From a8c15ef1c9f1cbb66469bca9ce305693de6794cb Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sun, 8 Mar 2020 09:15:11 +1100
Subject: [PATCH] Version checking (#3451)

* Ensure NINJA_ENVIRONMENT variable is present  in .env file

* Implement version checking in app

* Remove password protection from check version route
---
 .env.example                                  |  3 +-
 .gitignore                                    |  1 +
 VERSION.txt                                   |  1 +
 app/Console/Kernel.php                        |  4 +-
 app/Http/Controllers/PreviewController.php    |  9 +++-
 app/Http/Controllers/QuoteController.php      |  5 ++-
 app/Http/Controllers/SelfUpdateController.php | 12 +++---
 .../Requests/Credit/StoreCreditRequest.php    |  3 ++
 .../Requests/Credit/UpdateCreditRequest.php   |  3 ++
 .../Requests/Invoice/StoreInvoiceRequest.php  |  3 ++
 .../Requests/Invoice/UpdateInvoiceRequest.php |  3 ++
 app/Http/Requests/Quote/StoreQuoteRequest.php |  3 ++
 .../Requests/Quote/UpdateQuoteRequest.php     |  3 ++
 app/Jobs/Account/CreateAccount.php            |  2 +-
 app/Jobs/Util/VersionCheck.php                | 42 +++++++++++++++++++
 app/Models/Credit.php                         |  2 +
 app/Models/Invoice.php                        |  1 +
 app/Models/Quote.php                          |  1 +
 app/Services/Quote/QuoteService.php           |  3 --
 app/Transformers/CreditTransformer.php        |  2 +-
 app/Transformers/InvoiceTransformer.php       |  2 +-
 app/Transformers/QuoteTransformer.php         |  2 +-
 app/Utils/Ninja.php                           |  5 +++
 config/ninja.php                              |  1 +
 routes/api.php                                |  2 +-
 25 files changed, 101 insertions(+), 17 deletions(-)
 create mode 100644 VERSION.txt
 create mode 100644 app/Jobs/Util/VersionCheck.php

diff --git a/.env.example b/.env.example
index 6411259c0ef4..9901b58f1475 100644
--- a/.env.example
+++ b/.env.example
@@ -40,9 +40,10 @@ MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 
-MULTI_DB_ENABLED=true
 POSTMARK_API_TOKEN=
 
 GOOGLE_MAPS_API_KEY=
 API_SECRET=superdoopersecrethere
 ERROR_EMAIL=
+
+NINJA_ENVIRONMENT=selfhost
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 02f949aa9b40..cd58a70776f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,7 @@ Homestead.json
 Homestead.yaml
 npm-debug.log
 yarn-error.log
+local_version.txt
 .env
 .phpunit.result.cache
 
diff --git a/VERSION.txt b/VERSION.txt
new file mode 100644
index 000000000000..8a9ecc2ea99d
--- /dev/null
+++ b/VERSION.txt
@@ -0,0 +1 @@
+0.0.1
\ No newline at end of file
diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
index 0c546c0c843d..6ae0a06f069e 100644
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@@ -11,9 +11,10 @@
 
 namespace App\Console;
 
+use App\Jobs\Cron\RecurringInvoicesCron;
+use App\Jobs\Util\VersionCheck;
 use Illuminate\Console\Scheduling\Schedule;
 use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
-use App\Jobs\Cron\RecurringInvoicesCron;
 
 class Kernel extends ConsoleKernel
 {
@@ -38,6 +39,7 @@ class Kernel extends ConsoleKernel
         //          ->hourly();
 
         $schedule->job(new RecurringInvoicesCron)->hourly();
+        $schedule->job(new VersionCheck)->daily();
     }
 
     /**
diff --git a/app/Http/Controllers/PreviewController.php b/app/Http/Controllers/PreviewController.php
index ba7f127cded3..41fdd50b8906 100644
--- a/app/Http/Controllers/PreviewController.php
+++ b/app/Http/Controllers/PreviewController.php
@@ -148,7 +148,14 @@ class PreviewController extends BaseController
             $invoice->setRelation('company', auth()->user()->company());
             $invoice->load('client');
 
-            $invoice_design = new Custom((object)request()->input('body'));
+\Log::error(print_r(request()->input('body'),1));
+
+            $design_object = json_decode(request()->input('body'));
+
+            if(!is_object($design_object))
+                return response()->json(['message' => 'Invalid custom design object'], 400);
+
+            $invoice_design = new Custom($design_object);
 
