Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5013 from turbo124/v5-develop

Browse Source 
One Time Tokens
This commit is contained in:
David Bomba 2021-03-02 19:57:21 +11:00 committed by GitHub
commit 18f20e3fe5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 330 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.txt
View File

@ -1 +1 @@
5.1.11 5.1.13

108
app/Http/Controllers/OneTimeTokenController.php Normal file
View File

@ -0,0 +1,108 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Controllers;
use App\Http\Requests\OneTimeToken\OneTimeRouterRequest;
use App\Http\Requests\OneTimeToken\OneTimeTokenRequest;
use App\Models\User;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Str;
class OneTimeTokenController extends BaseController
{
private $contexts = [
'stripe_connect_test' => 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_J2FhIhcf9GT5BlWUNeQ1FhnZACaYZrOI&scope=read_write
',
'stripe_connect' => 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_J2Fh2tZfMlaaItUfbUwBBx4JPss8jCz9&scope=read_write'
];
public function __construct()
{
parent::__construct();
}
/**
* Store a newly created resource in storage.
*
* @param CreateOneTimeTokenRequest $request
* @return Response
*
* @OA\Post(
* path="/api/v1/one_time_token",
* operationId="oneTimeToken",
* tags={"one_time_token"},
* summary="Attempts to create a one time token",
* description="Attempts to create a one time token",
* @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
* @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
* @OA\Response(
* response=200,
* description="The Company User response",
* @OA\Header(header="X-MINIMUM-CLIENT-VERSION", ref="#/components/headers/X-MINIMUM-CLIENT-VERSION"),
* @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
* @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit")
* ),
* @OA\Response(
* response=422,
* description="Validation error",
* @OA\JsonContent(ref="#/components/schemas/ValidationError"),
* ),
* @OA\Response(
* response="default",
* description="Unexpected Error",
* @OA\JsonContent(ref="#/components/schemas/Error"),
* ),
* )
*/
public function create(OneTimeTokenRequest $request)
{
$hash = Str::random(64);
$data = [
'user_id' => auth()->user()->id,
'company_key'=> auth()->company()->company_key,
'context' => $requst->input('context'),
];
Cache::put( $hash, $data, 3600 );
return response()->json(['hash' => $hash], 200);
}
public function router(OneTimeRouterRequest $request)
{
$data = Cache::get($request->input('hash'));
MultiDB::findAndSetDbByCompanyKey($data['company_key']);
$user = User::findOrFail($data['user_id']);
Auth::login($user, true);
Cache::forget($request->input('hash'));
$this->sendTo($data['context']);
}
/* We need to merge all contexts here and redirect to the correct location */
private function sendTo($context)
{
return redirect();
}
}

8
app/Http/Middleware/SetEmailDb.php
View File

@ -33,10 +33,12 @@ class SetEmailDb
]; ];
if ($request->input('email') && config('ninja.db.multi_db_enabled')) { if ($request->input('email') && config('ninja.db.multi_db_enabled')) {
nlog("trying to find db");
if (! MultiDB::userFindAndSetDb($request->input('email'))) {
if (! MultiDB::userFindAndSetDb($request->input('email')))
return response()->json($error, 400); return response()->json($error, 400);
}
} }
// else { // else {
// return response()->json($error, 403); // return response()->json($error, 403);

7
app/Http/Middleware/UserVerified.php
View File

@ -13,6 +13,7 @@ namespace App\Http\Middleware;
use App\Libraries\MultiDB; use App\Libraries\MultiDB;
use App\Models\User; use App\Models\User;
use App\Utils\Ninja;
use Closure; use Closure;
use Hashids\Hashids; use Hashids\Hashids;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -38,16 +39,14 @@ class UserVerified
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if(Ninja::isSelfHost())
return $next($request);
$error = [ $error = [
'message' => 'Email confirmation required.', 'message' => 'Email confirmation required.',
'errors' => new \stdClass, 'errors' => new \stdClass,
]; ];
// nlog(auth()->user()->toArray());
// nlog($this->user->toArray());
// nlog((bool)$this->user->isVerified());
if ($this->user && !$this->user->isVerified()) if ($this->user && !$this->user->isVerified())
return response()->json($error, 403); return response()->json($error, 403);

45
app/Http/Requests/OneTimeToken/OneTimeRouterRequest.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Requests\OneTimeToken;
use App\Http\Requests\Request;
class OneTimeRouterRequest extends Request
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'hash' => 'required',
];
}
protected function prepareForValidation()
{
// $input = $this->all();
// $this->replace($input);
}
}

45
app/Http/Requests/OneTimeToken/OneTimeTokenRequest.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Requests\OneTimeToken;
use App\Http\Requests\Request;
class OneTimeTokenRequest extends Request
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'context' => 'required',
];
}
protected function prepareForValidation()
{
// $input = $this->all();
// $this->replace($input);
}
}

