Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Password protection route with Microsoft OAuth

Browse Source
This commit is contained in:
David Bomba 2022-06-25 08:39:45 +10:00
parent e8b3fff483
commit 296c6a56a8
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Middleware/PasswordProtection.php
View File

@ -97,16 +97,15 @@ class PasswordProtection
}
elseif(auth()->user()->oauth_provider_id == 'microsoft')
{
nlog(request()->header('X-API-OAUTH-PASSWORD'));
try{
$payload = json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', request()->header('X-API-OAUTH-PASSWORD'))[1]))));
}
catch(\Exception $e){
nlog("could not decode microsoft response");
return response()->json(['message' => 'Could not decode the response from Microsoft'], 412);
}
$graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken(request()->header('X-API-OAUTH-PASSWORD'));
$user = $graph->createRequest("GET", "/me")
->setReturnType(Model\User::class)
->execute();
if($user && ($user->getId() == auth()->user()->oauth_user_id)){
if($payload->preferred_username == auth()->user()->email)){
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
return $next($request);