             $designer = new Designer($invoice, $invoice_design, $invoice->client->getSetting('pdf_variables'), lcfirst(request()->has('entity')));
 
diff --git a/app/Http/Controllers/QuoteController.php b/app/Http/Controllers/QuoteController.php
index e7eb0c01caac..982de7587b55 100644
--- a/app/Http/Controllers/QuoteController.php
+++ b/app/Http/Controllers/QuoteController.php
@@ -642,7 +642,10 @@ class QuoteController extends BaseController
                 break;
             case 'approve':
             //make sure it hasn't already been approved!!
-                return $quote->service()->approve()->save();
+                if($quote->status_id != Quote::STATUS_SENT)
+                    return response()->json(['message' => 'Unable to approve this quote as it has expired.'], 400);
+                
+                return $this->itemResponse($quote->service()->approve()->save());
                 break;
             case 'convert':
             //convert  quote to an invoice make sure we link the two entities!!!
diff --git a/app/Http/Controllers/SelfUpdateController.php b/app/Http/Controllers/SelfUpdateController.php
index 333d5fc8a74c..07fd8632bd8b 100644
--- a/app/Http/Controllers/SelfUpdateController.php
+++ b/app/Http/Controllers/SelfUpdateController.php
@@ -66,11 +66,13 @@ class SelfUpdateController extends BaseController
     public function checkVersion(UpdaterManager $updater)
     {
 
-        //echo $updater->source()->getVersionInstalled();
+        $file_version = storage_path().'app/local_version.txt';
 
-        //echo $updater->source()->isNewVersionAvailable();
-
-        //echo $updater->source()->getVersionAvailable();
+        if(file_exists($file_version)){
+            return response()->json(['message' => file_get_contents($file_version)]);
+        }else{
+            return response()->json(['message' => '0.0.0']);
+        }
 
     }
-}
+}
\ No newline at end of file
diff --git a/app/Http/Requests/Credit/StoreCreditRequest.php b/app/Http/Requests/Credit/StoreCreditRequest.php
index 9c954e1f772d..0e10fddc1e1d 100644
--- a/app/Http/Requests/Credit/StoreCreditRequest.php
+++ b/app/Http/Requests/Credit/StoreCreditRequest.php
@@ -40,6 +40,9 @@ class StoreCreditRequest extends FormRequest
     {
         $input = $this->all();
 
+        if(array_key_exists('design_id', $input) && is_string($input['desing_id']))
+          $input['design_id'] = $this->decodePrimaryKey($input['design_id']);        
+
         if($input['client_id'])
           $input['client_id'] = $this->decodePrimaryKey($input['client_id']);
 
diff --git a/app/Http/Requests/Credit/UpdateCreditRequest.php b/app/Http/Requests/Credit/UpdateCreditRequest.php
index c3a5418f07aa..d89651c03452 100644
--- a/app/Http/Requests/Credit/UpdateCreditRequest.php
+++ b/app/Http/Requests/Credit/UpdateCreditRequest.php
@@ -42,6 +42,9 @@ class UpdateCreditRequest extends FormRequest
     {
         $input = $this->all();
 
+        if(array_key_exists('design_id', $input) && is_string($input['desing_id']))
+          $input['design_id'] = $this->decodePrimaryKey($input['design_id']);
+
         if (isset($input['client_id'])) {
             $input['client_id'] = $this->decodePrimaryKey($input['client_id']);
         }
diff --git a/app/Http/Requests/Invoice/StoreInvoiceRequest.php b/app/Http/Requests/Invoice/StoreInvoiceRequest.php
index 289ecc3333ba..c9eb50ade109 100644
--- a/app/Http/Requests/Invoice/StoreInvoiceRequest.php
+++ b/app/Http/Requests/Invoice/StoreInvoiceRequest.php
@@ -46,6 +46,9 @@ class StoreInvoiceRequest extends Request
     {
         $input = $this->all();
 
+        if(array_key_exists('design_id', $input) && is_string($input['desing_id']))
+          $input['design_id'] = $this->decodePrimaryKey($input['design_id']);
+
         if($input['client_id'])
           $input['client_id'] = $this->decodePrimaryKey($input['client_id']);
 
diff --git a/app/Http/Requests/Invoice/UpdateInvoiceRequest.php b/app/Http/Requests/Invoice/UpdateInvoiceRequest.php
index 27d044ab3f42..3d3c1a46ab05 100644
--- a/app/Http/Requests/Invoice/UpdateInvoiceRequest.php
+++ b/app/Http/Requests/Invoice/UpdateInvoiceRequest.php
@@ -49,6 +49,9 @@ class UpdateInvoiceRequest extends Request
     {
         $input = $this->all();
 
