mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-05-31 22:04:35 -04:00
Reorder middleware to allow route model binding to be delayed
This commit is contained in:
David Bomba
parent
cd6e1fe5c6
commit
777c2dd24a
@ -72,7 +72,7 @@ class ContactForgotPasswordController extends Controller
|
|||||||
{
|
{
|
||||||
//MultiDB::userFindAndSetDb($request->input('email'));
|
//MultiDB::userFindAndSetDb($request->input('email'));
|
||||||
|
|
||||||
$user = MultiDB::hasContact(['email' => $request->input('email')]);
|
$user = MultiDB::hasContact($request->input('email'));
|
||||||
|
|
||||||
$this->validateEmail($request);
|
$this->validateEmail($request);
|
||||||
|
|
||||||
@ -84,6 +84,10 @@ class ContactForgotPasswordController extends Controller
|
|||||||
);
|
);
|
||||||
|
|
||||||
if ($request->ajax()) {
|
if ($request->ajax()) {
|
||||||
|
|
||||||
|
if($response == Password::RESET_THROTTLED)
|
||||||
|
return response()->json(['message' => ctrans('passwords.throttled'), 'status' => false], 429);
|
||||||
|
|
||||||
return $response == Password::RESET_LINK_SENT
|
return $response == Password::RESET_LINK_SENT
|
||||||
? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201)
|
? response()->json(['message' => 'Reset link sent to your email.', 'status' => true], 201)
|
||||||
: response()->json(['message' => 'Email not found', 'status' => false], 401);
|
: response()->json(['message' => 'Email not found', 'status' => false], 401);
|
||||||
|
|||||||
@ -209,7 +209,7 @@ class LoginController extends BaseController
|
|||||||
else
|
else
|
||||||
$timeout = $timeout/1000;
|
$timeout = $timeout/1000;
|
||||||
|
|
||||||
Cache::put($user->hashed_id.'_logged_in', Str::random(64), $timeout);
|
Cache::put($user->hashed_id.'_'.$user->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
|
|
||||||
$cu = CompanyUser::query()
|
$cu = CompanyUser::query()
|
||||||
->where('user_id', auth()->user()->id);
|
->where('user_id', auth()->user()->id);
|
||||||
@ -366,8 +366,7 @@ class LoginController extends BaseController
|
|||||||
else
|
else
|
||||||
$timeout = $timeout/1000;
|
$timeout = $timeout/1000;
|
||||||
|
|
||||||
|
Cache::put($existing_user->hashed_id.'_'.$existing_user->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
Cache::put($existing_user->hashed_id.'_logged_in', Str::random(64), $timeout);
|
|
||||||
|
|
||||||
$cu = CompanyUser::query()
|
$cu = CompanyUser::query()
|
||||||
->where('user_id', auth()->user()->id);
|
->where('user_id', auth()->user()->id);
|
||||||
@ -416,8 +415,7 @@ class LoginController extends BaseController
|
|||||||
else
|
else
|
||||||
$timeout = $timeout/1000;
|
$timeout = $timeout/1000;
|
||||||
|
|
||||||
|
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
|
||||||
|
|
||||||
$cu = CompanyUser::whereUserId(auth()->user()->id);
|
$cu = CompanyUser::whereUserId(auth()->user()->id);
|
||||||
|
|
||||||
|
|||||||
@ -114,7 +114,7 @@ class ConnectedAccountController extends BaseController
|
|||||||
auth()->user()->save();
|
auth()->user()->save();
|
||||||
|
|
||||||
$timeout = auth()->user()->company()->default_password_timeout;
|
$timeout = auth()->user()->company()->default_password_timeout;
|
||||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
|
|
||||||
return $this->itemResponse(auth()->user());
|
return $this->itemResponse(auth()->user());
|
||||||
|
|
||||||
|
|||||||
@ -63,9 +63,11 @@ class UserController extends BaseController
|
|||||||
*/
|
*/
|
||||||
public function __construct(UserRepository $user_repo)
|
public function __construct(UserRepository $user_repo)
|
||||||
{
|
{
|
||||||
|
|
||||||
parent::__construct();
|
parent::__construct();
