From ad87287fa7f1f93597af915504bf218a0f68e0fc Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 20 Nov 2019 18:39:12 +1100
Subject: [PATCH] Password protect purge company routes (#3085)

---
 routes/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes/api.php b/routes/api.php
index 668a4bd443c7..97d6419544b0 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -73,8 +73,8 @@ Route::group(['middleware' => ['api_db','api_secret_check','token_auth'], 'prefi
 
   Route::post('users/bulk', 'UserController@bulk')->name('users.bulk')->middleware('password_protected');
 
-  Route::post('migration/purge/{company}', 'MigrationController@purgeCompany');
-  Route::post('migration/purge_save_settings/{company}', 'MigrationController@purgeCompanySaveSettings');
+  Route::post('migration/purge/{company}', 'MigrationController@purgeCompany')->middleware('password_protected');
+  Route::post('migration/purge_save_settings/{company}', 'MigrationController@purgeCompanySaveSettings')->middleware('password_protected');
 
   Route::resource('companies', 'CompanyController'); // name = (companies. index / create / show / update / destroy / edit