INA-12 | Handle microsoft login

2025-06-03 07:34:34 -04:00 · 2022-06-11 04:07:56 +02:00 · 2022-06-11 04:07:56 +02:00 · 469461f490
commit 469461f490
parent f6b22f8fb7
1 changed files with 128 additions and 33 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -330,8 +330,7 @@ class LoginController extends BaseController

        $cu->first()->account->companies->each(function ($company) use ($cu, $request) {

-            if($company->tokens()->where('is_system', true)->count() == 0)
-            {
+            if ($company->tokens()->where('is_system', true)->count() == 0) {
                CreateCompanyToken::dispatchNow($company, $cu->first()->user, $request->server('HTTP_USER_AGENT'));
            }
        });
@ -359,16 +358,112 @@ class LoginController extends BaseController
     */
    public function oauthApiLogin()
    {
+        $message = 'Provider not supported';
        if (request()->input('provider') == 'google') {
            return $this->handleGoogleOauth();
+        } elseif (request()->input('provider') == 'microsoft') {
+            if (request()->has('token')) {
+                return $this->handleMicrosoftOauth(request()->get('token'));
+            } else {
+                $message = 'Bearer token missing for the microsoft login';
+            }
        }

        return response()
-        ->json(['message' => 'Provider not supported'], 400)
+            ->json(['message' => $message], 400)
            ->header('X-App-Version', config('ninja.app_version'))
            ->header('X-Api-Version', config('ninja.minimum_client_version'));
    }

+    private function handleMicrosoftOauth($token)
+    {
+        $user = Socialite::driver('microsoft')->userFromToken($token);
+
+        if ($user) {
+            $query = [
+                'oauth_user_id' => $user->id,
+                'oauth_provider_id' => 'microsoft',
+            ];
+            if ($existing_user = MultiDB::hasUser($query)) {
+
+                if (!$existing_user->account)
+                    return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
+
+                Auth::login($existing_user, true);
+
+                $cu = $this->hydrateCompanyUser();
+
+                if ($cu->count() == 0)
+                    return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
+
+                if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
+                return $this->timeConstrainedResponse($cu);
+
+            }
+            //If this is a result user/email combo - lets add their OAuth details details
+            if ($existing_login_user = MultiDB::hasUser(['email' => $user->email])) {
+                if (!$existing_login_user->account)
+                    return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
+
+                Auth::login($existing_login_user, true);
+
+                auth()->user()->update([
+                    'oauth_user_id' => $user->id,
+                    'oauth_provider_id' => 'microsoft',
+                ]);
+
+                $cu = $this->hydrateCompanyUser();
+
+                if ($cu->count() == 0)
+                    return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
+
+                if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
+                return $this->timeConstrainedResponse($cu);
+            }
+
+            $name = OAuth::splitName($user->name);
+
+            $new_account = [
+                'first_name' => $name[0],
+                'last_name' => $name[1],
+                'password' => '',
+                'email' => $user->email,
+                'oauth_user_id' => $user->id,
+                'oauth_provider_id' => 'microsoft',
+            ];
+
+            MultiDB::setDefaultDatabase();
+
+            $account = CreateAccount::dispatchNow($new_account, request()->getClientIp());
+
+            Auth::login($account->default_company->owner(), true);
+            auth()->user()->email_verified_at = now();
+            auth()->user()->save();
+
+            $cu = $this->hydrateCompanyUser();
+
+            if ($cu->count() == 0)
+                return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
+
+            if (Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
+                return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
+            return $this->timeConstrainedResponse($cu);
+        }
+
+
+        return response()
+            ->json(['message' => ctrans('texts.invalid_credentials')], 401)
+            ->header('X-App-Version', config('ninja.app_version'))
+            ->header('X-Api-Version', config('ninja.minimum_client_version'));
+
+
+    }
+
    private function hydrateCompanyUser() :Builder
    {