diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 21eb086cf22d..33eb3fb66eb7 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -157,7 +157,8 @@ class UserController extends BaseController public function destroy(DestroyUserRequest $request, User $user) { $user->delete(); - + $user->tokens->delete(); + return response()->json([], 200); } diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php index 7c963b4db93f..9d0868b1e096 100644 --- a/app/Http/Middleware/TokenAuth.php +++ b/app/Http/Middleware/TokenAuth.php @@ -30,8 +30,13 @@ class TokenAuth if( $request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?",[$request->header('X-API-TOKEN')])->first() ) ) { + $user = $company_token->user; + //user who once existed, but has been soft deleted + if(!$user) + return response()->json(json_encode(['message' => 'User inactive'], JSON_PRETTY_PRINT) ,403); + /* | | Necessary evil here: As we are authenticating on CompanyToken, @@ -41,10 +46,15 @@ class TokenAuth */ $user->setCompany($company_token->company); + //user who once existed, but has been soft deleted + if($user->user_company()->is_locked) + return response()->json(json_encode(['message' => 'User access locked'], JSON_PRETTY_PRINT) ,403); + //stateless, don't remember the user. auth()->login($user, false); event(new UserLoggedIn($user)); + } else { @@ -53,4 +63,5 @@ class TokenAuth return $next($request); } + } diff --git a/app/Http/Requests/User/UpdateUserRequest.php b/app/Http/Requests/User/UpdateUserRequest.php index 762467ded494..c296c9e4bc7b 100644 --- a/app/Http/Requests/User/UpdateUserRequest.php +++ b/app/Http/Requests/User/UpdateUserRequest.php @@ -46,7 +46,6 @@ class UpdateUserRequest extends Request { $input = $this->all(); - if(!isset($input['email'])) { $input['email'] = null;