From d1323c67d632e2cacdc81a3839f661965c8b111d Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 24 Feb 2021 00:02:37 +1100 Subject: [PATCH 1/4] Update VERSION.txt --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index 693ad745af3e..d4bda08b51bd 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -5.1.7 \ No newline at end of file +5.1.8 From 5c8fe825aa2edbf0192fe6164a73964d2a6d3ab3 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 24 Feb 2021 00:02:58 +1100 Subject: [PATCH 2/4] Update ninja.php --- config/ninja.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/ninja.php b/config/ninja.php index bba526d6506f..a2f74a68d4e6 100644 --- a/config/ninja.php +++ b/config/ninja.php @@ -13,7 +13,7 @@ return [ 'require_https' => env('REQUIRE_HTTPS', true), 'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_domain' => env('APP_DOMAIN', ''), - 'app_version' => '5.1.7', + 'app_version' => '5.1.8', 'minimum_client_version' => '5.0.16', 'terms_version' => '1.0.1', 'api_secret' => env('API_SECRET', false), From e64a2b1d9256920cb05ab6a94fa43e566c7f8dbd Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 24 Feb 2021 07:47:28 +1100 Subject: [PATCH 3/4] Version bump --- VERSION.txt | 2 +- config/ninja.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index a106d2aa66c4..bd96b42f4638 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -5.1.8 \ No newline at end of file +5.1.9 \ No newline at end of file diff --git a/config/ninja.php b/config/ninja.php index a2f74a68d4e6..74edc1485493 100644 --- a/config/ninja.php +++ b/config/ninja.php @@ -13,7 +13,7 @@ return [ 'require_https' => env('REQUIRE_HTTPS', true), 'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_domain' => env('APP_DOMAIN', ''), - 'app_version' => '5.1.8', + 'app_version' => '5.1.9', 'minimum_client_version' => '5.0.16', 'terms_version' => '1.0.1', 'api_secret' => env('API_SECRET', false), From 9b1b677e8e5960c587a2cd0b48723d3c7af85f00 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 24 Feb 2021 08:12:23 +1100 Subject: [PATCH 4/4] Working on OAuth password protection routes --- app/Http/Middleware/PasswordProtection.php | 40 +++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/app/Http/Middleware/PasswordProtection.php b/app/Http/Middleware/PasswordProtection.php index 6e2920fb79d7..c22c1181df1e 100644 --- a/app/Http/Middleware/PasswordProtection.php +++ b/app/Http/Middleware/PasswordProtection.php @@ -11,6 +11,8 @@ namespace App\Http\Middleware; +use App\Libraries\MultiDB; +use App\Libraries\OAuth\Providers\Google; use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\Cache; @@ -34,16 +36,52 @@ class PasswordProtection 'errors' => new stdClass, ]; - if ($request->header('X-API-PASSWORD')) { + if($request->header('X-API-OAUTH-PASSWORD')){ + + //user is attempting to reauth with OAuth - check the token value + //todo expand this to include all OAuth providers + $user = false; + $google = new Google(); + $user = $google->getTokenResponse(request()->header('X-API-OAUTH-PASSWORD')); + + if (is_array($user)) { + + $query = [ + 'oauth_user_id' => $google->harvestSubField($user), + 'oauth_provider_id'=> 'google', + ]; + + /* Cannot allow duplicates! */ + if ($existing_user = MultiDB::hasUser($query)) { + return $next($request); + } + } + + $error = [ + 'message' => 'Access denied', + 'errors' => new stdClass, + ]; + + return response()->json($error, 412); + + + }elseif ($request->header('X-API-PASSWORD')) { + + //user is attempting to reauth with regular password + // if (! Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) { return response()->json($error, 403); } + } elseif (Cache::get(auth()->user()->email.'_logged_in')) { + Cache::pull(auth()->user()->email.'_logged_in'); Cache::add(auth()->user()->email.'_logged_in', Str::random(64), now()->addMinutes(30)); return $next($request); + } else { + $error = [ 'message' => 'Access denied', 'errors' => new stdClass,