10
app/Http/Requests/User/StoreUserRequest.php
View File

@ -14,6 +14,7 @@ namespace App\Http\Requests\User;
use App\DataMapper\DefaultSettings; use App\DataMapper\DefaultSettings;
use App\Factory\UserFactory; use App\Factory\UserFactory;
use App\Http\Requests\Request; use App\Http\Requests\Request;
use App\Http\ValidationRules\User\AttachableUser;
use App\Http\ValidationRules\ValidUserForCompany; use App\Http\ValidationRules\ValidUserForCompany;
use App\Libraries\MultiDB; use App\Libraries\MultiDB;
use App\Models\User; use App\Models\User;
@ -39,9 +40,9 @@ class StoreUserRequest extends Request
$rules['last_name'] = 'required|string|max:100'; $rules['last_name'] = 'required|string|max:100';
if (config('ninja.db.multi_db_enabled')) { if (config('ninja.db.multi_db_enabled')) {
$rules['email'] = ['email', new ValidUserForCompany(), Rule::unique('users')->ignore($this->input('company_user.account.id'), 'account_id')]; $rules['email'] = ['email', new ValidUserForCompany(), new AttachableUser()];
} else { } else {
$rules['email'] = ['email',Rule::unique('users')->ignore($this->input('company_user.account.id'), 'account_id')]; $rules['email'] = ['email', new AttachableUser()];
} }
@ -56,7 +57,10 @@ class StoreUserRequest extends Request
{ {
$input = $this->all(); $input = $this->all();
nlog($this->input('company_user.account')); //unique user rule - check company_user table for user_id / company_id / account_id if none exist we can add the user. ELSE return false
//nlog($this->all());
//nlog($this->input('company_user.account'));
// nlog($this->input('company_user.account.id')); // nlog($this->input('company_user.account.id'));
// nlog($this->input('company_user.account.id')); // nlog($this->input('company_user.account.id'));

73
app/Http/ValidationRules/User/AttachableUser.php Normal file
View File

@ -0,0 +1,73 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\ValidationRules\User;
use App\Models\CompanyUser;
use App\Models\User;
use Illuminate\Contracts\Validation\Rule;
/**
* Class AttachableUser.
*/
class AttachableUser implements Rule
{
public function __construct()
{
}
/**
* @param string $attribute
* @param mixed $value
* @return bool
*/
public function passes($attribute, $value)
{
return $this->checkUserIsAttachable($value);
}
/**
* @return string
*/
public function message()
{
return "Cannot add the same user to the same company";
}
/**
* @param $user_id
* @return bool
*/
private function checkUserIsAttachable($email) : bool
{
if (empty($email)) {
return false;
}
$user = User::where('email', $email)->first();
if(!$user)
return true;
$user_already_attached = CompanyUser::query()
->where('user_id', $user->id)
->where('account_id',$user->account_id)
->where('company_id', auth()->user()->company()->id)
->withTrashed()
->exists();
if($user_already_attached)
return false;
return true;
}
}

2
app/Jobs/Entity/CreateEntityPdf.php
View File

@ -92,6 +92,8 @@ class CreateEntityPdf implements ShouldQueue
App::forgetInstance('translator'); App::forgetInstance('translator');
Lang::replace(Ninja::transformTranslations($this->entity->client->getMergedSettings())); Lang::replace(Ninja::transformTranslations($this->entity->client->getMergedSettings()));
$this->entity->service()->deletePdf();
if (config('ninja.phantomjs_pdf_generation')) { if (config('ninja.phantomjs_pdf_generation')) {
return (new Phantom)->generate($this->invitation); return (new Phantom)->generate($this->invitation);
} }

2
app/Jobs/Util/UnlinkFile.php
View File

@ -39,6 +39,8 @@ class UnlinkFile implements ShouldQueue
*/ */
public function handle() public function handle()
{ {
// nlog("deleting");
// nlog($this->file_path);
Storage::disk($this->disk)->delete($this->file_path); Storage::disk($this->disk)->delete($this->file_path);
} }
} }

5
app/Libraries/MultiDB.php
View File

@ -187,9 +187,10 @@ class MultiDB
//multi-db active //multi-db active
foreach (self::$dbs as $db) { foreach (self::$dbs as $db) {
if (User::on($db)->where(['email' => $email])->get()->count() >= 1) { // if user already exists, validation will fail
if (User::on($db)->where(['email' => $email])->count() >= 1)
return true; return true;
}
} }
return false; return false;

8
app/Models/Presenters/CompanyPresenter.php
View File

@ -36,7 +36,13 @@ class CompanyPresenter extends EntityPresenter
$settings = $this->entity->settings; $settings = $this->entity->settings;
} }
return (strlen($settings->company_logo) > 0) ? url('') . $settings->company_logo : 'https://www.invoiceninja.com/wp-content/uploads/2019/01/InvoiceNinja-Logo-Round-300x300.png'; if(strlen($settings->company_logo) >= 1 && strpos($settings->company_logo, 'http'))
return $settings->company_logo;
else if(strlen($settings->company_logo) >= 1)
return url('') . $settings->company_logo;
else
return 'https://www.invoiceninja.com/wp-content/uploads/2019/01/InvoiceNinja-Logo-Round-300x300.png';
} }
public function address($settings = null) public function address($settings = null)