|
||||||
|
|
||||||
$this->user_repo = $user_repo;
|
$this->user_repo = $user_repo;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -376,7 +378,6 @@ class UserController extends BaseController
|
|||||||
*/
|
*/
|
||||||
public function update(UpdateUserRequest $request, User $user)
|
public function update(UpdateUserRequest $request, User $user)
|
||||||
{
|
{
|
||||||
|
|
||||||
$old_company_user = $user->company_user;
|
$old_company_user = $user->company_user;
|
||||||
$old_user = json_encode($user);
|
$old_user = json_encode($user);
|
||||||
$old_user_email = $user->getOriginal('email');
|
$old_user_email = $user->getOriginal('email');
|
||||||
|
|||||||
@ -160,4 +160,23 @@ class Kernel extends HttpKernel
|
|||||||
'check_client_existence' => CheckClientExistence::class,
|
'check_client_existence' => CheckClientExistence::class,
|
||||||
'user_verified' => UserVerified::class,
|
'user_verified' => UserVerified::class,
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
protected $middlewarePriority = [
|
||||||
|
ContactTokenAuth::class,
|
||||||
|
ContactSetDb::class,
|
||||||
|
SetInviteDb::class,
|
||||||
|
ContactRegister::class,
|
||||||
|
ShopTokenAuth::class,
|
||||||
|
PhantomSecret::class,
|
||||||
|
ContactKeyLogin::class,
|
||||||
|
CheckClientExistence::class,
|
||||||
|
ClientPortalEnabled::class,
|
||||||
|
UrlSetDb::class,
|
||||||
|
SetWebDb::class,
|
||||||
|
SetDb::class,
|
||||||
|
SetDbByCompanyKey::class,
|
||||||
|
TokenAuth::class,
|
||||||
|
SubstituteBindings::class,
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -31,7 +31,7 @@ class PasswordProtection
|
|||||||
*/
|
*/
|
||||||
public function handle($request, Closure $next)
|
public function handle($request, Closure $next)
|
||||||
{
|
{
|
||||||
|
|
||||||
$error = [
|
$error = [
|
||||||
'message' => 'Invalid Password',
|
'message' => 'Invalid Password',
|
||||||
'errors' => new stdClass,
|
'errors' => new stdClass,
|
||||||
@ -44,9 +44,9 @@ class PasswordProtection
|
|||||||
else
|
else
|
||||||
$timeout = $timeout/1000;
|
$timeout = $timeout/1000;
|
||||||
|
|
||||||
if (Cache::get(auth()->user()->hashed_id.'_logged_in')) {
|
if (Cache::get(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in')) {
|
||||||
|
|
||||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
|
|
||||||
@ -68,12 +68,13 @@ class PasswordProtection
|
|||||||
//If OAuth and user also has a password set - check both
|
//If OAuth and user also has a password set - check both
|
||||||
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
|
if ($existing_user = MultiDB::hasUser($query) && auth()->user()->has_password && Hash::check(auth()->user()->password, $request->header('X-API-PASSWORD'))) {
|
||||||
|
|
||||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
}
|
}
|
||||||
elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){
|
elseif($existing_user = MultiDB::hasUser($query) && !auth()->user()->has_password){
|
||||||
|
|
||||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
return $next($request);
|
return $next($request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -83,7 +84,7 @@ class PasswordProtection
|
|||||||
|
|
||||||
}elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
|
}elseif ($request->header('X-API-PASSWORD') && Hash::check($request->header('X-API-PASSWORD'), auth()->user()->password)) {
|
||||||
|
|
||||||
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
|
Cache::put(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in', Str::random(64), $timeout);
|
||||||
|
|
||||||
return $next($request);
|
return $next($request);
|
||||||
|
|
||||||
|
|||||||
@ -27,6 +27,7 @@ class SetDb
