diff --git a/app/Http/Controllers/PaymentController.php b/app/Http/Controllers/PaymentController.php index 02b59b870efb..aec7c8897ce0 100644 --- a/app/Http/Controllers/PaymentController.php +++ b/app/Http/Controllers/PaymentController.php @@ -6,10 +6,16 @@ use Redirect; use Session; use Utils; use View; +use Validator; +use Omnipay; +use CreditCard; +use URL; use App\Models\Invoice; +use App\Models\Invitation; use App\Models\Client; use App\Models\PaymentType; +use App\Models\Country; use App\Ninja\Repositories\PaymentRepository; use App\Ninja\Repositories\InvoiceRepository; @@ -362,7 +368,8 @@ class PaymentController extends BaseController 'paymentLibrary' => $paymentLibrary, 'gateway' => $gateway, 'acceptedCreditCardTypes' => $acceptedCreditCardTypes, - 'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + //'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + 'countries' => Country::orderBy('name')->get(), 'currencyId' => $client->currency_id, 'account' => $client->account ]; @@ -411,7 +418,8 @@ class PaymentController extends BaseController 'paymentLibrary' => $paymentLibrary, 'gateway' => $gateway, 'acceptedCreditCardTypes' => $acceptedCreditCardTypes, - 'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + //'countries' => Country::remember(DEFAULT_QUERY_CACHE)->orderBy('name')->get(), + 'countries' => Country::orderBy('name')->get(), 'currencyId' => 1, 'paymentTitle' => $affiliate->payment_title, 'paymentSubtitle' => $affiliate->payment_subtitle, @@ -554,7 +562,7 @@ class PaymentController extends BaseController } } - $invitation = Invitation::with('invoice.invoice_items', 'invoice.client.currency', 'invoice.client.account.account_gateways.gateway')->where('invitation_key', '=', $invitationKey)->firstOrFail(); + $invitation = Invitation::with('invoice.invoice_items', 'invoice.client.currency', 'invoice.client.account.currency', 'invoice.client.account.account_gateways.gateway')->where('invitation_key', '=', $invitationKey)->firstOrFail(); $invoice = $invitation->invoice; $client = $invoice->client; $account = $client->account; diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index ae6bf2d97dd4..509dbf1cce9b 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -10,13 +10,13 @@ class Kernel extends HttpKernel { * @var array */ protected $middleware = [ - 'App\Http\Middleware\StartupCheck', - 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode', + 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode', 'Illuminate\Cookie\Middleware\EncryptCookies', 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse', 'Illuminate\Session\Middleware\StartSession', 'Illuminate\View\Middleware\ShareErrorsFromSession', 'App\Http\Middleware\VerifyCsrfToken', + 'App\Http\Middleware\StartupCheck', ]; /** @@ -28,7 +28,7 @@ class Kernel extends HttpKernel { 'auth' => 'App\Http\Middleware\Authenticate', 'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth', 'guest' => 'App\Http\Middleware\RedirectIfAuthenticated', - 'absurd' => 'App\Http\Middleware\StartupCheck', + 'api' => 'App\Http\Middleware\ApiCheck', ]; } diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php new file mode 100644 index 000000000000..24753a0fc7a8 --- /dev/null +++ b/app/Http/Middleware/ApiCheck.php @@ -0,0 +1,75 @@ +first(['id', 'user_id']); + + if ($token) { + Auth::loginUsingId($token->user_id); + Session::set('token_id', $token->id); + } else { + sleep(3); + return Response::make('Invalid token', 403, $headers); + } + + if (!Utils::isNinja()) { + return null; + } + + if (!Utils::isPro()) { + return Response::make('API requires pro plan', 403, $headers); + } else { + $accountId = Auth::user()->account->id; + + // http://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users + $hour = 60 * 60; + $hour_limit = 100; # users are limited to 100 requests/hour + $hour_throttle = Cache::get("hour_throttle:{$accountId}", null); + $last_api_request = Cache::get("last_api_request:{$accountId}", 0); + $last_api_diff = time() - $last_api_request; + + if (is_null($hour_throttle)) { + $new_hour_throttle = 0; + } else { + $new_hour_throttle = $hour_throttle - $last_api_diff; + $new_hour_throttle = $new_hour_throttle < 0 ? 