Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5150 from turbo124/v5-develop

Browse Source 
Throw 400's on incorrect 2FA data
This commit is contained in:
David Bomba 2021-03-17 10:19:43 +11:00 committed by GitHub
commit b14ac6557b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app/Http/Controllers/Auth/LoginController.php
View File

@ -28,6 +28,9 @@ use Google_Client;
use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Str;
use PragmaRX\Google2FA\Google2FA;
use Turbo124\Beacon\Facades\LightLogs; use Turbo124\Beacon\Facades\LightLogs;
class LoginController extends BaseController class LoginController extends BaseController
@ -159,19 +162,40 @@ class LoginController extends BaseController
} }
if ($this->attemptLogin($request)) { if ($this->attemptLogin($request)) {
LightLogs::create(new LoginSuccess()) LightLogs::create(new LoginSuccess())
->increment() ->increment()
->batch(); ->batch();
$user = $this->guard()->user(); $user = $this->guard()->user();
//if user has 2fa enabled - lets check this now:
if($user->google_2fa_secret)
{
$google2fa = new Google2FA();
if(!$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password')))
{
return response()
->json(['message' => ctrans('texts.invalid_one_time_password')], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
}
$user->setCompany($user->account->default_company); $user->setCompany($user->account->default_company);
$timeout = auth()->user()->company()->default_password_timeout;
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
$cu = CompanyUser::query() $cu = CompanyUser::query()
->where('user_id', auth()->user()->id); ->where('user_id', auth()->user()->id);
return $this->listResponse($cu); return $this->listResponse($cu);
} else { } else {
LightLogs::create(new LoginFailure()) LightLogs::create(new LoginFailure())
->increment() ->increment()
->batch(); ->batch();
@ -182,6 +206,7 @@ class LoginController extends BaseController
->json(['message' => ctrans('texts.invalid_credentials')], 401) ->json(['message' => ctrans('texts.invalid_credentials')], 401)
->header('X-App-Version', config('ninja.app_version')) ->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version')); ->header('X-Api-Version', config('ninja.minimum_client_version'));
} }
} }

4
app/Http/Controllers/TwoFactorController.php
View File

@ -62,11 +62,11 @@ class TwoFactorController extends BaseController
} elseif (! $secret || ! $google2fa->verifyKey($secret, $oneTimePassword)) { } elseif (! $secret || ! $google2fa->verifyKey($secret, $oneTimePassword)) {
return response()->json(['message' => ctrans('texts.invalid_one_time_password')]); return response()->json(['message' => ctrans('texts.invalid_one_time_password')], 400);
} }
return response()->json(['message' => 'No phone record or user is not confirmed']); return response()->json(['message' => 'No phone record or user is not confirmed'], 400);
} }

3
app/Jobs/Ninja/SendReminders.php
View File

@ -16,6 +16,7 @@ use App\Events\Invoice\InvoiceWasEmailed;
use App\Jobs\Entity\EmailEntity; use App\Jobs\Entity\EmailEntity;
use App\Jobs\Util\WebHookHandler; use App\Jobs\Util\WebHookHandler;
use App\Libraries\MultiDB; use App\Libraries\MultiDB;
use App\Models\Account;
use App\Models\Invoice; use App\Models\Invoice;
use App\Models\Webhook; use App\Models\Webhook;
use App\Utils\Ninja; use App\Utils\Ninja;
@ -207,7 +208,7 @@ class SendReminders implements ShouldQueue
$invoice->invitations->each(function ($invitation) use ($template, $invoice) { $invoice->invitations->each(function ($invitation) use ($template, $invoice) {
//only send if enable_reminder setting is toggled to yes //only send if enable_reminder setting is toggled to yes
if ($this->checkSendSetting($invoice, $template)) { if ($this->checkSendSetting($invoice, $template) && $invoice->company->account->hasFeature(Account::FEATURE_EMAIL_TEMPLATES_REMINDERS)) {
nlog("firing email"); nlog("firing email");
EmailEntity::dispatchNow($invitation, $invitation->company, $template); EmailEntity::dispatchNow($invitation, $invitation->company, $template);

5
app/Jobs/User/UserEmailChanged.php
View File

@ -80,9 +80,10 @@ class UserEmailChanged implements ShouldQueue
NinjaMailerJob::dispatch($nmo); NinjaMailerJob::dispatch($nmo);
$nmo->to_user = $this->new_user; // $nmo->to_user = $this->new_user;
// NinjaMailerJob::dispatch($nmo);
NinjaMailerJob::dispatch($nmo); $this->new_user->service()->invite($this->company);
} }

4
app/Mail/Engine/CreditEmailEngine.php
View File

@ -88,14 +88,14 @@ class CreditEmailEngine extends BaseEmailEngine
->setViewText(ctrans('texts.view_credit')) ->setViewText(ctrans('texts.view_credit'))
->setInvitation($this->invitation); ->setInvitation($this->invitation);
if ($this->client->getSetting('pdf_email_attachment') !== false) { if ($this->client->getSetting('pdf_email_attachment') !== false && $this->credit->company->account->hasFeature(Account::FEATURE_PDF_ATTACHMENT)) {
$this->setAttachments([$this->credit->pdf_file_path()]); $this->setAttachments([$this->credit->pdf_file_path()]);
// $this->setAttachments(['path' => $this->credit->pdf_file_path(), 'name' => basename($this->credit->pdf_file_path())]); // $this->setAttachments(['path' => $this->credit->pdf_file_path(), 'name' => basename($this->credit->pdf_file_path())]);
} }
//attach third party documents //attach third party documents
if($this->client->getSetting('document_email_attachment') !== false){ if($this->client->getSetting('document_email_attachment') !== false && $this->credit->company->account->hasFeature(Account::FEATURE_DOCUMENTS)){
// Storage::url // Storage::url
foreach($this->credit->documents as $document){ foreach($this->credit->documents as $document){

