Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-04 17:54:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7540 from CirkaN/Cirkovic/INA-12

Browse Source 
Cirkovic/ina 12
This commit is contained in:
David Bomba 2022-06-12 17:13:56 +10:00 committed by GitHub
commit 19216934a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 213 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.env.example
View File

@ -61,3 +61,11 @@ SENTRY_LARAVEL_DSN=https://39389664f3f14969b4c43dadda00a40b@sentry2.invoicing.co
GOOGLE_PLAY_PACKAGE_NAME= GOOGLE_PLAY_PACKAGE_NAME=
APPSTORE_PASSWORD= APPSTORE_PASSWORD=
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=
MICROSOFT_REDIRECT_URI=
APPLE_CLIENT_ID=
APPLE_CLIENT_SECRET=
APPLE_REDIRECT_URI=

118
app/Http/Controllers/Auth/LoginController.php
View File

@ -330,8 +330,7 @@ class LoginController extends BaseController
$cu->first()->account->companies->each(function ($company) use ($cu, $request) { $cu->first()->account->companies->each(function ($company) use ($cu, $request) {
if($company->tokens()->where('is_system', true)->count() == 0) if ($company->tokens()->where('is_system', true)->count() == 0) {
{
CreateCompanyToken::dispatchNow($company, $cu->first()->user, $request->server('HTTP_USER_AGENT')); CreateCompanyToken::dispatchNow($company, $cu->first()->user, $request->server('HTTP_USER_AGENT'));
} }
}); });
@ -359,16 +358,126 @@ class LoginController extends BaseController
*/ */
public function oauthApiLogin() public function oauthApiLogin()
{ {
$message = 'Provider not supported';
if (request()->input('provider') == 'google') { if (request()->input('provider') == 'google') {
return $this->handleGoogleOauth(); return $this->handleGoogleOauth();
} elseif (request()->input('provider') == 'microsoft') {
if (request()->has('token')) {
return $this->handleSocialiteLogin('microsoft', request()->get('token'));
} else {
$message = 'Bearer token missing for the microsoft login';
}
} elseif (request()->input('provider') == 'apple') {
if (request()->has('token')) {
return $this->handleSocialiteLogin('apple', request()->get('token'));
} else {
$message = 'Token is missing for the apple login';
}
} }
return response() return response()
->json(['message' => 'Provider not supported'], 400) ->json(['message' => $message], 400)
->header('X-App-Version', config('ninja.app_version')) ->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version')); ->header('X-Api-Version', config('ninja.minimum_client_version'));
} }
private function getSocialiteUser(string $provider, string $token)
{
return Socialite::driver($provider)->userFromToken($token);
}
private function handleSocialiteLogin($provider, $token)
{
$user = $this->getSocialiteUser($provider, $token);
if ($user) {
return $this->loginOrCreateFromSocialite($user, $provider);
}
return response()
->json(['message' => ctrans('texts.invalid_credentials')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
private function loginOrCreateFromSocialite($user, $provider)
{
$query = [
'oauth_user_id' => $user->id,
'oauth_provider_id' => $provider,
];
if ($existing_user = MultiDB::hasUser($query)) {
if (!$existing_user->account)
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
Auth::login($existing_user, true);
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
}
//If this is a result user/email combo - lets add their OAuth details details
if ($existing_login_user = MultiDB::hasUser(['email' => $user->email])) {
if (!$existing_login_user->account)
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
Auth::login($existing_login_user, true);
auth()->user()->update([
'oauth_user_id' => $user->id,
'oauth_provider_id' => $provider,
]);
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
}
$name = OAuth::splitName($user->name);
$new_account = [
'first_name' => $name[0],
'last_name' => $name[1],
'password' => '',
'email' => $user->email,
'oauth_user_id' => $user->id,
'oauth_provider_id' => $provider,
];
MultiDB::setDefaultDatabase();
$account = CreateAccount::dispatchNow($new_account, request()->getClientIp());
Auth::login($account->default_company->owner(), true);
auth()->user()->email_verified_at = now();
auth()->user()->save();
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if (Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
}
private function hydrateCompanyUser(): Builder private function hydrateCompanyUser(): Builder
{ {
@ -392,8 +501,7 @@ class LoginController extends BaseController
if($cu->count() == 0) if($cu->count() == 0)
return $cu; return $cu;
if(auth()->user()->company_users()->count() != auth()->user()->tokens()->distinct('company_id')->count()) if (auth()->user()->company_users()->count() != auth()->user()->tokens()->distinct('company_id')->count()) {
{
auth()->user()->companies->each(function ($company) { auth()->user()->companies->each(function ($company) {

