -56,7 +57,10 @@ class StoreUserRequest extends Request { $input = $this->all(); -nlog($this->input('company_user.account')); +//unique user rule - check company_user table for user_id / company_id / account_id if none exist we can add the user. ELSE return false + +//nlog($this->all()); +//nlog($this->input('company_user.account')); // nlog($this->input('company_user.account.id')); // nlog($this->input('company_user.account.id')); diff --git a/app/Http/ValidationRules/User/AttachableUser.php b/app/Http/ValidationRules/User/AttachableUser.php new file mode 100644 index 000000000000..6c572cc32f78 --- /dev/null +++ b/app/Http/ValidationRules/User/AttachableUser.php @@ -0,0 +1,73 @@ +checkUserIsAttachable($value); + } + + /** + * @return string + */ + public function message() + { + return "Cannot add the same user to the same company"; + } + + /** + * @param $user_id + * @return bool + */ + private function checkUserIsAttachable($email) : bool + { + if (empty($email)) { + return false; + } + + $user = User::where('email', $email)->first(); + + if(!$user) + return true; + + $user_already_attached = CompanyUser::query() + ->where('user_id', $user->id) + ->where('account_id',$user->account_id) + ->where('company_id', auth()->user()->company()->id) + ->withTrashed() + ->exists(); + + if($user_already_attached) + return false; + + + return true; + } +} diff --git a/app/Jobs/Entity/CreateEntityPdf.php b/app/Jobs/Entity/CreateEntityPdf.php index e2467e254397..5f368e5d64fa 100644 --- a/app/Jobs/Entity/CreateEntityPdf.php +++ b/app/Jobs/Entity/CreateEntityPdf.php @@ -92,6 +92,8 @@ class CreateEntityPdf implements ShouldQueue App::forgetInstance('translator'); Lang::replace(Ninja::transformTranslations($this->entity->client->getMergedSettings())); + $this->entity->service()->deletePdf(); + if (config('ninja.phantomjs_pdf_generation')) { return (new Phantom)->generate($this->invitation); } diff --git a/app/Jobs/Util/UnlinkFile.php b/app/Jobs/Util/UnlinkFile.php index a7f5f02cb4de..70461add3b70 100644 --- a/app/Jobs/Util/UnlinkFile.php +++ b/app/Jobs/Util/UnlinkFile.php @@ -39,6 +39,8 @@ class UnlinkFile implements ShouldQueue */ public function handle() { + // nlog("deleting"); + // nlog($this->file_path); Storage::disk($this->disk)->delete($this->file_path); } } diff --git a/app/Libraries/MultiDB.php b/app/Libraries/MultiDB.php index 3240283af898..dd5237f35ec9 100644 --- a/app/Libraries/MultiDB.php +++ b/app/Libraries/MultiDB.php @@ -187,9 +187,10 @@ class MultiDB //multi-db active foreach (self::$dbs as $db) { - if (User::on($db)->where(['email' => $email])->get()->count() >= 1) { // if user already exists, validation will fail + + if (User::on($db)->where(['email' => $email])->count() >= 1) return true; - } + } return false; diff --git a/app/Models/Presenters/CompanyPresenter.php b/app/Models/Presenters/CompanyPresenter.php index 10410d9a8a0b..247cce90d47d 100644 --- a/app/Models/Presenters/CompanyPresenter.php +++ b/app/Models/Presenters/CompanyPresenter.php @@ -36,7 +36,13 @@ class CompanyPresenter extends EntityPresenter $settings = $this->entity->settings; } - return (strlen($settings->company_logo) > 0) ? url('') . $settings->company_logo : 'https://www.invoiceninja.com/wp-content/uploads/2019/01/InvoiceNinja-Logo-Round-300x300.png'; + if(strlen($settings->company_logo) >= 1 && strpos($settings->company_logo, 'http')) + return $settings->company_logo; + else if(strlen($settings->company_logo) >= 1) + return url('') . $settings->company_logo; + else + return 'https://www.invoiceninja.com/wp-content/uploads/2019/01/InvoiceNinja-Logo-Round-300x300.png'; + } public function address($settings = null) diff --git