|
|||||||
*/
|
*/
|
||||||
public function handle($request, Closure $next)
|
public function handle($request, Closure $next)
|
||||||
{
|
{
|
||||||
|
|
||||||
$error = [
|
$error = [
|
||||||
'message' => 'Invalid Token',
|
'message' => 'Invalid Token',
|
||||||
'errors' => new stdClass,
|
'errors' => new stdClass,
|
||||||
|
|||||||
@ -146,18 +146,18 @@ class MultiDB
|
|||||||
* @param array $data
|
* @param array $data
|
||||||
* @return User|null
|
* @return User|null
|
||||||
*/
|
*/
|
||||||
public static function hasContact(array $data) : ?ClientContact
|
public static function hasContact(string $email) : ?ClientContact
|
||||||
{
|
{
|
||||||
if (! config('ninja.db.multi_db_enabled')) {
|
if (! config('ninja.db.multi_db_enabled')) {
|
||||||
return ClientContact::where($data)->withTrashed()->first();
|
return ClientContact::where('email', $email)->withTrashed()->first();
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach (self::$dbs as $db) {
|
foreach (self::$dbs as $db) {
|
||||||
self::setDB($db);
|
|
||||||
|
$user = ClientContact::on($db)->where('email', $email)->withTrashed()->first();
|
||||||
$user = ClientContacts::where($data)->withTrashed()->first();
|
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
|
self::setDB($db);
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -205,7 +205,6 @@ class MultiDB
|
|||||||
foreach (self::$dbs as $db) {
|
foreach (self::$dbs as $db) {
|
||||||
if ($ct = CompanyToken::on($db)->whereRaw('BINARY `token`= ?', [$token])->first()) {
|
if ($ct = CompanyToken::on($db)->whereRaw('BINARY `token`= ?', [$token])->first()) {
|
||||||
self::setDb($ct->company->db);
|
self::setDb($ct->company->db);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,6 +12,7 @@
|
|||||||
namespace App\Models;
|
namespace App\Models;
|
||||||
|
|
||||||
use App\Models\Presenters\CompanyPresenter;
|
use App\Models\Presenters\CompanyPresenter;
|
||||||
|
use App\Models\User;
|
||||||
use App\Services\Notification\NotificationService;
|
use App\Services\Notification\NotificationService;
|
||||||
use App\Utils\Ninja;
|
use App\Utils\Ninja;
|
||||||
use App\Utils\Traits\CompanySettingsSaver;
|
use App\Utils\Traits\CompanySettingsSaver;
|
||||||
@ -20,8 +21,8 @@ use App\Utils\Traits\ThrottlesEmail;
|
|||||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||||
use Illuminate\Notifications\Notification;
|
use Illuminate\Notifications\Notification;
|
||||||
use Laracasts\Presenter\PresentableTrait;
|
|
||||||
use Illuminate\Support\Facades\Cache;
|
use Illuminate\Support\Facades\Cache;
|
||||||
|
use Laracasts\Presenter\PresentableTrait;
|
||||||
|
|
||||||
class Company extends BaseModel
|
class Company extends BaseModel
|
||||||
{
|
{
|
||||||
@ -431,9 +432,11 @@ class Company extends BaseModel
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function owner()
|
public function owner()
|
||||||
{
|
{nlog("in owner");
|
||||||
$c = $this->company_users->where('is_owner', true)->first();
|
$c = $this->company_users->where('is_owner', true)->first();
|
||||||
|
|
||||||
|
nlog($c);
|
||||||
|
|
||||||
return User::find($c->user_id);
|
return User::find($c->user_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -159,7 +159,7 @@ class User extends Authenticatable implements MustVerifyEmail
|
|||||||
*/
|
*/
|
||||||
public function setCompany($company)
|
public function setCompany($company)
|
||||||
{
|
{
|
||||||
config(['ninja.company_id' => $company->id]);
|
// config(['ninja.company_id' => $company->id]);
|
||||||
|
|
||||||
$this->company = $company;
|
$this->company = $company;
|
||||||
}
|
}
|
||||||
@ -170,15 +170,19 @@ class User extends Authenticatable implements MustVerifyEmail
