Fixes for client authentication

2025-05-24 02:14:21 -04:00 · 2021-12-12 21:39:12 +11:00 · 2021-12-12 21:39:12 +11:00 · 97451c8edf
commit 97451c8edf
parent 7dc00f989c
4 changed files with 43 additions and 15 deletions
--- a/app/Http/Controllers/Auth/ContactForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ContactForgotPasswordController.php
@ -98,10 +98,12 @@ class ContactForgotPasswordController extends Controller
        
        $this->validateEmail($request);

-        // $company = Company::where('company_key', $request->input('company_key'))->first();
-        // $contact = ClientContact::where(['company_id' => $company->id, 'email' => $request->input('email')])->first();
-
-        $contact = ClientContact::where(['email' => $request->input('email')])->first();
+        if(Ninja::isHosted() && $company = Company::where('company_key', $request->input('company_key'))->first())
+        {
+            $contact = ClientContact::where(['email' => $request->input('email'), 'company_id' => $company->id])->first();
+        }
+        else
+            $contact = ClientContact::where(['email' => $request->input('email')])->first();

        $response = false;

--- a/app/Http/Controllers/Auth/ContactLoginController.php
+++ b/app/Http/Controllers/Auth/ContactLoginController.php
@ -22,12 +22,14 @@ use Auth;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Route;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Hash;

 class ContactLoginController extends Controller
 {
    use AuthenticatesUsers;

-    protected $redirectTo = '/client/dashboard';
+    protected $redirectTo = '/client/invoices';

    public function __construct()
    {
@ -80,8 +82,8 @@ class ContactLoginController extends Controller
    {
        Auth::shouldUse('contact');

-        if(Ninja::isHosted() && $request->session()->has('company_key'))
-            MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
+        if(Ninja::isHosted() && $request->has('company_key'))
+            MultiDB::findAndSetDbByCompanyKey($request->input('company_key'));

        $this->validateLogin($request);
        // If the class is using the ThrottlesLogins trait, we can automatically throttle
@ -93,7 +95,16 @@ class ContactLoginController extends Controller

            return $this->sendLockoutResponse($request);
        }
-        if ($this->attemptLogin($request)) {
+
+        if(Ninja::isHosted() && $company = Company::where('company_key', $request->input('company_key'))->first()){
+
+            $contact = ClientContact::where(['email' => $request->input('email'), 'company_id' => $company->id])->first();
+
+            if(Hash::check($request->input('password'), $contact->password))
+                return $this->authenticated($request, $contact);
+
+        }
+        elseif ($this->attemptLogin($request)) {
            return $this->sendLoginResponse($request);
        }
        // If the login attempt was unsuccessful we will increment the number of attempts
@ -104,9 +115,25 @@ class ContactLoginController extends Controller
        return $this->sendFailedLoginResponse($request);
    }

+    protected function sendLoginResponse(Request $request)
+    {
+        $request->session()->regenerate();
+
+        $this->clearLoginAttempts($request);
+
+        if ($response = $this->authenticated($request, $this->guard()->user())) {
+            return $response;
+        }
+
+        return $request->wantsJson()
+                    ? new JsonResponse([], 204)
+                    : redirect()->intended($this->redirectPath());
+    }
+
    public function authenticated(Request $request, ClientContact $client)
    {
-        Auth::guard('contact')->loginUsingId($client->id, true);
+        // Auth::guard('contact')->loginUsingId($client->id, true);
+        auth()->guard('contact')->loginUsingId($client->id, true);

        event(new ContactLoggedIn($client, $client->company, Ninja::eventVars()));

--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -72,7 +72,7 @@ class Kernel extends HttpKernel
        ConvertEmptyStringsToNull::class,
        TrustProxies::class,
        // \Fruitcake\Cors\HandleCors::class,
-        // Cors::class,
+        Cors::class,

    ];

@ -95,7 +95,6 @@ class Kernel extends HttpKernel
        'api' => [
            'throttle:300,1',
            'bindings',
-            'cors',
            'query_logging',
        ],
        'contact' => [
@ -117,7 +116,6 @@ class Kernel extends HttpKernel
            'throttle:120,1',
            'bindings',
            'query_logging',
-            'cors',
        ],
    ];

--- a/app/Http/Middleware/CheckClientExistence.php
+++ b/app/Http/Middleware/CheckClientExistence.php
@ -28,8 +28,9 @@ class CheckClientExistence
     */
    public function handle(Request $request, Closure $next)
    {
+
        $multiple_contacts = ClientContact::query()
-            ->with('client.gateway_tokens')
+            ->with('client.gateway_tokens','company')
            ->where('email', auth('contact')->user()->email)
            ->whereNotNull('email')
            ->where('email', '<>', '')
@ -38,9 +39,9 @@ class CheckClientExistence
            ->distinct('email')
            ->whereNotNull('company_id')
            ->whereHas('client', function ($query) {
-                return $query->whereNull('deleted_at');
+                return $query->where('is_deleted', false);
            })
-            ->whereHas('client.company', function ($query){
+            ->whereHas('company', function ($query){
                return $query->where('account_id', auth('contact')->user()->client->company->account->id);
            })
            ->get();