a/app/Services/Credit/CreditService.php b/app/Services/Credit/CreditService.php index 85ab8fddc64c..8912c41e3561 100644 --- a/app/Services/Credit/CreditService.php +++ b/app/Services/Credit/CreditService.php @@ -11,6 +11,7 @@ namespace App\Services\Credit; +use App\Jobs\Util\UnlinkFile; use App\Models\Credit; use App\Utils\Traits\MakesHash; @@ -134,7 +135,14 @@ class CreditService return $this; } - + + public function deletePdf() + { + UnlinkFile::dispatchNow(config('filesystems.default'), $this->credit->client->credit_filepath() . $this->credit->number.'.pdf'); + + return $this; + } + /** * Saves the credit. * @return Credit object diff --git a/app/Services/Quote/QuoteService.php b/app/Services/Quote/QuoteService.php index fbf53e623a37..01488348d12c 100644 --- a/app/Services/Quote/QuoteService.php +++ b/app/Services/Quote/QuoteService.php @@ -12,6 +12,7 @@ namespace App\Services\Quote; use App\Events\Quote\QuoteWasApproved; +use App\Jobs\Util\UnlinkFile; use App\Models\Invoice; use App\Models\Quote; use App\Repositories\QuoteRepository; @@ -189,6 +190,13 @@ class QuoteService return $this; } + public function deletePdf() + { + UnlinkFile::dispatchNow(config('filesystems.default'), $this->quote->client->quote_filepath() . $this->quote->number.'.pdf'); + + return $this; + } + /** * Saves the quote. * @return Quote|null diff --git a/app/Services/Recurring/RecurringService.php b/app/Services/Recurring/RecurringService.php index 9942efcc69e5..00811fa404ff 100644 --- a/app/Services/Recurring/RecurringService.php +++ b/app/Services/Recurring/RecurringService.php @@ -11,6 +11,7 @@ namespace App\Services\Recurring; +use App\Jobs\Util\UnlinkFile; use App\Models\RecurringInvoice; use App\Services\Recurring\GetInvoicePdf; use Illuminate\Support\Carbon; @@ -84,6 +85,13 @@ class RecurringService return (new GetInvoicePdf($this->recurring_entity, $contact))->run(); } + public function deletePdf() + { + UnlinkFile::dispatchNow(config('filesystems.default'), $this->recurring_entity->client->recurring_invoice_filepath() . $this->recurring_entity->number.'.pdf'); + + return $this; + } + public function save() { $this->recurring_entity->save(); diff --git a/config/ninja.php b/config/ninja.php index 39402be58760..40e4e421927e 100644 --- a/config/ninja.php +++ b/config/ninja.php @@ -13,7 +13,7 @@ return [ 'require_https' => env('REQUIRE_HTTPS', true), 'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_domain' => env('APP_DOMAIN', ''), - 'app_version' => '5.1.11', + 'app_version' => '5.1.13', 'minimum_client_version' => '5.0.16', 'terms_version' => '1.0.1', 'api_secret' => env('API_SECRET', false), diff --git a/routes/api.php b/routes/api.php index 5728607a20c1..4348c24b679d 100644 --- a/routes/api.php +++ b/routes/api.php @@ -93,6 +93,8 @@ Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'a Route::post('migration/purge_save_settings/{company}', 'MigrationController@purgeCompanySaveSettings')->middleware('password_protected'); Route::post('migration/start', 'MigrationController@startMigration'); + Route::post('one_time_token', 'OneTimeTokenController@create'); + Route::resource('payments', 'PaymentController'); // name = (payments. index / create / show / update / destroy / edit Route::post('payments/refund', 'PaymentController@refund')->name('payments.refund'); Route::post('payments/bulk', 'PaymentController@bulk')->name('payments.bulk'); @@ -178,5 +180,6 @@ Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id ->name('payment_webhook'); Route::post('api/v1/postmark_webhook', 'PostMarkController@webhook'); +Route::get('token_hash_router', 'OneTimeTokenController@router'); Route::fallback('BaseController@notFound');