5
app/Mail/Engine/InvoiceEmailEngine.php
View File

@ -12,6 +12,7 @@
namespace App\Mail\Engine; namespace App\Mail\Engine;
use App\DataMapper\EmailTemplateDefaults; use App\DataMapper\EmailTemplateDefaults;
use App\Models\Account;
use App\Utils\HtmlEngine; use App\Utils\HtmlEngine;
use App\Utils\Number; use App\Utils\Number;
@ -97,14 +98,14 @@ class InvoiceEmailEngine extends BaseEmailEngine
->setViewText(ctrans('texts.view_invoice')) ->setViewText(ctrans('texts.view_invoice'))
->setInvitation($this->invitation); ->setInvitation($this->invitation);
if ($this->client->getSetting('pdf_email_attachment') !== false) { if ($this->client->getSetting('pdf_email_attachment') !== false && $this->invoice->company->account->hasFeature(Account::FEATURE_PDF_ATTACHMENT)) {
$this->setAttachments([$this->invoice->pdf_file_path()]); $this->setAttachments([$this->invoice->pdf_file_path()]);
// $this->setAttachments(['path' => $this->invoice->pdf_file_path(), 'name' => basename($this->invoice->pdf_file_path())]); // $this->setAttachments(['path' => $this->invoice->pdf_file_path(), 'name' => basename($this->invoice->pdf_file_path())]);
} }
//attach third party documents //attach third party documents
if($this->client->getSetting('document_email_attachment') !== false){ if($this->client->getSetting('document_email_attachment') !== false && $this->invoice->company->account->hasFeature(Account::FEATURE_DOCUMENTS)){
// Storage::url // Storage::url
foreach($this->invoice->documents as $document){ foreach($this->invoice->documents as $document){

4
app/Mail/Engine/QuoteEmailEngine.php
View File

@ -89,14 +89,14 @@ class QuoteEmailEngine extends BaseEmailEngine
->setInvitation($this->invitation); ->setInvitation($this->invitation);
if ($this->client->getSetting('pdf_email_attachment') !== false) { if ($this->client->getSetting('pdf_email_attachment') !== false && $this->quote->company->account->hasFeature(Account::FEATURE_PDF_ATTACHMENT)) {
$this->setAttachments([$this->quote->pdf_file_path()]); $this->setAttachments([$this->quote->pdf_file_path()]);
//$this->setAttachments(['path' => $this->quote->pdf_file_path(), 'name' => basename($this->quote->pdf_file_path())]); //$this->setAttachments(['path' => $this->quote->pdf_file_path(), 'name' => basename($this->quote->pdf_file_path())]);
} }
//attach third party documents //attach third party documents
if($this->client->getSetting('document_email_attachment') !== false){ if($this->client->getSetting('document_email_attachment') !== false && $this->quote->company->account->hasFeature(Account::FEATURE_DOCUMENTS)){
// Storage::url // Storage::url
foreach($this->quote->documents as $document){ foreach($this->quote->documents as $document){

2
app/Models/Gateway.php
View File

@ -74,7 +74,7 @@ class Gateway extends StaticModel
* Returns an array of methods and the gatewaytypes possible * Returns an array of methods and the gatewaytypes possible
* *
* @return array * @return array
*///todo remove methods replace with gatewaytype:: and then nest refund / token billing */
public function getMethods() public function getMethods()
{ {
switch ($this->id) { switch ($this->id) {

1
app/Transformers/AccountTransformer.php
View File

@ -78,6 +78,7 @@ class AccountTransformer extends EntityTransformer
'is_docker' => (bool) config('ninja.is_docker'), 'is_docker' => (bool) config('ninja.is_docker'),
'is_scheduler_running' => (bool) $account->is_scheduler_running, 'is_scheduler_running' => (bool) $account->is_scheduler_running,
'default_company_id' => (string) $this->encodePrimaryKey($account->default_company_id), 'default_company_id' => (string) $this->encodePrimaryKey($account->default_company_id),
'disable_auto_update' => (bool) config('ninja.disable_auto_update'),
]; ];
} }

1
app/Utils/Traits/SavesDocuments.php
View File

@ -19,6 +19,7 @@ trait SavesDocuments
{ {
public function saveDocuments($document_array, $entity, $is_public = true) public function saveDocuments($document_array, $entity, $is_public = true)
{ {
if ($entity instanceof Company) { if ($entity instanceof Company) {
$account = $entity->account; $account = $entity->account;
$company = $entity; $company = $entity;

2
composer.json
View File

@ -70,7 +70,7 @@
"wildbit/swiftmailer-postmark": "^3.3" "wildbit/swiftmailer-postmark": "^3.3"
}, },
"require-dev": { "require-dev": {
"php": "^7.4", "php": "^7.3|^7.4",
"anahkiasen/former": "^4.2", "anahkiasen/former": "^4.2",
"barryvdh/laravel-debugbar": "^3.4", "barryvdh/laravel-debugbar": "^3.4",
"brianium/paratest": "^6.1", "brianium/paratest": "^6.1",

1
config/ninja.php
View File

@ -143,4 +143,5 @@ return [
'v4_migration_version' => '4.5.31', 'v4_migration_version' => '4.5.31',
'flutter_canvas_kit' => env('FLUTTER_CANVAS_KIT', false), 'flutter_canvas_kit' => env('FLUTTER_CANVAS_KIT', false),
'webcron_secret' => env('WEBCRON_SECRET', false), 'webcron_secret' => env('WEBCRON_SECRET', false),
'disable_auto_update' => env('DISABLE_AUTO_UPDATE', false),
]; ];