Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-31 07:24:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add password timeout route

Browse Source
This commit is contained in:
David Bomba 2023-06-08 20:37:01 +10:00
parent 1365fc0050
commit 87fb632b3f
4 changed files with 89 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
app/Http/Controllers/Auth/PasswordTimeoutController.php Normal file
View File

@ -0,0 +1,28 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://www.elastic.co/licensing/elastic-license
*/
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Cache;
class PasswordTimeoutController extends Controller
{
public function __invoke()
{
$cached = Cache::get(auth()->user()->hashed_id.'_'.auth()->user()->account_id.'_logged_in');
return $cached ? response()->json(['message' => 'Password is valid'], 200) : response()->json(['message' => 'Invalid Password'], 412);
}
}

1
app/Http/Middleware/PasswordProtection.php
View File

@ -37,6 +37,7 @@ class PasswordProtection
'errors' => new stdClass, 'errors' => new stdClass,
]; ];
/** @var \App\Models\User auth()->user() */
$timeout = auth()->user()->company()->default_password_timeout; $timeout = auth()->user()->company()->default_password_timeout;
if ($timeout == 0) { if ($timeout == 0) {

3
routes/api.php
View File

@ -81,6 +81,7 @@ use App\Http\Controllers\Auth\ForgotPasswordController;
use App\Http\Controllers\BankTransactionRuleController; use App\Http\Controllers\BankTransactionRuleController;
use App\Http\Controllers\InAppPurchase\AppleController; use App\Http\Controllers\InAppPurchase\AppleController;
use App\Http\Controllers\Reports\QuoteReportController; use App\Http\Controllers\Reports\QuoteReportController;
use App\Http\Controllers\Auth\PasswordTimeoutController;
use App\Http\Controllers\PreviewPurchaseOrderController; use App\Http\Controllers\PreviewPurchaseOrderController;
use App\Http\Controllers\Reports\ClientReportController; use App\Http\Controllers\Reports\ClientReportController;
use App\Http\Controllers\Reports\CreditReportController; use App\Http\Controllers\Reports\CreditReportController;
@ -116,6 +117,8 @@ Route::group(['middleware' => ['throttle:login','api_secret_check','email_db']],
}); });
Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () { Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () {
Route::post('password_timeout', PasswordTimeoutController::class)->name('password_timeout');
Route::put('accounts/{account}', [AccountController::class, 'update'])->name('account.update'); Route::put('accounts/{account}', [AccountController::class, 'update'])->name('account.update');
Route::resource('bank_integrations', BankIntegrationController::class); // name = (clients. index / create / show / update / destroy / edit Route::resource('bank_integrations', BankIntegrationController::class); // name = (clients. index / create / show / update / destroy / edit
Route::post('bank_integrations/refresh_accounts', [BankIntegrationController::class, 'refreshAccounts'])->name('bank_integrations.refresh_accounts')->middleware('throttle:30,1'); Route::post('bank_integrations/refresh_accounts', [BankIntegrationController::class, 'refreshAccounts'])->name('bank_integrations.refresh_accounts')->middleware('throttle:30,1');

57
tests/Unit/PasswordTimeoutTest.php Normal file
View File

@ -0,0 +1,57 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://www.elastic.co/licensing/elastic-license
*/
namespace Tests\Unit;
use Tests\TestCase;
use Tests\MockAccountData;
use Illuminate\Support\Facades\Cache;
use Illuminate\Foundation\Testing\DatabaseTransactions;
/**
* @test
* @covers App\Http\Controllers\Auth\PasswordTimeoutController
*/
class PasswordTimeoutTest extends TestCase
{
use DatabaseTransactions;
use MockAccountData;
protected function setUp() :void
{
parent::setUp();
$this->makeTestData();
}
public function testFalseResponse()
{
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->token,
])->post('/api/v1/password_timeout')
->assertStatus(412);
}
public function testTrueResponse()
{
Cache::put($this->user->hashed_id.'_'.$this->user->account_id.'_logged_in', true, 3600);
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->token,
])->post('/api/v1/password_timeout')
->assertStatus(200);
}
}