From 87fb632b3f4283d4db081e7c6fe48db237a37436 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Thu, 8 Jun 2023 20:37:01 +1000
Subject: [PATCH] Add password timeout route

---
 .../Auth/PasswordTimeoutController.php        | 28 +++++++++
 app/Http/Middleware/PasswordProtection.php    |  1 +
 routes/api.php                                |  3 +
 tests/Unit/PasswordTimeoutTest.php            | 57 +++++++++++++++++++
 4 files changed, 89 insertions(+)
 create mode 100644 app/Http/Controllers/Auth/PasswordTimeoutController.php
 create mode 100644 tests/Unit/PasswordTimeoutTest.php

diff --git a/app/Http/Controllers/Auth/PasswordTimeoutController.php b/app/Http/Controllers/Auth/PasswordTimeoutController.php
new file mode 100644
index 000000000000..4ce83fa46b1c
--- /dev/null
+++ b/app/Http/Controllers/Auth/PasswordTimeoutController.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Support\Facades\Cache;
+
+class PasswordTimeoutController extends Controller
+{
+
+    public function __invoke()
+    {
+        $cached = Cache::get(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in');
+
+        return $cached ? response()->json(['message' => 'Password is valid'], 200) : response()->json(['message' => 'Invalid Password'], 412);
+    }
+}
+
diff --git a/app/Http/Middleware/PasswordProtection.php b/app/Http/Middleware/PasswordProtection.php
index 2c3aa7773b72..d41d810bab36 100644
--- a/app/Http/Middleware/PasswordProtection.php
+++ b/app/Http/Middleware/PasswordProtection.php
@@ -37,6 +37,7 @@ class PasswordProtection
             'errors' => new stdClass,
         ];
 
+        /** @var \App\Models\User auth()->user() */        
         $timeout = auth()->user()->company()->default_password_timeout;
 
         if ($timeout == 0) {
diff --git a/routes/api.php b/routes/api.php
index 1ce3e7136379..a9999cd0be18 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -81,6 +81,7 @@ use App\Http\Controllers\Auth\ForgotPasswordController;
 use App\Http\Controllers\BankTransactionRuleController;
 use App\Http\Controllers\InAppPurchase\AppleController;
 use App\Http\Controllers\Reports\QuoteReportController;
+use App\Http\Controllers\Auth\PasswordTimeoutController;
 use App\Http\Controllers\PreviewPurchaseOrderController;
 use App\Http\Controllers\Reports\ClientReportController;
 use App\Http\Controllers\Reports\CreditReportController;
@@ -116,6 +117,8 @@ Route::group(['middleware' => ['throttle:login','api_secret_check','email_db']],
 });
 
 Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () {
+
+    Route::post('password_timeout', PasswordTimeoutController::class)->name('password_timeout');
     Route::put('accounts/{account}', [AccountController::class, 'update'])->name('account.update');
     Route::resource('bank_integrations', BankIntegrationController::class); // name = (clients. index / create / show / update / destroy / edit
     Route::post('bank_integrations/refresh_accounts', [BankIntegrationController::class, 'refreshAccounts'])->name('bank_integrations.refresh_accounts')->middleware('throttle:30,1');
diff --git a/tests/Unit/PasswordTimeoutTest.php b/tests/Unit/PasswordTimeoutTest.php
new file mode 100644
index 000000000000..fc3e13e081e1
--- /dev/null
+++ b/tests/Unit/PasswordTimeoutTest.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace Tests\Unit;
+
+use Tests\TestCase;
+use Tests\MockAccountData;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+
+/**
+ * @test
+ * @covers App\Http\Controllers\Auth\PasswordTimeoutController
+ */
+class PasswordTimeoutTest extends TestCase
+{
+    use DatabaseTransactions;
+    use MockAccountData;
+
+    protected function setUp() :void
+    {
+        parent::setUp();
+
+        $this->makeTestData();
+    }
+
+    public function testFalseResponse()
+    {
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/password_timeout')
+        ->assertStatus(412);
+
+    }
+
+    public function testTrueResponse()
+    {
+        Cache::put($this->user->hashed_id.'_'.$this->user->account_id.'_logged_in', true, 3600);
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->post('/api/v1/password_timeout')
+        ->assertStatus(200);
+
+    }
+}