From 2b95f2a0d4ca16ca4ce03b809a859c686e85025f Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sun, 13 Mar 2022 19:48:57 +1100 Subject: [PATCH 1/5] Fixes for resolving correct company user --- app/Http/Controllers/Auth/LoginController.php | 4 ++ app/Http/Controllers/UserController.php | 6 +- app/Http/Middleware/TokenAuth.php | 4 +- app/Models/CompanyToken.php | 5 ++ app/Models/User.php | 59 ++++++++++++++----- app/Repositories/UserRepository.php | 1 - app/Utils/HtmlEngine.php | 8 ++- tests/Feature/LoginTest.php | 2 +- 8 files changed, 64 insertions(+), 25 deletions(-) diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 9e097983bedd..e608c4d74d36 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -606,6 +606,10 @@ class LoginController extends BaseController if (request()->has('code')) { return $this->handleProviderCallback($provider); } else { + + if(!in_array($provider, ['google'])) + return abort(400, 'Invalid provider'); + return Socialite::driver($provider)->with($parameters)->scopes($scopes)->redirect(); } } diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 697dd36283ce..8864eb6fc9d0 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -380,7 +380,7 @@ class UserController extends BaseController */ public function update(UpdateUserRequest $request, User $user) { - $old_company_user = $user->company_user; + $old_company_user = $user->company_user(); $old_user = json_encode($user); $old_user_email = $user->getOriginal('email'); @@ -398,8 +398,8 @@ class UserController extends BaseController if( - strcasecmp($old_company_user->permissions, $user->company_user->permissions) != 0 || - $old_company_user->is_admin != $user->company_user->is_admin + strcasecmp($old_company_user->permissions, $user->company_user()->permissions) != 0 || + $old_company_user->is_admin != $user->company_user()->is_admin ){ $user->company_user()->update(["permissions_updated_at" => now()]); } diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php index c4122f731129..b46a8485ade8 100644 --- a/app/Http/Middleware/TokenAuth.php +++ b/app/Http/Middleware/TokenAuth.php @@ -30,7 +30,7 @@ class TokenAuth */ public function handle($request, Closure $next) { - if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user', 'company'])->where('token', $request->header('X-API-TOKEN'))->first())) { + if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user', 'company', 'cu'])->where('token', $request->header('X-API-TOKEN'))->first())) { $user = $company_token->user; $error = [ @@ -65,7 +65,7 @@ class TokenAuth }); //user who once existed, but has been soft deleted - if ($company_token->company_user->is_locked) { + if ($company_token->cu->is_locked) { $error = [ 'message' => 'User access locked', 'errors' => new stdClass, diff --git a/app/Models/CompanyToken.php b/app/Models/CompanyToken.php index 1c332e4d55fd..1ccb2d20d0c6 100644 --- a/app/Models/CompanyToken.php +++ b/app/Models/CompanyToken.php @@ -55,4 +55,9 @@ class CompanyToken extends BaseModel ->where('company_id', $this->company_id) ->where('user_id', $this->user_id); } + + public function cu() + { + return $this->hasOneThrough(CompanyUser::class, Company::class, 'id', 'company_id', 'company_id', 'id'); + } } diff --git a/app/Models/User.php b/app/Models/User.php index f9871a9f3191..72ea19940ae4 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -142,6 +142,16 @@ class User extends Authenticatable implements MustVerifyEmail return $this->hasMany(CompanyToken::class)->orderBy('id', 'ASC'); } + public function token() + { + if (request()->header('X-API-TOKEN')) { + return CompanyToken::with(['company','cu'])->where('token', request()->header('X-API-TOKEN'))->first(); + } + + + return $this->tokens()->first(); + } + /** * Returns all companies a user has access to. * @@ -219,17 +229,20 @@ class User extends Authenticatable implements MustVerifyEmail public function co_user() { - return $this->company_user(); + return $this->token()->cu; + // return $this->company_user(); } public function company_user() { - if (! $this->id && auth()->user()) { - $this->id = auth()->user()->id; - } + // if (! $this->id && auth()->user()) { + // $this->id = auth()->user()->id; + // } - return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id') - ->withTrashed(); + return $this->token()->cu; + + // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id') + // ->withTrashed(); // if (request()->header('X-API-TOKEN')) { @@ -268,7 +281,9 @@ class User extends Authenticatable implements MustVerifyEmail */ public function permissions() { - return $this->company_user->permissions; + return $this->token()->cu->permissions; + + // return $this->company_user->permissions; } /** @@ -278,7 +293,9 @@ class User extends Authenticatable implements MustVerifyEmail */ public function settings() { - return json_decode($this->company_user->settings); + return json_decode($this->token()->cu->settings); + + //return json_decode($this->company_user->settings); } /** @@ -288,12 +305,16 @@ class User extends Authenticatable implements MustVerifyEmail */ public function isAdmin() : bool { - return $this->company_user->is_admin; + return $this->token()->cu->is_admin; + + // return $this->company_user->is_admin; } public function isOwner() : bool { - return $this->company_user->is_owner; + return $this->token()->cu->is_owner; + + // return $this->company_user->is_owner; } /** @@ -345,8 +366,13 @@ class User extends Authenticatable implements MustVerifyEmail return $this->isOwner() || $this->isAdmin() || - (stripos($this->company_user->permissions, $all_permission) !== false) || - (stripos($this->company_user->permissions, $permission) !== false); + (stripos($this->token()->cu->permissions, $all_permission) !== false) || + (stripos($this->token()->cu->permissions, $permission) !== false); + + // return $this->isOwner() || + // $this->isAdmin() || + // (stripos($this->company_user->permissions, $all_permission) !== false) || + // (stripos($this->company_user->permissions, $permission) !== false); } public function documents() @@ -370,9 +396,12 @@ class User extends Authenticatable implements MustVerifyEmail public function routeNotificationForSlack($notification) { - if ($this->company_user->slack_webhook_url) { - return $this->company_user->slack_webhook_url; - } + + if($this->token()->cu->slack_webhook_url) + return $this->token()->cu->slack_webhook_url; + // if ($this->company_user->slack_webhook_url) { + // return $this->company_user->slack_webhook_url; + // } } public function routeNotificationForMail($notification) diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php index fdad645cdeb9..09530467a6ad 100644 --- a/app/Repositories/UserRepository.php +++ b/app/Repositories/UserRepository.php @@ -200,7 +200,6 @@ class UserRepository extends BaseRepository $user->is_deleted = false; $user->save(); $user->restore(); - // $user->company_user->restore(); $cu = CompanyUser::withTrashed() ->where('user_id', $user->id) diff --git a/app/Utils/HtmlEngine.php b/app/Utils/HtmlEngine.php index ff6b6a1f2556..b42579eafaf3 100644 --- a/app/Utils/HtmlEngine.php +++ b/app/Utils/HtmlEngine.php @@ -634,9 +634,11 @@ class HtmlEngine { $country = Country::find($this->settings->country_id); - if ($country) { - return ctrans('texts.country_' . $country->iso_3166_2); - } + if($country) + return $country->iso_3166_2; + // if ($country) { + // return ctrans('texts.country_' . $country->iso_3166_2); + // } return ' '; } diff --git a/tests/Feature/LoginTest.php b/tests/Feature/LoginTest.php index 6375dd9de736..7afee2518c74 100644 --- a/tests/Feature/LoginTest.php +++ b/tests/Feature/LoginTest.php @@ -175,7 +175,7 @@ class LoginTest extends TestCase $this->assertTrue($user->companies !== null); $this->assertTrue($user->company_users !== null); $this->assertTrue($user->company_users->first() !== null); - $this->assertTrue($user->company_user->account !== null); + $this->assertTrue($user->company_user()->account !== null); $this->assertEquals($user->email, 'test@example.com'); $this->assertTrue(\Hash::check('123456', $user->password)); From e2cd1e5c71fcba84c5e5a0646eef6da1627687c2 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sun, 13 Mar 2022 20:18:15 +1100 Subject: [PATCH 2/5] Cache company, company_user and user in container --- app/Http/Controllers/BaseController.php | 5 +++ app/Http/Middleware/TokenAuth.php | 7 ++++ app/Models/User.php | 18 +++++++- app/Providers/AppServiceProvider.php | 4 ++ app/Utils/TruthSource.php | 56 +++++++++++++++++++++++++ 5 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 app/Utils/TruthSource.php diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index 55a9354a4342..a7800517e27d 