+        if(array_key_exists('design_id', $input) && is_string($input['desing_id']))
+          $input['design_id'] = $this->decodePrimaryKey($input['design_id']);
+        
         if (isset($input['client_id'])) {
             $input['client_id'] = $this->decodePrimaryKey($input['client_id']);
         }
diff --git a/app/Http/Requests/Quote/StoreQuoteRequest.php b/app/Http/Requests/Quote/StoreQuoteRequest.php
index 699bcd0c1995..c9ccedba3106 100644
--- a/app/Http/Requests/Quote/StoreQuoteRequest.php
+++ b/app/Http/Requests/Quote/StoreQuoteRequest.php
@@ -36,6 +36,9 @@ protected function prepareForValidation()
     {
         $input = $this->all();
 
+        if(array_key_exists('design_id', $input) && is_string($input['desing_id']))
+          $input['design_id'] = $this->decodePrimaryKey($input['design_id']);
+        
         if($input['client_id'])
           $input['client_id'] = $this->decodePrimaryKey($input['client_id']);
 
diff --git a/app/Http/Requests/Quote/UpdateQuoteRequest.php b/app/Http/Requests/Quote/UpdateQuoteRequest.php
index 9b761e8b1d17..cc9b62a0e313 100644
--- a/app/Http/Requests/Quote/UpdateQuoteRequest.php
+++ b/app/Http/Requests/Quote/UpdateQuoteRequest.php
@@ -47,6 +47,9 @@ class UpdateQuoteRequest extends Request
     {
         $input = $this->all();
         
