Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-03 10:54:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for password protection

Browse Source
This commit is contained in:
David Bomba 2021-05-05 16:11:40 +10:00
parent 9ec47e09b2
commit 23f7a74e2c
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Middleware/PasswordProtection.php
View File

@ -40,7 +40,7 @@ class PasswordProtection
$timeout = auth()->user()->company()->default_password_timeout; $timeout = auth()->user()->company()->default_password_timeout;
if($timeout == 0) if($timeout == 0)
$timeout = null; $timeout = now()->addYear();
else else
$timeout = now()->addMinutes($timeout/60000); $timeout = now()->addMinutes($timeout/60000);
@ -68,12 +68,12 @@ class PasswordProtection
//If OAuth and user also has a password set - check both //If OAuth and user also has a password set - check both
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) { if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
} }
elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){ elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
} }
} }
@ -83,7 +83,7 @@ class PasswordProtection
}elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) { }elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);