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -19,6 +19,7 @@ use App\Transformers\EntityTransformer; use App\Utils\Ninja; use App\Utils\Statics; use App\Utils\Traits\AppSetup; +use App\Utils\TruthSource; use Illuminate\Contracts\Container\BindingResolutionException; use Illuminate\Database\Eloquent\Builder; use Illuminate\Http\Request; @@ -610,6 +611,10 @@ class BaseController extends Controller protected function listResponse($query) { + $truth = app()->make(TruthSource::class); + + nlog($truth->getCompany()); + $this->buildManager(); $transformer = new $this->entity_transformer(request()->input('serializer')); diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php index b46a8485ade8..743cb9da5e14 100644 --- a/app/Http/Middleware/TokenAuth.php +++ b/app/Http/Middleware/TokenAuth.php @@ -15,6 +15,7 @@ use App\Events\User\UserLoggedIn; use App\Models\CompanyToken; use App\Models\User; use App\Utils\Ninja; +use App\Utils\TruthSource; use Closure; use Illuminate\Http\Request; use stdClass; @@ -52,6 +53,12 @@ class TokenAuth return response()->json($error, 403); } + $truth = app()->make(TruthSource::class); + + $truth->setCompanyUser($company_token->cu); + $truth->setUser($company_token->user); + $truth->setCompany($company_token->company); + /* | | Necessary evil here: As we are authenticating on CompanyToken, diff --git a/app/Models/User.php b/app/Models/User.php index 72ea19940ae4..c8bbb0899677 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -21,6 +21,7 @@ use App\Services\User\UserService; use App\Utils\Traits\MakesHash; use App\Utils\Traits\UserSessionAttributes; use App\Utils\Traits\UserSettings; +use App\Utils\TruthSource; use Illuminate\Contracts\Auth\MustVerifyEmail; use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Model; @@ -30,8 +31,8 @@ use Illuminate\Notifications\Notifiable; use Illuminate\Support\Carbon; use Illuminate\Support\Collection; use Illuminate\Support\Facades\Auth; -use Laracasts\Presenter\PresentableTrait; use Illuminate\Support\Facades\Cache; +use Laracasts\Presenter\PresentableTrait; class User extends Authenticatable implements MustVerifyEmail { @@ -145,7 +146,7 @@ class User extends Authenticatable implements MustVerifyEmail public function token() { if (request()->header('X-API-TOKEN')) { - return CompanyToken::with(['company','cu'])->where('token', request()->header('X-API-TOKEN'))->first(); + return CompanyToken::with(['cu'])->where('token', request()->header('X-API-TOKEN'))->first(); } @@ -180,12 +181,16 @@ class User extends Authenticatable implements MustVerifyEmail */ public function getCompany() { + $truth = app()->make(TruthSource::class); if ($this->company){ return $this->company; } + elseif($truth->getCompany()){ + return $truth->getCompany(); + } elseif (request()->header('X-API-TOKEN')) { $company_token = CompanyToken::with(['company'])->where('token', request()->header('X-API-TOKEN'))->first(); @@ -229,6 +234,12 @@ class User extends Authenticatable implements MustVerifyEmail public function co_user() { + $truth = app()->make(TruthSource::class); + + if($truth->getCompanyUser()){ + return $truth->getCompany(); + } + return $this->token()->cu; // return $this->company_user(); } @@ -239,6 +250,9 @@ class User extends Authenticatable implements MustVerifyEmail // $this->id = auth()->user()->id; // } + // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id') + // ->withTrashed(); + return $this->token()->cu; // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id') diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 495ed33f2242..2206abe686fb 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -15,6 +15,7 @@ use App\Http\Middleware\SetDomainNameDb; use App\Models\Invoice; use App\Models\Proposal; use App\Utils\Ninja; +use App\Utils\TruthSource; use Illuminate\Cache\RateLimiting\Limit; use Illuminate\Database\Eloquent\Relations\Relation; use Illuminate\Queue\Events\JobProcessing; @@ -71,6 +72,9 @@ class AppServiceProvider extends ServiceProvider // \Log::error('Event Job '.$event->job->getJobId); // // \Log::info('Event Job '.