INA-12 | Handle microsoft login

2025-06-03 04:44:33 -04:00 · 2022-06-11 04:07:56 +02:00 · 2022-06-11 04:07:56 +02:00 · 469461f490
commit 469461f490
parent f6b22f8fb7
1 changed files with 128 additions and 33 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -92,7 +92,7 @@ class LoginController extends BaseController
     * @return void
     * deprecated .1 API ONLY we don't need to set any session variables
     */
-    public function authenticated(Request $request, User $user) : void
+    public function authenticated(Request $request, User $user): void
    {
        //$this->setCurrentCompanyId($user->companies()->first()->account->default_company_id);
    }
@ -317,7 +317,7 @@ class LoginController extends BaseController
    {
        $truth = app()->make(TruthSource::class);

-        if($truth->getCompanyToken())
+        if ($truth->getCompanyToken())
            $company_token = $truth->getCompanyToken();
        else
            $company_token = CompanyToken::where('token', $request->header('X-API-TOKEN'))->first();
@ -325,21 +325,20 @@ class LoginController extends BaseController
        $cu = CompanyUser::query()
            ->where('user_id', $company_token->user_id);

-        if($cu->count() == 0)
+        if ($cu->count() == 0)
            return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);

-        $cu->first()->account->companies->each(function ($company) use($cu, $request){
+        $cu->first()->account->companies->each(function ($company) use ($cu, $request) {

-            if($company->tokens()->where('is_system', true)->count() == 0)
-            {
+            if ($company->tokens()->where('is_system', true)->count() == 0) {
                CreateCompanyToken::dispatchNow($company, $cu->first()->user, $request->server('HTTP_USER_AGENT'));
            }
        });

-        if($request->has('current_company') && $request->input('current_company') == 'true')
+        if ($request->has('current_company') && $request->input('current_company') == 'true')
            $cu->where("company_id", $company_token->company_id);

-        if(Ninja::isHosted() && !$cu->first()->is_owner && !$cu->first()->user->account->isEnterpriseClient())
+        if (Ninja::isHosted() && !$cu->first()->is_owner && !$cu->first()->user->account->isEnterpriseClient())
            return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);

        return $this->refreshResponse($cu);
@ -359,16 +358,112 @@ class LoginController extends BaseController
     */
    public function oauthApiLogin()
    {
+        $message = 'Provider not supported';
        if (request()->input('provider') == 'google') {
            return $this->handleGoogleOauth();
+        } elseif (request()->input('provider') == 'microsoft') {
+            if (request()->has('token')) {
+                return $this->handleMicrosoftOauth(request()->get('token'));
+            } else {
+                $message = 'Bearer token missing for the microsoft login';
+            }
        }

        return response()
-        ->json(['message' => 'Provider not supported'], 400)
+            ->json(['message' => $message], 400)
            ->header('X-App-Version', config('ninja.app_version'))
            ->header('X-Api-Version', config('ninja.minimum_client_version'));
    }

+    private function handleMicrosoftOauth($token)
+    {
+        $user = Socialite::driver('microsoft')->userFromToken($token);
+
+        if ($user) {
+            $query = [
+                'oauth_user_id' => $user->id,
+                'oauth_provider_id' => 'microsoft',
+            ];
+            if ($existing_user = MultiDB::hasUser($query)) {
+
+                if (!$existing_user->account)
+                    return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
+
+                Auth::login($existing_user, true);
+
+                $cu = $this->hydrateCompanyUser();
+
+                if ($cu->count() == 0)
+                    return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
+
+                if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
+                return $this->timeConstrainedResponse($cu);
+
+            }
+            //If this is a result user/email combo - lets add their OAuth details details
+            if ($existing_login_user = MultiDB::hasUser(['email' => $user->email])) {
+                if (!$existing_login_user->account)
+                    return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
+
+                Auth::login($existing_login_user, true);
+
+                auth()->user()->update([
+                    'oauth_user_id' => $user->id,
+                    'oauth_provider_id' => 'microsoft',
+                ]);
+
+                $cu = $this->hydrateCompanyUser();
+
+                if ($cu->count() == 0)
+                    return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
+
+                if (Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
+                    return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
+                return $this->timeConstrainedResponse($cu);
+            }
+
+            $name = OAuth::splitName($user->name);
+
+            $new_account = [
+                'first_name' => $name[0],
+                'last_name' => $name[1],
+                'password' => '',
+                'email' => $user->email,
+                'oauth_user_id' => $user->id,
+                'oauth_provider_id' => 'microsoft',
+            ];
+
+            MultiDB::setDefaultDatabase();
+
+            $account = CreateAccount::dispatchNow($new_account, request()->getClientIp());
+
+            Auth::login($account->default_company->owner(), true);
+            auth()->user()->email_verified_at = now();
+            auth()->user()->save();
+
+            $cu = $this->hydrateCompanyUser();
+
+            if ($cu->count() == 0)
+                return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
+
+            if (Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
+                return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
+
+            return $this->timeConstrainedResponse($cu);
+        }
+
+
+        return response()
+            ->json(['message' => ctrans('texts.invalid_credentials')], 401)
+            ->header('X-App-Version', config('ninja.app_version'))
+            ->header('X-Api-Version', config('ninja.minimum_client_version'));
+
+
+    }
+
    private function hydrateCompanyUser() :Builder
    {

@ -494,7 +589,7 @@ class LoginController extends BaseController
                // $cu = CompanyUser::query()
                //                   ->where('user_id', auth()->user()->id);

-                if($cu->count() == 0)
+                if ($cu->count() == 0)
                    return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);

                if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())