From 53f79440c061408b5360e522d5151ca638937acc Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 22 Feb 2021 08:27:00 +1100
Subject: [PATCH] Connected accounts

---
 app/Exceptions/Handler.php                    |  16 +-
 .../ConnectedAccountController.php            | 139 ++++++++++++++++++
 routes/api.php                                |   2 +
 3 files changed, 149 insertions(+), 8 deletions(-)
 create mode 100644 app/Http/Controllers/ConnectedAccountController.php

diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 850c67dfaeb1..159fadedfe0e 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -99,21 +99,21 @@ class Handler extends ExceptionHandler
 
     private function validException($exception)
     {
-        if (strpos($exception->getMessage(), 'file_put_contents') !== false) {
+        if (strpos($exception->getMessage(), 'file_put_contents') !== false) 
             return false;
-        }
 
-        if (strpos($exception->getMessage(), 'Permission denied') !== false) {
+        if (strpos($exception->getMessage(), 'Permission denied') !== false) 
             return false;
-        }
         
-        if (strpos($exception->getMessage(), 'flock()') !== false) {
+        if (strpos($exception->getMessage(), 'flock()') !== false) 
             return false;
-        }
 
-        if (strpos($exception->getMessage(), 'expects parameter 1 to be resource') !== false) {
+        if (strpos($exception->getMessage(), 'expects parameter 1 to be resource') !== false) 
             return false;
-        }
+
+        if (strpos($exception->getMessage(), 'fwrite()') !== false)
+            return false
+        
 
         return true;
     }
diff --git a/app/Http/Controllers/ConnectedAccountController.php b/app/Http/Controllers/ConnectedAccountController.php
new file mode 100644
index 000000000000..f212396af2f2
--- /dev/null
+++ b/app/Http/Controllers/ConnectedAccountController.php
@@ -0,0 +1,139 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://opensource.org/licenses/AAL
+ */
+
+namespace App\Http\Controllers;
+
+use App\Libraries\MultiDB;
+use App\Libraries\OAuth\Providers\Google;
+use Illuminate\Http\Request;
+
+class ConnectedAccountController extends BaseController
+{
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+/**
+     * Refreshes the data feed with the current Company User.
+     *
+     * @param Request $request
+     * @return User Refresh Feed.
+     *
+     *
+     * @OA\Post(
+     *      path="/api/v1/connected_account",
+     *      operationId="connected_account",
+     *      tags={"connected_account"},
+     *      summary="Connect an oauth user to an existing user",
+     *      description="Refreshes the dataset",
+     *      @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
+     *      @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
+     *      @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
+     *      @OA\Parameter(ref="#/components/parameters/include"),
+     *      @OA\Parameter(ref="#/components/parameters/include_static"),
+     *      @OA\Parameter(ref="#/components/parameters/clear_cache"),
+     *      @OA\Response(
+     *          response=200,
+     *          description="The Company User response",
+     *          @OA\Header(header="X-MINIMUM-CLIENT-VERSION", ref="#/components/headers/X-MINIMUM-CLIENT-VERSION"),
+     *          @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
+     *          @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit"),
+     *          @OA\JsonContent(ref="#/components/schemas/User"),
+     *       ),
+     *       @OA\Response(
+     *          response=422,
+     *          description="Validation error",
+     *          @OA\JsonContent(ref="#/components/schemas/ValidationError"),
+     *       ),
+     *       @OA\Response(
+     *           response="default",
+     *           description="Unexpected Error",
+     *           @OA\JsonContent(ref="#/components/schemas/Error"),
+     *       ),
+     *     )
+     */
+    public function index(Request $request)
+    {
+        if ($request->input('provider') == 'google') {
+            return $this->handleGoogleOauth();
+        }
+
+        return response()
+        ->json(['message' => 'Provider not supported'], 400)
+        ->header('X-App-Version', config('ninja.app_version'))
+        ->header('X-Api-Version', config('ninja.minimum_client_version'));
+    }
+
+    private function handleGoogleOauth()
+    {
+        $user = false;
+
+        $google = new Google();
+
+        $user = $google->getTokenResponse(request()->input('id_token'));
+
+        if (is_array($user)) {
+            
+            $query = [
+                'oauth_user_id' => $google->harvestSubField($user),
+                'oauth_provider_id'=> 'google',
+            ];
+
+            /* Cannot allow duplicates! */
+            if ($existing_user = MultiDB::hasUser($query)) {
+                return response()
+                ->json(['message' => 'User already exists in system.'], 401)
+                ->header('X-App-Version', config('ninja.app_version'))
+                ->header('X-Api-Version', config('ninja.minimum_client_version'));
+            }
+        }
+
+        if ($user) {
+            $client = new Google_Client();
+            $client->setClientId(config('ninja.auth.google.client_id'));
+            $client->setClientSecret(config('ninja.auth.google.client_secret'));
+            $client->setRedirectUri(config('ninja.app_url'));
+            $token = $client->authenticate(request()->input('server_auth_code'));
+
+            $refresh_token = '';
+
+            if (array_key_exists('refresh_token', $token)) {
+                $refresh_token = $token['refresh_token'];
+            }
+
+
+            $connected_account = [
+                'password' => '',
+                'email' => $google->harvestEmail($user),
+                'oauth_user_id' => $google->harvestSubField($user),
+                'oauth_user_token' => $token,
+                'oauth_user_refresh_token' => $refresh_token,
+                'oauth_provider_id' => 'google',
+                'email_verified_at' =>now()
+            ];
+
+            auth()->user()->update($connected_account);
+            auth()->user()->email_verified_at = now();
+            auth()->user()->save();
+
+            //$ct = CompanyUser::whereUserId(auth()->user()->id);
+
+            return $this->listResponse(auth()->user());
+        }
+
+        return response()
+        ->json(['message' => ctrans('texts.invalid_credentials')], 401)
+        ->header('X-App-Version', config('ninja.app_version'))
+        ->header('X-Api-Version', config('ninja.minimum_client_version'));
+    }
+}
diff --git a/routes/api.php b/routes/api.php
index 53e6e8fc87dd..bc148ded9fc6 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -36,6 +36,8 @@ Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'a
     Route::put('clients/{client}/upload', 'ClientController@upload')->name('clients.upload');
     Route::post('clients/bulk', 'ClientController@bulk')->name('clients.bulk');
 
+    Route::post('connected_account', 'ConnectedAccountController@index');
+
     Route::resource('client_statement', 'ClientStatementController@statement'); // name = (client_statement. index / create / show / update / destroy / edit
 
     Route::post('companies/purge/{company}', 'MigrationController@purgeCompany')->middleware('password_protected');