$event->job->payload()); // }); + + app()->instance(TruthSource::class, new TruthSource()); + } /** diff --git a/app/Utils/TruthSource.php b/app/Utils/TruthSource.php new file mode 100644 index 000000000000..ed4f3b3c734d --- /dev/null +++ b/app/Utils/TruthSource.php @@ -0,0 +1,56 @@ +company_user = $company_user; + return $this; + } + + public function setUser($user){ + $this->user = $user; + return $this; + } + + public function setCompany($company) + { + $this->company = $company; + return $this; + } + + public function getCompany() + { + return $this->company; + } + + public function getCompanyUser() + { + return $this->company_user; + } + + public function getUser() + { + return $this->user; + } +} From eb5e8bf60c56df64cb7918adc2004de8d37315e7 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sun, 13 Mar 2022 20:24:58 +1100 Subject: [PATCH 3/5] Add CompanyToken to Truth --- app/Http/Middleware/TokenAuth.php | 1 + app/Models/User.php | 6 ++++++ app/Utils/TruthSource.php | 14 ++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php index 743cb9da5e14..53924c89cc17 100644 --- a/app/Http/Middleware/TokenAuth.php +++ b/app/Http/Middleware/TokenAuth.php @@ -58,6 +58,7 @@ class TokenAuth $truth->setCompanyUser($company_token->cu); $truth->setUser($company_token->user); $truth->setCompany($company_token->company); + $truth->setCompanyToken($company_token); /* | diff --git a/app/Models/User.php b/app/Models/User.php index c8bbb0899677..4475288f8552 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -145,6 +145,12 @@ class User extends Authenticatable implements MustVerifyEmail public function token() { + $truth = app()->make(TruthSource::class); + + if($truth->getCompanyToken()){ + return $truth->getCompanyToken(); + } + if (request()->header('X-API-TOKEN')) { return CompanyToken::with(['cu'])->where('token', request()->header('X-API-TOKEN'))->first(); } diff --git a/app/Utils/TruthSource.php b/app/Utils/TruthSource.php index ed4f3b3c734d..1e2841a38c22 100644 --- a/app/Utils/TruthSource.php +++ b/app/Utils/TruthSource.php @@ -21,6 +21,7 @@ class TruthSource public $company_user; + public $company_token; public function setCompanyUser($company_user) { @@ -39,6 +40,13 @@ class TruthSource return $this; } + public function setCompanyToken($company_token) + { + $this->company_token = $company_token; + return $this; + } + + public function getCompany() { return $this->company; @@ -53,4 +61,10 @@ class TruthSource { return $this->user; } + + public function getCompanyToken() + { + return $this->company_token; + } + } From de10dae06a6b3b9ea26dd0bebbfcc8c6f76c7a2c Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sun, 13 Mar 2022 20:26:45 +1100 Subject: [PATCH 4/5] Add CompanyToken to Truth --- app/Models/User.php | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/app/Models/User.php b/app/Models/User.php index 4475288f8552..5e0277895ae8 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -243,7 +243,7 @@ class User extends Authenticatable implements MustVerifyEmail $truth = app()->make(TruthSource::class); if($truth->getCompanyUser()){ - return $truth->getCompany(); + return $truth->getCompanyUser(); } return $this->token()->cu; @@ -259,24 +259,14 @@ class User extends Authenticatable implements MustVerifyEmail // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id') // ->withTrashed(); + $truth = app()->make(TruthSource::class); + + if($truth->getCompanyUser()){ + return $truth->getCompanyUser(); + } + return $this->token()->cu; - // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id') - // ->withTrashed(); - - // if (request()->header('X-API-TOKEN')) { - - // nlog("with an API token"); - // nlog(request()->header('X-API-TOKEN')); - - // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'company_id', 'id', 'company_id') - // ->where('company_tokens.token', request()->header('X-API-TOKEN')) - // ->withTrashed(); - // } else { - // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'company_id', 'id', 'company_id') - // ->where('company_user.user_id', $this->id) - // ->withTrashed(); - // } } /** From 4363f092bed429b5ad696e3f2472353d277c9a46 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sun, 13 Mar 2022 20:36:39 +1100 Subject: [PATCH 5/5] cleanup --- app/Http/Controllers/BaseController.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index a7800517e27d..6d5196d536c3 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -611,9 +611,6 @@ class BaseController extends Controller protected function listResponse($query) { - $truth = app()->make(TruthSource::class); - - nlog($truth->getCompany()); $this->buildManager();