Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-31 12:34:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Signup RSA hash checks

Browse Source
This commit is contained in:
David Bomba 2023-12-23 16:14:26 +11:00
parent f5248d8ac2
commit bc6faa282d
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app/Http/Controllers/AccountController.php
View File

@ -11,17 +11,18 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use App\Http\Requests\Account\CreateAccountRequest;
use App\Http\Requests\Account\UpdateAccountRequest;
use App\Jobs\Account\CreateAccount;
use App\Libraries\MultiDB;
use App\Models\Account; use App\Models\Account;
use App\Libraries\MultiDB;
use App\Utils\TruthSource;
use App\Models\CompanyUser; use App\Models\CompanyUser;
use Illuminate\Http\Response;
use App\Helpers\Encrypt\Secure;
use App\Jobs\Account\CreateAccount;
use App\Transformers\AccountTransformer; use App\Transformers\AccountTransformer;
use App\Transformers\CompanyUserTransformer; use App\Transformers\CompanyUserTransformer;
use App\Utils\TruthSource;
use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Http\Response; use App\Http\Requests\Account\CreateAccountRequest;
use App\Http\Requests\Account\UpdateAccountRequest;
class AccountController extends BaseController class AccountController extends BaseController
{ {
@ -66,7 +67,7 @@ class AccountController extends BaseController
public function store(CreateAccountRequest $request) public function store(CreateAccountRequest $request)
{ {
if(config('ninja.cloudflare.turnstile.secret')) { if($request->has('cf-turnstile-response') && config('ninja.cloudflare.turnstile.secret')) {
$r = \Illuminate\Support\Facades\Http::post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [ $r = \Illuminate\Support\Facades\Http::post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
'secret' => config('ninja.cloudflare.turnstile.secret'), 'secret' => config('ninja.cloudflare.turnstile.secret'),
'response' => $request->input('cf-turnstile-response'), 'response' => $request->input('cf-turnstile-response'),
@ -76,7 +77,7 @@ class AccountController extends BaseController
if($r->successful()){ if($r->successful()){
if($r->json()['success'] === true) { if($r->json()['success'] === true) {
// return response()->json(['message' => 'Captcha Success'], 200); // Captcha passed
} else { } else {
return response()->json(['message' => 'Captcha Failed'], 400); return response()->json(['message' => 'Captcha Failed'], 400);
} }
@ -84,6 +85,14 @@ class AccountController extends BaseController
} }
if($request->has('hash') && config('ninja.cloudflare.turnstile.secret')) { //@todo once all platforms are implemented, we disable access to the rest of this route without a success response.
if(Secure::decrypt($request->input('hash')) !== $request->input('email')) {
return response()->json(['message' => 'Invalid Signup Payload'], 400);
}
}
$account = (new CreateAccount($request->all(), $request->getClientIp()))->handle(); $account = (new CreateAccount($request->all(), $request->getClientIp()))->handle();
if (! ($account instanceof Account)) { if (! ($account instanceof Account)) {
return $account; return $account;