10
app/Services/Credit/CreditService.php
View File

@ -11,6 +11,7 @@
namespace App\Services\Credit; namespace App\Services\Credit;
use App\Jobs\Util\UnlinkFile;
use App\Models\Credit; use App\Models\Credit;
use App\Utils\Traits\MakesHash; use App\Utils\Traits\MakesHash;
@ -134,7 +135,14 @@ class CreditService
return $this; return $this;
} }
public function deletePdf()
{
UnlinkFile::dispatchNow(config('filesystems.default'), $this->credit->client->credit_filepath() . $this->credit->number.'.pdf');
return $this;
}
/** /**
* Saves the credit. * Saves the credit.
* @return Credit object * @return Credit object

8
app/Services/Quote/QuoteService.php
View File

@ -12,6 +12,7 @@
namespace App\Services\Quote; namespace App\Services\Quote;
use App\Events\Quote\QuoteWasApproved; use App\Events\Quote\QuoteWasApproved;
use App\Jobs\Util\UnlinkFile;
use App\Models\Invoice; use App\Models\Invoice;
use App\Models\Quote; use App\Models\Quote;
use App\Repositories\QuoteRepository; use App\Repositories\QuoteRepository;
@ -189,6 +190,13 @@ class QuoteService
return $this; return $this;
} }
public function deletePdf()
{
UnlinkFile::dispatchNow(config('filesystems.default'), $this->quote->client->quote_filepath() . $this->quote->number.'.pdf');
return $this;
}
/** /**
* Saves the quote. * Saves the quote.
* @return Quote|null * @return Quote|null

8
app/Services/Recurring/RecurringService.php
View File

@ -11,6 +11,7 @@
namespace App\Services\Recurring; namespace App\Services\Recurring;
use App\Jobs\Util\UnlinkFile;
use App\Models\RecurringInvoice; use App\Models\RecurringInvoice;
use App\Services\Recurring\GetInvoicePdf; use App\Services\Recurring\GetInvoicePdf;
use Illuminate\Support\Carbon; use Illuminate\Support\Carbon;
@ -84,6 +85,13 @@ class RecurringService
return (new GetInvoicePdf($this->recurring_entity, $contact))->run(); return (new GetInvoicePdf($this->recurring_entity, $contact))->run();
} }
public function deletePdf()
{
UnlinkFile::dispatchNow(config('filesystems.default'), $this->recurring_entity->client->recurring_invoice_filepath() . $this->recurring_entity->number.'.pdf');
return $this;
}
public function save() public function save()
{ {
$this->recurring_entity->save(); $this->recurring_entity->save();

2
config/ninja.php
View File

@ -13,7 +13,7 @@ return [
'require_https' => env('REQUIRE_HTTPS', true), 'require_https' => env('REQUIRE_HTTPS', true),
'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_url' => rtrim(env('APP_URL', ''), '/'),
'app_domain' => env('APP_DOMAIN', ''), 'app_domain' => env('APP_DOMAIN', ''),
'app_version' => '5.1.11', 'app_version' => '5.1.13',
'minimum_client_version' => '5.0.16', 'minimum_client_version' => '5.0.16',
'terms_version' => '1.0.1', 'terms_version' => '1.0.1',
'api_secret' => env('API_SECRET', false), 'api_secret' => env('API_SECRET', false),

3
routes/api.php
View File

@ -93,6 +93,8 @@ Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'a
Route::post('migration/purge_save_settings/{company}', 'MigrationController@purgeCompanySaveSettings')->middleware('password_protected'); Route::post('migration/purge_save_settings/{company}', 'MigrationController@purgeCompanySaveSettings')->middleware('password_protected');
Route::post('migration/start', 'MigrationController@startMigration'); Route::post('migration/start', 'MigrationController@startMigration');
Route::post('one_time_token', 'OneTimeTokenController@create');
Route::resource('payments', 'PaymentController'); // name = (payments. index / create / show / update / destroy / edit Route::resource('payments', 'PaymentController'); // name = (payments. index / create / show / update / destroy / edit
Route::post('payments/refund', 'PaymentController@refund')->name('payments.refund'); Route::post('payments/refund', 'PaymentController@refund')->name('payments.refund');
Route::post('payments/bulk', 'PaymentController@bulk')->name('payments.bulk'); Route::post('payments/bulk', 'PaymentController@bulk')->name('payments.bulk');
@ -178,5 +180,6 @@ Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id
->name('payment_webhook'); ->name('payment_webhook');
Route::post('api/v1/postmark_webhook', 'PostMarkController@webhook'); Route::post('api/v1/postmark_webhook', 'PostMarkController@webhook');
Route::get('token_hash_router', 'OneTimeTokenController@router');
Route::fallback('BaseController@notFound'); Route::fallback('BaseController@notFound');