From 20440189d29781eb5c7d1b192c4637aa11cb63fa Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 4 Mar 2021 16:03:28 +1100 Subject: [PATCH 1/5] Fixes for password protection middleware --- app/Http/Middleware/PasswordProtection.php | 51 +++++++++++----------- app/Repositories/UserRepository.php | 4 ++ 2 files changed, 29 insertions(+), 26 deletions(-) diff --git a/app/Http/Middleware/PasswordProtection.php b/app/Http/Middleware/PasswordProtection.php index 20535de73d7b..7b889a4cedfa 100644 --- a/app/Http/Middleware/PasswordProtection.php +++ b/app/Http/Middleware/PasswordProtection.php @@ -31,12 +31,26 @@ class PasswordProtection */ public function handle($request, Closure $next) { + // {nlog($request->headers->all()); + // nlog($request->all()); + $error = [ 'message' => 'Invalid Password', 'errors' => new stdClass, ]; - if( $request->header('X-API-OAUTH-PASSWORD') && strlen($request->header('X-API-OAUTH-PASSWORD')) >=1 ){ + nlog(Cache::get(auth()->user()->hashed_id.'_logged_in')); + nlog($request->header('X-API-OAUTH-PASSWORD')); + + + if (Cache::get(auth()->user()->hashed_id.'_logged_in')) { + + Cache::pull(auth()->user()->hashed_id.'_logged_in'); + Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); + + return $next($request); + + }elseif( $request->header('X-API-OAUTH-PASSWORD') && strlen($request->header('X-API-OAUTH-PASSWORD')) >=1){ //user is attempting to reauth with OAuth - check the token value //todo expand this to include all OAuth providers @@ -48,51 +62,36 @@ class PasswordProtection $query = [ 'oauth_user_id' => $google->harvestSubField($user), - 'oauth_provider_id'=> 'google', + 'oauth_provider_id'=> 'google' ]; - /* Cannot allow duplicates! */ - if ($existing_user = MultiDB::hasUser($query)) { + //If OAuth and user also has a password set - check both + if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) { + Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); return $next($request); } - } + elseif($existing_user = MultiDB::hasUser($query) && !auth()->uer()->has_password){ - $error = [ - 'message' => 'Access denied', - 'errors' => new stdClass, - ]; + Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); + return $next($request); + } + } return response()->json($error, 412); - }elseif ($request->header('X-API-PASSWORD')) { + }elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) { - //user is attempting to reauth with regular password - // - if (! Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) { - return response()->json($error, 403); - } - - } elseif (Cache::get(auth()->user()->hashed_id.'_logged_in')) { - - Cache::pull(auth()->user()->hashed_id.'_logged_in'); Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); return $next($request); } else { - $error = [ - 'message' => 'Access denied', - 'errors' => new stdClass, - ]; - return response()->json($error, 412); } - Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30)); - return $next($request); } } diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php index bf1c96592180..bc47a2b5bafe 100644 --- a/app/Repositories/UserRepository.php +++ b/app/Repositories/UserRepository.php @@ -74,6 +74,10 @@ class UserRepository extends BaseRepository } $user->account_id = $account->id; + + if(strlen($user->password) >=1) + $user->has_password = true; + $user->save(); if (isset($data['company_user'])) { From 7dae7cb326a393ff06e784f26b23dd84b6fe5faa Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 4 Mar 2021 19:42:22 +1100 Subject: [PATCH 2/5] Fixes for mailer --- app/Console/Commands/CheckData.php | 2 +- app/Jobs/Mail/NinjaMailerJob.php | 2 +- app/Services/Client/PaymentMethod.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Console/Commands/CheckData.php b/app/Console/Commands/CheckData.php index eae52b925ee1..0b8ad079ea92 100644 --- a/app/Console/Commands/CheckData.php +++ b/app/Console/Commands/CheckData.php @@ -103,7 +103,7 @@ class CheckData extends Command if ($errorEmail) { Mail::raw($this->log, function ($message) use ($errorEmail, $database) { $message->to($errorEmail) - ->from(config('ninja.error_email')) + ->from(config('mail.from.address'), config('mail.from.name')) ->subject('Check-Data: '.strtoupper($this->isValid ? Account::RESULT_SUCCESS : Account::RESULT_FAILURE)." [{$database}]"); }); } elseif (! $this->isValid) { diff --git a/app/Jobs/Mail/NinjaMailerJob.php b/app/Jobs/Mail/NinjaMailerJob.php index 9405750032fb..af1b42f525f2 100644 --- a/app/Jobs/Mail/NinjaMailerJob.php +++ b/app/Jobs/Mail/NinjaMailerJob.php @@ -91,7 +91,7 @@ class NinjaMailerJob implements ShouldQueue } catch (\Exception $e) { nlog("error failed with {$e->getMessage()}"); - nlog($e); + // nlog($e); if($this->nmo->entity) $this->entityEmailFailed($e->getMessage()); diff --git a/app/Services/Client/PaymentMethod.php b/app/Services/Client/PaymentMethod.php index 811c04c9186e..84b214b2fefc 100644 --- a/app/Services/Client/PaymentMethod.php +++ b/app/Services/Client/PaymentMethod.php @@ -140,7 +140,7 @@ class PaymentMethod if ($this->validGatewayForAmount($gateway->fees_and_limits->{$type}, $this->amount) && $gateway->fees_and_limits->{$type}->is_enabled) { - if($type == GatewayType::BANK_TRANSFER); + // if($type == GatewayType::BANK_TRANSFER); $this->payment_methods[] = [$gateway->id => $type]; } From f99195c07a34ad4f27c9f24631bfe46962be243f Mon Sep 17 00:00:00 2001 From: David Bomba Date: Fri, 5 Mar 2021 11:16:38 +1100 Subject: [PATCH 3/5] Small fixes --- app/Listeners/Mail/MailSentListener.php | 2 +- app/Utils/HtmlEngine.