Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix contact authentication

Browse Source
This commit is contained in:
Joshua Dwire 2016-05-24 17:45:38 -04:00
parent 724f5738aa
commit 29c4f16970
1 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
app/Http/Middleware/Authenticate.php
View File

@ -19,22 +19,29 @@ class Authenticate {
{ {
$authenticated = Auth::guard($guard)->check(); $authenticated = Auth::guard($guard)->check();
if($guard == 'client' && !empty($request->invitation_key)){
$contact_key = session('contact_key');
if($contact_key) {
$contact = $this->getContact($contact_key);
$invitation = $this->getInvitation($request->invitation_key);
if ($contact->id != $invitation->contact_id) {
// This is a different client; reauthenticate
$authenticated = false;
Auth::guard($guard)->logout();
}
Session::put('contact_key', $contact->contact_key);
}
}
if($guard=='client'){ if($guard=='client'){
if(!empty($request->invitation_key)){
$contact_key = session('contact_key');
if($contact_key) {
$contact = $this->getContact($contact_key);
$invitation = $this->getInvitation($request->invitation_key);
if (!$invitation) {
return response()->view('error', [
'error' => trans('texts.invoice_not_found'),
'hideHeader' => true,
]);
}
if ($contact->id != $invitation->contact_id) {
// This is a different client; reauthenticate
$authenticated = false;
Auth::guard($guard)->logout();
}
Session::put('contact_key', $invitation->contact->contact_key);
}
}
if (!empty($request->contact_key)) { if (!empty($request->contact_key)) {
$contact_key = $request->contact_key; $contact_key = $request->contact_key;
Session::put('contact_key', $contact_key); Session::put('contact_key', $contact_key);
@ -44,13 +51,14 @@ class Authenticate {
if ($contact_key) { if ($contact_key) {
$contact = $this->getContact($contact_key); $contact = $this->getContact($contact_key);
$account = $contact->account;
} elseif (!empty($request->invitation_key)) { } elseif (!empty($request->invitation_key)) {
$invitation = $this->getInvitation($request->invitation_key); $invitation = $this->getInvitation($request->invitation_key);
$account = $invitation->account; $contact = $invitation->contact;
Session::put('contact_key', $contact->contact_key);
} else { } else {
return \Redirect::to('client/sessionexpired'); return \Redirect::to('client/sessionexpired');
} }
$account = $contact->account;
if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account->id){ if(Auth::guard('user')->check() && Auth::user('user')->account_id === $account->id){
// This is an admin; let them pretend to be a client // This is an admin; let them pretend to be a client