Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Password protection route with Microsoft OAuth

Browse Source
This commit is contained in:
David Bomba 2022-06-25 08:30:06 +10:00
parent 3fbd1849b3
commit 263ae4f3ac
1 changed files with 36 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
app/Http/Middleware/PasswordProtection.php
View File

@ -61,8 +61,6 @@ class PasswordProtection
}elseif( $request->header('X-API-OAUTH-PASSWORD') && strlen($request->header('X-API-OAUTH-PASSWORD')) >=1){
$user = false;
//user is attempting to reauth with OAuth - check the token value
//todo expand this to include all OAuth providers
if(auth()->user()->oauth_provider_id == 'google')
@ -70,16 +68,6 @@ class PasswordProtection
$user = false;
$google = new Google();
$user = $google->getTokenResponse(request()->header('X-API-OAUTH-PASSWORD'));
}
elseif(auth()->user()->oauth_provider_id == 'microsoft')
{
nlog(request()->header('X-API-OAUTH-PASSWORD'));
nlog(auth()->user()->oauth_user_token);
if(request()->header('X-API-OAUTH-PASSWORD') == auth()->user()->oauth_user_token){
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
return $next($request);
}
}
if (is_array($user)) {
@ -106,6 +94,27 @@ class PasswordProtection
}
}
}
elseif(auth()->user()->oauth_provider_id == 'microsoft')
{
nlog(request()->header('X-API-OAUTH-PASSWORD'));
$graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken(request()->header('X-API-OAUTH-PASSWORD'));
$user = $graph->createRequest("GET", "/me")
->setReturnType(Model\User::class)
->execute();
if($user && ($user->getId() == auth()->user()->oauth_user_id){
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
return $next($request);
}
}
return response()->json($error, 412);