Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-30 22:24:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

Customize the password protect timeout

Browse Source
This commit is contained in:
David Bomba 2021-03-09 21:52:48 +11:00
parent d7d0768eae
commit 59beb9dd39
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Middleware/PasswordProtection.php
View File

@ -31,22 +31,23 @@ class PasswordProtection
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
// {nlog($request->headers->all());
// nlog($request->all());
$error = [ $error = [
'message' => 'Invalid Password', 'message' => 'Invalid Password',
'errors' => new stdClass, 'errors' => new stdClass,
]; ];
nlog(Cache::get(auth()->user()->hashed_id.'_logged_in')); $timeout = auth()->user()->company()->default_password_timeout;
nlog($request->header('X-API-OAUTH-PASSWORD'));
if($timeout == 0)
$timeout = null;
else
$timeout = now()->addMinutes($timeout);
if (Cache::get(auth()->user()->hashed_id.'_logged_in')) { if (Cache::get(auth()->user()->hashed_id.'_logged_in')) {
Cache::pull(auth()->user()->hashed_id.'_logged_in'); Cache::pull(auth()->user()->hashed_id.'_logged_in');
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
@ -68,12 +69,12 @@ class PasswordProtection
//If OAuth and user also has a password set - check both //If OAuth and user also has a password set - check both
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) { if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
} }
elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){ elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);
} }
} }
@ -83,7 +84,7 @@ class PasswordProtection
}elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) { }elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), now()->addMinutes(30)); Cache::add(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
return $next($request); return $next($request);