0 : $new_hour_throttle; + $new_hour_throttle += $hour / $hour_limit; + $hour_hits_remaining = floor(( $hour - $new_hour_throttle ) * $hour_limit / $hour); + $hour_hits_remaining = $hour_hits_remaining >= 0 ? $hour_hits_remaining : 0; + } + + if ($new_hour_throttle > $hour) { + $wait = ceil($new_hour_throttle - $hour); + sleep(1); + return Response::make("Please wait {$wait} second(s)", 403, $headers); + } + + Cache::put("hour_throttle:{$accountId}", $new_hour_throttle, 10); + Cache::put("last_api_request:{$accountId}", time(), 10); + } + + + return $next($request); + } + +} \ No newline at end of file diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php index db688181ff87..e6e3a4ebefd7 100644 --- a/app/Http/Middleware/RedirectIfAuthenticated.php +++ b/app/Http/Middleware/RedirectIfAuthenticated.php @@ -35,7 +35,7 @@ class RedirectIfAuthenticated { { if ($this->auth->check()) { - return new RedirectResponse(url('/')); + return new RedirectResponse(url('/dashboard')); } return $next($request); diff --git a/app/Http/Middleware/StartupCheck.php b/app/Http/Middleware/StartupCheck.php index 0c37fd5d2cf5..fb0c7df3154f 100644 --- a/app/Http/Middleware/StartupCheck.php +++ b/app/Http/Middleware/StartupCheck.php @@ -7,6 +7,8 @@ use Auth; use Input; use Redirect; use Cache; +use Session; +use Event; use App\Models\Currency; use App\Events\UserSettingsChanged; @@ -22,7 +24,6 @@ class StartupCheck { */ public function handle($request, Closure $next) { - // Ensure all request are over HTTPS in production if (App::environment() == ENV_PRODUCTION) { @@ -151,7 +152,7 @@ class StartupCheck { } } } - + return $next($request); } diff --git a/app/Http/routes.php b/app/Http/routes.php index 2391cd2a0124..18f5914afd70 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -55,10 +55,12 @@ Route::post('signup/submit', 'AccountController@submitSignup'); // Laravel auth routes +/* Route::controllers([ 'auth' => 'Auth\AuthController', 'password' => 'Auth\PasswordController', ]); +*/ get('/signup', array('as' => 'signup', 'uses' => 'Auth\AuthController@getRegister')); post('/signup', array('as' => 'signup', 'uses' => 'Auth\AuthController@postRegister')); @@ -88,7 +90,7 @@ if (\App\Libraries\Utils::isNinja()) { Route::get('/demo', 'AccountController@demo'); } -Route::group(array('middleware' => 'auth'), function() { +Route::group(['middleware' => 'auth'], function() { Route::get('dashboard', 'DashboardController@index'); Route::get('view_archive/{entity_type}/{visible}', 'AccountController@setTrashVisible'); Route::get('hide_message', 'HomeController@hideMessage'); @@ -169,7 +171,7 @@ Route::group(array('middleware' => 'auth'), function() { }); // Route group for API -Route::group(array('prefix' => 'api/v1', 'before' => ['api.access']), function() +Route::group(['middleware' => 'api', 'prefix' => 'api/v1'], function() { Route::resource('ping', 'ClientApiController@ping'); Route::resource('clients', 'ClientApiController'); diff --git a/app/Models/Account.php b/app/Models/Account.php index 1b3df82ab00b..a47dc417710c 100644 --- a/app/Models/Account.php +++ b/app/Models/Account.php @@ -66,6 +66,11 @@ class Account extends Eloquent return $this->belongsTo('App\Models\Size'); } + public function currency() + { + return $this->belongsTo('App\Models\Currency'); + } + public function industry() { return $this->belongsTo('App\Models\Industry'); diff --git a/resources/views/dashboard.blade.php b/resources/views/dashboard.blade.php index 0002652750f1..30d9bbb737f1 100644 --- a/resources/views/dashboard.blade.php +++ b/resources/views/dashboard.blade.php @@ -124,7 +124,7 @@ @foreach ($upcoming as $invoice) @if (!$invoice->client->trashed()) - {{ $invoice->getLink() }} + {!! $invoice->getLink() !!} {{ $invoice->client->getDisplayName() }} {{ Utils::fromSqlDate($invoice->due_date) }} {{ Utils::formatMoney($invoice->balance, $invoice->client->currency_id) }} diff --git a/resources/views/invoices/view.blade.php b/resources/views/invoices/view.blade.php index 0780e9c6a082..122cdf893cd0 100644 --- a/resources/views/invoices/view.blade.php +++ b/resources/views/invoices/view.blade.php @@ -22,12 +22,12 @@