|
|||||||
public function getCompany()
|
public function getCompany()
|
||||||
{
|
{
|
||||||
if ($this->company) {
|
if ($this->company) {
|
||||||
|
nlog("company Found");
|
||||||
return $this->company;
|
return $this->company;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (request()->header('X-API-TOKEN')) {
|
if (request()->header('X-API-TOKEN')) {
|
||||||
$company_token = CompanyToken::whereRaw('BINARY `token`= ?', [request()->header('X-API-TOKEN')])->first();
|
nlog("no company - using token to resolve");
|
||||||
|
$company_token = CompanyToken::with(['company'])->whereRaw('BINARY `token`= ?', [request()->header('X-API-TOKEN')])->first();
|
||||||
|
|
||||||
return $company_token->company;
|
return $company_token->company;
|
||||||
}
|
}
|
||||||
|
|
||||||
return Company::find(config('ninja.company_id'));
|
throw new \Exception('No Company Found');
|
||||||
|
//return Company::find(config('ninja.company_id'));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -17,6 +17,13 @@
|
|||||||
@endif
|
@endif
|
||||||
<div class="col-span-2 h-screen flex">
|
<div class="col-span-2 h-screen flex">
|
||||||
<div class="m-auto md:w-1/2 lg:w-1/4">
|
<div class="m-auto md:w-1/2 lg:w-1/4">
|
||||||
|
|
||||||
|
@if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid())
|
||||||
|
<div>
|
||||||
|
<img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
|
||||||
|
</div>
|
||||||
|
@endif
|
||||||
|
|
||||||
<div class="flex flex-col">
|
<div class="flex flex-col">
|
||||||
<h1 class="text-center text-3xl">{{ ctrans('texts.client_portal') }}</h1>
|
<h1 class="text-center text-3xl">{{ ctrans('texts.client_portal') }}</h1>
|
||||||
<form action="{{ route('client.login') }}" method="post" class="mt-6">
|
<form action="{{ route('client.login') }}" method="post" class="mt-6">
|
||||||
|
|||||||
@ -12,6 +12,11 @@
|
|||||||
@endif
|
@endif
|
||||||
<div class="col-span-2 h-screen flex">
|
<div class="col-span-2 h-screen flex">
|
||||||
<div class="m-auto w-1/2 md:w-1/3 lg:w-1/4">
|
<div class="m-auto w-1/2 md:w-1/3 lg:w-1/4">
|
||||||
|
@if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid())
|
||||||
|
<div>
|
||||||
|
<img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
|
||||||
|
</div>
|
||||||
|
@endif
|
||||||
<div class="flex flex-col">
|
<div class="flex flex-col">
|
||||||
<h1 class="text-center text-3xl">{{ ctrans('texts.password_recovery') }}</h1>
|
<h1 class="text-center text-3xl">{{ ctrans('texts.password_recovery') }}</h1>
|
||||||
<p class="text-center mt-1 text-gray-600">{{ ctrans('texts.reset_password_text') }}</p>
|
<p class="text-center mt-1 text-gray-600">{{ ctrans('texts.reset_password_text') }}</p>
|
||||||
|
|||||||
@ -13,6 +13,12 @@
|
|||||||
|
|
||||||
<div class="col-span-2 h-screen flex">
|
<div class="col-span-2 h-screen flex">
|
||||||
<div class="m-auto w-1/2 md:w-1/3 lg:w-1/4">
|
<div class="m-auto w-1/2 md:w-1/3 lg:w-1/4">
|
||||||
|
|
||||||
|
@if(\App\Models\Account::count() > 0 && !\App\Models\Account::first()->isPaid())
|
||||||
|
<div>
|
||||||
|
<img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
|
||||||
|
</div>
|
||||||
|
@endif
|
||||||
<div class="flex flex-col">
|
<div class="flex flex-col">
|
||||||
<h1 class="text-center text-3xl">{{ ctrans('texts.password_recovery') }}</h1>
|
<h1 class="text-center text-3xl">{{ ctrans('texts.password_recovery') }}</h1>
|
||||||
<p class="text-center mt-1 text-gray-600">{{ ctrans('texts.reset_password_text') }}</p>
|
<p class="text-center mt-1 text-gray-600">{{ ctrans('texts.reset_password_text') }}</p>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user