+        if(array_key_exists('design_id', $input) && is_string($input['desing_id']))
+          $input['design_id'] = $this->decodePrimaryKey($input['design_id']);
+      
         if (isset($input['client_id'])) {
             $input['client_id'] = $this->decodePrimaryKey($input['client_id']);
         }
diff --git a/app/Jobs/Account/CreateAccount.php b/app/Jobs/Account/CreateAccount.php
index 9d09f8a36af2..b53706fb4401 100644
--- a/app/Jobs/Account/CreateAccount.php
+++ b/app/Jobs/Account/CreateAccount.php
@@ -1,2 +1,2 @@
 <?php
-namespace App\Jobs\Account; use App\Events\Account\AccountCreated; use App\Jobs\Company\CreateCompany; use App\Jobs\Company\CreateCompanyToken; use App\Jobs\User\CreateUser; use App\Models\Account; use App\Models\User; use App\Notifications\Ninja\NewAccountCreated; use App\Utils\Ninja; use App\Utils\Traits\UserSessionAttributes; use Illuminate\Foundation\Bus\Dispatchable; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Notification; use Symfony\Component\HttpFoundation\Response; class CreateAccount { use Dispatchable; protected $request; public function __construct(array $sp660339) { $this->request = $sp660339; } public function handle() { if (config('ninja.environment') == 'selfhost' && Account::all()->count() > 1) { return response()->json(array('message' => 'Self hosted installation limited to one account'), 400); } elseif (Ninja::boot()) { return response()->json(array('message' => Ninja::parse()), 401); } $sp794f3f = Account::create($this->request); $sp035a66 = CreateCompany::dispatchNow($this->request, $sp794f3f); $sp035a66->load('account'); $sp794f3f->default_company_id = $sp035a66->id; $sp794f3f->save(); $spaa9f78 = CreateUser::dispatchNow($this->request, $sp794f3f, $sp035a66, true); if ($spaa9f78) { auth()->login($spaa9f78, false); } $spaa9f78->setCompany($sp035a66); $spafe62e = isset($this->request['token_name']) ? $this->request['token_name'] : request()->server('HTTP_USER_AGENT'); $sp2d97e8 = CreateCompanyToken::dispatchNow($sp035a66, $spaa9f78, $spafe62e); if ($spaa9f78) { event(new AccountCreated($spaa9f78)); } $spaa9f78->fresh(); $sp035a66->notification(new NewAccountCreated($spaa9f78, $sp035a66))->ninja(); return $sp794f3f; } }
\ No newline at end of file
+namespace App\Jobs\Account; use App\Events\Account\AccountCreated; use App\Jobs\Company\CreateCompany; use App\Jobs\Company\CreateCompanyToken; use App\Jobs\User\CreateUser; use App\Models\Account; use App\Models\User; use App\Notifications\Ninja\NewAccountCreated; use App\Utils\Ninja; use App\Utils\Traits\UserSessionAttributes; use Illuminate\Foundation\Bus\Dispatchable; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Notification; use Symfony\Component\HttpFoundation\Response; class CreateAccount { use Dispatchable; protected $request; public function __construct(array $sp660339) { $this->request = $sp660339; } public function handle() { if (config('ninja.environment') == 'selfhost' && Account::all()->count() > 1) { return response()->json(array('message' => Ninja::selfHostedMessage()), 400); } elseif (Ninja::boot()) { return response()->json(array('message' => Ninja::parse()), 401); } $sp794f3f = Account::create($this->request); $sp035a66 = CreateCompany::dispatchNow($this->request, $sp794f3f); $sp035a66->load('account'); $sp794f3f->default_company_id = $sp035a66->id; $sp794f3f->save(); $spaa9f78 = CreateUser::dispatchNow($this->request, $sp794f3f, $sp035a66, true); if ($spaa9f78) { auth()->login($spaa9f78, false); } $spaa9f78->setCompany($sp035a66); $spafe62e = isset($this->request['token_name']) ? $this->request['token_name'] : request()->server('HTTP_USER_AGENT'); $sp2d97e8 = CreateCompanyToken::dispatchNow($sp035a66, $spaa9f78, $spafe62e); if ($spaa9f78) { event(new AccountCreated($spaa9f78)); } $spaa9f78->fresh(); $sp035a66->notification(new NewAccountCreated($spaa9f78, $sp035a66))->ninja(); return $sp794f3f; } }
\ No newline at end of file
diff --git a/app/Jobs/Util/VersionCheck.php b/app/Jobs/Util/VersionCheck.php
new file mode 100644
index 000000000000..8ba5575e8fcd
--- /dev/null
+++ b/app/Jobs/Util/VersionCheck.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Jobs\Util;
+
+use App\Utils\Traits\BulkOptions;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\Storage;
+
+class VersionCheck implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+
+    public function __construct()
+    {
+
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        //$local_version = storage_path() . '/app/local_version.txt';
+        $local_version = 'local_version.txt';
+
+        $version_file = file_get_contents(config('ninja.version_url'));
+
+        if(Storage::exists($local_version));
+            Storage::delete($local_version);
+
+        Storage::disk('local')->put('local_version.txt', $version_file);
+
+    }
+
+}
diff --git a/app/Models/Credit.php b/app/Models/Credit.php
index 57eda39ac43d..fa30e8da9766 100644
--- a/app/Models/Credit.php
+++ b/app/Models/Credit.php
@@ -62,6 +62,8 @@ class Credit extends BaseModel
         'line_items',
         'client_id',
         'footer',
+        'design_id',
+
     ];
 
     protected $casts = [
diff --git a/app/Models/Invoice.php b/app/Models/Invoice.php
index e2e7661f9ed4..be94e668a7d2 100644
--- a/app/Models/Invoice.php
+++ b/app/Models/Invoice.php
@@ -95,6 +95,7 @@ class Invoice extends BaseModel
         'custom_surcharge_tax2',
         'custom_surcharge_tax3',
         'custom_surcharge_tax4',
+        'design_id',
     ];
 
     protected $casts = [
diff --git a/app/Models/Quote.php b/app/Models/Quote.php
index 3b54e4721212..2a3ca6cfe427 100644
--- a/app/Models/Quote.php
+++ b/app/Models/Quote.php
@@ -64,6 +64,7 @@ class Quote extends BaseModel
         'line_items',
         'client_id',
         'footer',
+        'design_id',
     ];
 
     protected $casts = [
diff --git a/app/Services/Quote/QuoteService.php b/app/Services/Quote/QuoteService.php
index 74ee95681007..6aae906b7122 100644
--- a/app/Services/Quote/QuoteService.php
+++ b/app/Services/Quote/QuoteService.php
@@ -86,9 +86,6 @@ class QuoteService
     public function approve() :QuoteService
     {
 
-        if($this->quote->status_id != Quote::STATUS_SENT)
-            return response()->json(['message' => 'Unable to approve this quote as it has expired.'], 400);
-
         $this->setStatus(Quote::STATUS_APPROVED)->save();
 
