From a0ae3061c1b7b62653eb74c1b9da87b912513fbe Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 2 Feb 2022 08:42:48 +1100
Subject: [PATCH] Fixes for subscriptions - ensure client authentication is
 against correct company

---
 .../ClientPortal/SubscriptionPurchaseController.php         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Http/Controllers/ClientPortal/SubscriptionPurchaseController.php b/app/Http/Controllers/ClientPortal/SubscriptionPurchaseController.php
index bc61177fb42a..735b6fac7e7c 100644
--- a/app/Http/Controllers/ClientPortal/SubscriptionPurchaseController.php
+++ b/app/Http/Controllers/ClientPortal/SubscriptionPurchaseController.php
@@ -24,6 +24,12 @@ class SubscriptionPurchaseController extends Controller
 {
     public function index(Subscription $subscription, Request $request)
     {
+        /* Make sure the contact is logged into the correct company for this subscription */
+        if(auth()->guard('contact')->user() && auth()->guard('contact')->user()->company_id != $subscription->company_id){
+            auth()->guard('contact')->logout();
+            $request->session()->invalidate();
+        }
+
         if ($request->has('locale')) {
             $this->setLocale($request->query('locale'));
         }