From 3fbd1849b3dc30970d3b01b43ebcb73f44ebb509 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sat, 25 Jun 2022 07:47:15 +1000
Subject: [PATCH] Password protection route with Microsoft OAuth

---
 app/Http/Middleware/PasswordProtection.php | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/app/Http/Middleware/PasswordProtection.php b/app/Http/Middleware/PasswordProtection.php
index b13c9a1e3a86..8c6b4398f51b 100644
--- a/app/Http/Middleware/PasswordProtection.php
+++ b/app/Http/Middleware/PasswordProtection.php
@@ -61,12 +61,26 @@ class PasswordProtection
 
         }elseif( $request->header('X-API-OAUTH-PASSWORD') && strlen($request->header('X-API-OAUTH-PASSWORD')) >=1){
 
+            $user = false;
+
             //user is attempting to reauth with OAuth - check the token value
             //todo expand this to include all OAuth providers
-            $user = false;
-            $google = new Google();
-            $user = $google->getTokenResponse(request()->header('X-API-OAUTH-PASSWORD'));
-            
+            if(auth()->user()->oauth_provider_id == 'google')
+            {
+                $user = false;
+                $google = new Google();
+                $user = $google->getTokenResponse(request()->header('X-API-OAUTH-PASSWORD'));
+            }
+            elseif(auth()->user()->oauth_provider_id == 'microsoft')
+            {
+                nlog(request()->header('X-API-OAUTH-PASSWORD'));
+                nlog(auth()->user()->oauth_user_token);
+                if(request()->header('X-API-OAUTH-PASSWORD') == auth()->user()->oauth_user_token){
+                    Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
+                    return $next($request);
+                }
+            }
+
             if (is_array($user)) {
                 
                 $query = [