 

@if ($invoice->is_quote) - {!! Button::normal(trans('texts.download_pdf', array('onclick' => 'onDownloadClick()')))->large() !!}   + {!! Button::normal(trans('texts.download_pdf'))->withAttributes(['onclick' => 'onDownloadClick()'])->large() !!}   @if (!$isConverted) {!! Button::success(trans('texts.approve'))->asLinkTo('approve/' . $invitation->invitation_key)->large() !!} @endif @elseif ($invoice->client->account->isGatewayConfigured() && !$invoice->isPaid() && !$invoice->is_recurring) - {!! Button::normal(trans('texts.download_pdf'), array('onclick' => 'onDownloadClick()'))->large() !!}   + {!! Button::normal(trans('texts.download_pdf'))->withAttributes(['onclick' => 'onDownloadClick()'])->large() !!}   @if ($hasToken) {!! DropdownButton::success_lg(trans('texts.pay_now'), [ ['url' => URL::to("payment/{$invitation->invitation_key}?use_token=true&use_paypal=false"), 'label' => trans('texts.use_card_on_file')], @@ -39,10 +39,10 @@ ['url' => URL::to("payment/{$invitation->invitation_key}?use_paypal=false"), 'label' => trans('texts.pay_with_card')] ])->addClass('btn-lg') !!} @else - {!! Button::success_link(URL::to('payment/' . $invitation->invitation_key), trans('texts.pay_now'))->large() !!} + {!! Button::success(trans('texts.pay_now'))->asLinkTo(URL::to('payment/' . $invitation->invitation_key))->large() !!} @endif @else - {!! Button::success('Download PDF', array('onclick' => 'onDownloadClick()'))->large() !!} + {!! Button::success('Download PDF')->withAttributes(['onclick' => 'onDownloadClick()'])->large() !!} @endif
diff --git a/resources/views/payments/payment.blade.php b/resources/views/payments/payment.blade.php index e1019c19d358..f460117fb05f 100644 --- a/resources/views/payments/payment.blade.php +++ b/resources/views/payments/payment.blade.php @@ -117,7 +117,7 @@ header h3 em { -{{ Former::vertical_open($url)->rules(array( +{!! Former::vertical_open($url)->rules(array( 'first_name' => 'required', 'last_name' => 'required', 'card_number' => 'required', @@ -131,7 +131,7 @@ header h3 em { 'country' => 'required', 'phone' => 'required', 'email' => 'required|email' -)) }} +)) !!} @if ($client) {{ Former::populate($client) }} @@ -149,8 +149,8 @@ header h3 em {
@if ($client) -

{{{ $client->getDisplayName() }}}

-

{{{ trans('texts.invoice') . ' ' . $invoiceNumber }}}|  {{ trans('texts.amount_due') }}: {{ Utils::formatMoney($amount, $currencyId) }}

+

{{ $client->getDisplayName() }}

+

{{ trans('texts.invoice') . ' ' . $invoiceNumber }}|  {{ trans('texts.amount_due') }}: {{ Utils::formatMoney($amount, $currencyId) }}