11
app/Libraries/OAuth/OAuth.php
View File

@ -29,6 +29,8 @@ class OAuth
const SOCIAL_LINKEDIN = 4; const SOCIAL_LINKEDIN = 4;
const SOCIAL_TWITTER = 5; const SOCIAL_TWITTER = 5;
const SOCIAL_BITBUCKET = 6; const SOCIAL_BITBUCKET = 6;
const SOCIAL_MICROSOFT = 7;
const SOCIAL_APPLE = 8;
/** /**
* @param Socialite $user * @param Socialite $user
@ -74,6 +76,10 @@ class OAuth
return 'twitter'; return 'twitter';
case SOCIAL_BITBUCKET: case SOCIAL_BITBUCKET:
return 'bitbucket'; return 'bitbucket';
case SOCIAL_MICROSOFT:
return 'microsoft';
case SOCIAL_APPLE:
return 'apple';
} }
} }
@ -92,6 +98,10 @@ class OAuth
return SOCIAL_TWITTER; return SOCIAL_TWITTER;
case 'bitbucket': case 'bitbucket':
return SOCIAL_BITBUCKET; return SOCIAL_BITBUCKET;
case 'microsoft':
return SOCIAL_MICROSOFT;
case 'apple':
return SOCIAL_APPLE;
} }
} }
@ -103,7 +113,6 @@ class OAuth
$this->provider_id = self::SOCIAL_GOOGLE; $this->provider_id = self::SOCIAL_GOOGLE;
return $this; return $this;
default: default:
return null; return null;
break; break;

7
app/Providers/EventServiceProvider.php
View File

@ -593,7 +593,12 @@ class EventServiceProvider extends ServiceProvider
], ],
VendorWasUpdated::class => [ VendorWasUpdated::class => [
VendorUpdatedActivity::class, VendorUpdatedActivity::class,
] ],
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... Manager won't register drivers that are not added to this listener.
\SocialiteProviders\Apple\AppleExtendSocialite::class . '@handle',
\SocialiteProviders\Microsoft\MicrosoftExtendSocialite::class . '@handle',
],
]; ];

2
composer.json
View File

@ -77,6 +77,8 @@
"sentry/sentry-laravel": "^2", "sentry/sentry-laravel": "^2",
"setasign/fpdf": "^1.8", "setasign/fpdf": "^1.8",
"setasign/fpdi": "^2.3", "setasign/fpdi": "^2.3",
"socialiteproviders/apple": "^5.2",
"socialiteproviders/microsoft": "^4.1",
"square/square": "13.0.0.20210721", "square/square": "13.0.0.20210721",
"stripe/stripe-php": "^7.50", "stripe/stripe-php": "^7.50",
"symfony/http-client": "^5.2", "symfony/http-client": "^5.2",

10
config/services.php
View File

@ -80,4 +80,14 @@ return [
'postmark' => [ 'postmark' => [
'token' => env('POSTMARK_SECRET'), 'token' => env('POSTMARK_SECRET'),
], ],
'microsoft' => [
'client_id' => env('MICROSOFT_CLIENT_ID'),
'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
'redirect' => env('MICROSOFT_REDIRECT_URI')
],
'apple' => [
'client_id' => env('APPLE_CLIENT_ID'),
'client_secret' => env('APPLE_CLIENT_SECRET'),
'redirect' => env('APPLE_REDIRECT_URI')
],
]; ];