         $invoice = null;
diff --git a/app/Transformers/CreditTransformer.php b/app/Transformers/CreditTransformer.php
index bbad19c4928e..b51dd36cac0d 100644
--- a/app/Transformers/CreditTransformer.php
+++ b/app/Transformers/CreditTransformer.php
@@ -80,7 +80,7 @@ class CreditTransformer extends EntityTransformer
             'balance' => (float) $credit->balance,
             'client_id' => (string) $this->encodePrimaryKey($credit->client_id),
             'status_id' => (string) ($credit->status_id ?: 1),
-            'design_id' => (string) ($credit->design_id ?: 1),
+            'design_id' => (string) $this->encodePrimaryKey($credit->design_id),
             'invoice_id' => (string) ($credit->invoice_id ?: 1),
             'updated_at' => (int)$credit->updated_at,
             'archived_at' => (int)$credit->deleted_at,
diff --git a/app/Transformers/InvoiceTransformer.php b/app/Transformers/InvoiceTransformer.php
index 2ea4b29d7b46..2c2921a9d32d 100644
--- a/app/Transformers/InvoiceTransformer.php
+++ b/app/Transformers/InvoiceTransformer.php
@@ -90,7 +90,7 @@ class InvoiceTransformer extends EntityTransformer
             'client_id' => (string) $this->encodePrimaryKey($invoice->client_id),
             'vendor_id' => (string) $this->encodePrimaryKey($invoice->vendor_id),
             'status_id' => (string) ($invoice->status_id ?: 1),
-            'design_id' => (string) ($invoice->design_id ?: 1),
+            'design_id' => (string) $this->encodePrimaryKey($invoice->design_id),
             'created_at' => (int)$invoice->created_at,
             'updated_at' => (int)$invoice->updated_at,
             'archived_at' => (int)$invoice->deleted_at,
diff --git a/app/Transformers/QuoteTransformer.php b/app/Transformers/QuoteTransformer.php
index 75ddd9ad37df..a039896e7323 100644
--- a/app/Transformers/QuoteTransformer.php
+++ b/app/Transformers/QuoteTransformer.php
@@ -80,7 +80,7 @@ class QuoteTransformer extends EntityTransformer
             'balance' => (float) $quote->balance,
             'client_id' => (string) $this->encodePrimaryKey($quote->client_id),
             'status_id' => (string)$quote->status_id,
-            'design_id' => (string)$quote->design_id,
+            'design_id' => (string) $this->encodePrimaryKey($quote->design_id),
             'invoice_id' => (string)$quote->invoice_id,
             'updated_at' => (int)$quote->updated_at,
             'archived_at' => (int)$quote->deleted_at,
diff --git a/app/Utils/Ninja.php b/app/Utils/Ninja.php
index eba61b926dda..3490fe7a1d1a 100644
--- a/app/Utils/Ninja.php
+++ b/app/Utils/Ninja.php
@@ -67,4 +67,9 @@ class Ninja
     {
         return 'Invalid license.';
     }
+
+    public static function selfHostedMessage()
+    {
+        return 'Self hosted installation limited to one account';
+    }
 }
diff --git a/config/ninja.php b/config/ninja.php
index 9ce6946d2e91..6574615fd0be 100644
--- a/config/ninja.php
+++ b/config/ninja.php
@@ -7,6 +7,7 @@ return [
     'production' => env('NINJA_PROD', false),
     'license'   => env('NINJA_LICENSE', ''),
     'app_name' => env('APP_NAME'),
+    'version_url' => 'https://github.com/invoiceninja/invoiceninja/tree/v2/VERSION.txt',
     'site_url' => env('APP_URL', ''),
     'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
     'app_version' => '0.0.1',
diff --git a/routes/api.php b/routes/api.php
index f7451ed4a42f..ce95f55e0fab 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -121,7 +121,7 @@ Route::group(['middleware' => ['api_db', 'token_auth', 'locale'], 'prefix' => 'a
 
 		Route::post('self-update', 'SelfUpdateController@update')->middleware('password_protected');
 
-		Route::post('self-update/check_version', 'SelfUpdateController@checkVersion')->middleware('password_protected');
+		Route::post('self-update/check_version', 'SelfUpdateController@checkVersion');
 
 		/*
 		Route::resource('tasks', 'TaskController'); // name = (tasks. index / create / show / update / destroy / edit