@elseif ($paymentTitle)

{{ $paymentTitle }}
{{ $paymentSubtitle }}

@endif @@ -172,16 +172,16 @@ header h3 em {

{{ trans('texts.contact_information') }}

- {{ Former::text('first_name')->placeholder(trans('texts.first_name'))->raw() }} + {!! Former::text('first_name')->placeholder(trans('texts.first_name'))->raw() !!}
- {{ Former::text('last_name')->placeholder(trans('texts.last_name'))->raw() }} + {!! Former::text('last_name')->placeholder(trans('texts.last_name'))->raw() !!}
@if (isset($paymentTitle))
- {{ Former::text('email')->placeholder(trans('texts.email'))->raw() }} + {!! Former::text('email')->placeholder(trans('texts.email'))->raw() !!}
@endif @@ -191,23 +191,23 @@ header h3 em {

{{ trans('texts.billing_address') }}  {{ trans('texts.payment_footer1') }}

- {{ Former::text('address1')->placeholder(trans('texts.address1'))->raw() }} + {!! Former::text('address1')->placeholder(trans('texts.address1'))->raw() !!}
- {{ Former::text('address2')->placeholder(trans('texts.address2'))->raw() }} + {!! Former::text('address2')->placeholder(trans('texts.address2'))->raw() !!}
- {{ Former::text('city')->placeholder(trans('texts.city'))->raw() }} + {!! Former::text('city')->placeholder(trans('texts.city'))->raw() !!}
- {{ Former::text('state')->placeholder(trans('texts.state'))->raw() }} + {!! Former::text('state')->placeholder(trans('texts.state'))->raw() !!}
- {{ Former::text('postal_code')->placeholder(trans('texts.postal_code'))->raw() }} + {!! Former::text('postal_code')->placeholder(trans('texts.postal_code'))->raw() !!}
@@ -216,15 +216,15 @@ header h3 em {

{{ trans('texts.billing_method') }}

- {{ Former::text('card_number')->placeholder(trans('texts.card_number'))->raw() }} + {!! Former::text('card_number')->placeholder(trans('texts.card_number'))->raw() !!}
- {{ Former::text('cvv')->placeholder(trans('texts.cvv'))->raw() }} + {!! Former::text('cvv')->placeholder(trans('texts.cvv'))->raw() !!}
- {{ Former::select('expiration_month')->placeholder(trans('texts.expiration_month')) + {!! Former::select('expiration_month')->placeholder(trans('texts.expiration_month')) ->addOption('01 - January', '1') ->addOption('02 - February', '2') ->addOption('03 - March', '3') @@ -236,11 +236,11 @@ header h3 em { ->addOption('09 - September', '9') ->addOption('10 - October', '10') ->addOption('11 - November', '11') - ->addOption('12 - December', '12')->raw(); - }} + ->addOption('12 - December', '12')->raw() + !!}
- {{ Former::select('expiration_year')->placeholder(trans('texts.expiration_year')) + {!! Former::select('expiration_year')->placeholder(trans('texts.expiration_year')) ->addOption('2015', '2015') ->addOption('2016', '2016') ->addOption('2017', '2017') @@ -251,8 +251,8 @@ header h3 em { ->addOption('2022', '2022') ->addOption('2023', '2023') ->addOption('2024', '2024') - ->addOption('2025', '2025')->raw(); - }} + ->addOption('2025', '2025')->raw() + !!}
@@ -282,7 +282,7 @@ header h3 em {
- {{ Button::block_success_submit_lg(strtoupper(trans('texts.pay_now') . ' - ' . Utils::formatMoney($amount, $currencyId) )) }} + {!! Button::success(strtoupper(trans('texts.pay_now') . ' - ' . Utils::formatMoney($amount, $currencyId) ))->submit()->block()->large() !!}
@@ -308,7 +308,7 @@ header h3 em { @endif --> -{{ Former::close() }} +{!! Former::close() !!}