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Listeners/Mail/MailSentListener.php b/app/Listeners/Mail/MailSentListener.php index 0774daa68c65..4eeca50018cc 100644 --- a/app/Listeners/Mail/MailSentListener.php +++ b/app/Listeners/Mail/MailSentListener.php @@ -37,7 +37,7 @@ class MailSentListener implements ShouldQueue public function handle(MessageSent $event) { - if(property_exists($event->message, 'invitation')){ + if(property_exists($event->message, 'invitation') && $event->message->invitation){ MultiDB::setDb($event->message->invitation->company->db); diff --git a/app/Utils/HtmlEngine.php b/app/Utils/HtmlEngine.php index ae649088f098..f04963499b58 100644 --- a/app/Utils/HtmlEngine.php +++ b/app/Utils/HtmlEngine.php @@ -271,7 +271,7 @@ class HtmlEngine $data['$company.city_state_postal'] = ['value' => $this->company->present()->cityStateZip($this->settings->city, $this->settings->state, $this->settings->postal_code, false) ?: ' ', 'label' => ctrans('texts.city_state_postal')]; $data['$company.postal_city_state'] = ['value' => $this->company->present()->cityStateZip($this->settings->city, $this->settings->state, $this->settings->postal_code, true) ?: ' ', 'label' => ctrans('texts.postal_city_state')]; - $data['$company.name'] = ['value' => $this->company->present()->name() ?: ' ', 'label' => ctrans('texts.company_name')]; + $data['$company.name'] = ['value' => $this->settings->name ?: ' ', 'label' => ctrans('texts.company_name')]; $data['$company.address1'] = ['value' => $this->settings->address1 ?: ' ', 'label' => ctrans('texts.address1')]; $data['$company.address2'] = ['value' => $this->settings->address2 ?: ' ', 'label' => ctrans('texts.address2')]; $data['$company.city'] = ['value' => $this->settings->city ?: ' ', 'label' => ctrans('texts.city')]; From 5d2c09b3b9b1124fe3599ed6cb70917e48707d30 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Fri, 5 Mar 2021 20:28:53 +1100 Subject: [PATCH 4/5] Missing translations --- resources/lang/en/texts.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/resources/lang/en/texts.php b/resources/lang/en/texts.php index 117e28371135..bcdc10a6741b 100644 --- a/resources/lang/en/texts.php +++ b/resources/lang/en/texts.php @@ -4148,6 +4148,8 @@ $LANG = array( 'agree' => 'Agree', 'pending_approval' => 'Pending Approval', + 'migration_select_company_label' => 'Select companies to migrate', + 'force_migration' => 'Force migration', ); return $LANG; From 44d83bd6e3c2cd29bf59efb0bbc92f862c44d130 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Fri, 5 Mar 2021 20:31:33 +1100 Subject: [PATCH 5/5] Missing Translations --- resources/lang/en/texts.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/resources/lang/en/texts.php b/resources/lang/en/texts.php index bcdc10a6741b..c68fd3a87125 100644 --- a/resources/lang/en/texts.php +++ b/resources/lang/en/texts.php @@ -4144,12 +4144,29 @@ $LANG = array( 'group_documents' => 'Group documents', 'quote_approval_confirmation_label' => 'Are you sure you want to approve this quote?', - 'click_agree_to_accept_terms' => 'Click "Agree" to Accept Terms.', - 'agree' => 'Agree', + 'click_agree_to_accept_terms' => 'Click "Agree" to Accept Terms.', + 'agree' => 'Agree', - 'pending_approval' => 'Pending Approval', + 'pending_approval' => 'Pending Approval', 'migration_select_company_label' => 'Select companies to migrate', 'force_migration' => 'Force migration', + 'require_password_with_social_login' => 'Require Password with Social Login', + 'stay_logged_in' => 'Stay Logged In', + 'session_about_to_expire' => 'Warning: Your session is about to expire', + 'count_hours' => ':count Hours', + 'count_day' => '1 Day', + 'count_days' => ':count Days', + 'web_session_timeout' => 'Web Session Timeout', + 'security_settings' => 'Security Settings', + 'resend_email' => 'Resend Email', + 'confirm_your_email_address' => 'Please confirm your email address', + 'freshbooks' => 'FreshBooks', + 'invoice2go' => 'Invoice2go', + 'invoicely' => 'Invoicely', + 'waveaccounting' => 'Wave Accounting', + 'zoho' => 'Zoho', + 'accounting' => 'Accounting', + 'required_files_missing' => 'Please provide all CSVs.', ); return $LANG;