Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-03 16:34:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Logging for Password Protection

Browse Source
This commit is contained in:
David Bomba 2021-06-09 16:01:09 +10:00
parent ff0698a274
commit 26a1e34268
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Middleware/PasswordProtection.php
View File

@ -58,6 +58,9 @@ class PasswordProtection
$google = new Google(); $google = new Google();
$user = $google->getTokenResponse(request()->header('X-API-OAUTH-PASSWORD')); $user = $google->getTokenResponse(request()->header('X-API-OAUTH-PASSWORD'));
nlog("user");
nlog($user);
if (is_array($user)) { if (is_array($user)) {
$query = [ $query = [
@ -65,15 +68,21 @@ class PasswordProtection
'oauth_provider_id'=> 'google' 'oauth_provider_id'=> 'google'
]; ];
nlog($query);
//If OAuth and user also has a password set - check both //If OAuth and user also has a password set - check both
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) { if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
nlog("existing user with password");
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
} }
elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){ elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){
nlog("existing user without password");
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout); Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
} }