From 07d7326f63de254768588093a02991fd61138dc7 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 27 Oct 2022 14:47:40 +1100 Subject: [PATCH 1/5] Improve check data --- app/Console/Commands/CheckData.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/app/Console/Commands/CheckData.php b/app/Console/Commands/CheckData.php index 846496a487b0..e681b021618f 100644 --- a/app/Console/Commands/CheckData.php +++ b/app/Console/Commands/CheckData.php @@ -1048,6 +1048,29 @@ class CheckData extends Command $this->logMessage("Fixing - {$ninja_portal_url}"); } + else{ + + $c = Client::on('db-ninja-01')->where("company_id", config('ninja.ninja_default_company_id'))->where('custom_value2', $cu->account->key)->first(); + + if($c) + { + + $cc = $c->contacts()->first(); + + if($cc) + { + $ninja_portal_url = "https://invoiceninja.invoicing.co/client/ninja/{$cc->contact_key}/{$cu->account->key}"; + + $cu->ninja_portal_url = $ninja_portal_url; + $cu->save(); + + $this->logMessage("Fixing - {$ninja_portal_url}"); + + } + + } + + } }); From a27d47552a474c49ae409dc82228d6ace04336e1 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 27 Oct 2022 14:56:59 +1100 Subject: [PATCH 2/5] minor fixes when calculating invoice cancellations --- app/Services/Invoice/HandleCancellation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Services/Invoice/HandleCancellation.php b/app/Services/Invoice/HandleCancellation.php index e589cadf48a0..52a369ede4e1 100644 --- a/app/Services/Invoice/HandleCancellation.php +++ b/app/Services/Invoice/HandleCancellation.php @@ -51,7 +51,7 @@ class HandleCancellation extends AbstractService //adjust client balance $this->invoice->client->service()->updateBalance($adjustment)->save(); - $this->invoice->fresh(); + // $this->invoice->fresh(); $this->invoice->service()->workFlow()->save(); From 6004b7f08f728898d4af035b7585df6a44f2847b Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 27 Oct 2022 16:11:55 +1100 Subject: [PATCH 3/5] 2FA reset --- app/Http/Controllers/TwilioController.php | 71 ++++++++++++++++++- .../Requests/Twilio/Confirm2faRequest.php | 50 +++++++++++++ .../Requests/Twilio/Generate2faRequest.php | 51 +++++++++++++ ..._044909_add_user_sms_verification_code.php | 30 ++++++++ routes/api.php | 4 +- 5 files changed, 204 insertions(+), 2 deletions(-) create mode 100644 app/Http/Requests/Twilio/Confirm2faRequest.php create mode 100644 app/Http/Requests/Twilio/Generate2faRequest.php create mode 100644 database/migrations/2022_10_27_044909_add_user_sms_verification_code.php diff --git a/app/Http/Controllers/TwilioController.php b/app/Http/Controllers/TwilioController.php index fd9a417627e1..ff96a24d31c4 100644 --- a/app/Http/Controllers/TwilioController.php +++ b/app/Http/Controllers/TwilioController.php @@ -11,9 +11,12 @@ namespace App\Http\Controllers; +use App\Http\Requests\Twilio\Confirm2faRequest; use App\Http\Requests\Twilio\ConfirmSmsRequest; +use App\Http\Requests\Twilio\Generate2faRequest; use App\Http\Requests\Twilio\GenerateSmsRequest; use App\Libraries\MultiDB; +use App\Models\User; use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Http\Response; use Twilio\Rest\Client; @@ -100,7 +103,73 @@ class TwilioController extends BaseController return response()->json(['message' => 'SMS not verified'], 400); - } + public function generate2faResetCode(Generate2faRequest $request) + { + $user = User::where('email', $request->email)->first(); + + if(!$user) + return response()->json(['message' => 'Unable to retrieve user.'], 400); + + $sid = config('ninja.twilio_account_sid'); + $token = config('ninja.twilio_auth_token'); + + $twilio = new Client($sid, $token); + + + try { + $verification = $twilio->verify + ->v2 + ->services(config('ninja.twilio_verify_sid')) + ->verifications + ->create($user->phone, "sms"); + } + catch(\Exception $e) { + + return response()->json(['message' => 'Invalid phone number on file, we are unable to reset. Please contact support.'], 400); + + } + + $user->sms_verification_code = $verification->sid; + $user->save(); + + return response()->json(['message' => 'Code sent.'], 200); + } + + public function confirm2faResetCode(Confirm2faRequest $request) + { + $user = User::where('email', $request->email)->first(); + + if(!$user) + return response()->json(['message' => 'Unable to retrieve user.'], 400); + + $sid = config('ninja.twilio_account_sid'); + $token = config('ninja.twilio_auth_token'); + + $twilio = new Client($sid, $token); + + $verification_check = $twilio->verify + ->v2 + ->services(config('ninja.twilio_verify_sid')) + ->verificationChecks + ->create([ + "to" => $user->phone, + "code" => $request->code + ]); + + + if($verification_check->status == 'approved'){ + + $user->google_2fa_secret = ''; + $user->sms_verification_code = ''; + $user->save(); + + return response()->json(['message' => 'SMS verified, 2FA disabled.'], 200); + } + + return response()->json(['message' => 'SMS not verified.'], 400); + + } + } diff --git a/app/Http/Requests/Twilio/Confirm2faRequest.php b/app/Http/Requests/Twilio/Confirm2faRequest.php new file mode 100644 index 000000000000..1e25a01dd3dd --- /dev/null +++ b/app/Http/Requests/Twilio/Confirm2faRequest.php @@ -0,0 +1,50 @@ + 'required', + 'email' => 'required|exists,users:email', + ]; + } + + public function prepareForValidation() + { + $input = $this->all(); + + if(array_key_exists('email', $input)) + MultiDB::userFindAndSetDb($input['email']); + + $this->replace($input); + } + +} diff --git a/app/Http/Requests/Twilio/Generate2faRequest.php b/app/Http/Requests/Twilio/Generate2faRequest.php new file mode 100644 index 000000000000..c4c43eb73183 --- /dev/null +++ b/app/Http/Requests/Twilio/Generate2faRequest.php @@ -0,0 +1,51 @@ + 'required|exists,users:email', + ]; + + } + + public function prepareForValidation() + { + $input = $this->all(); + + if(array_key_exists('email', $input)) + MultiDB::userFindAndSetDb($input['email']); + + $this->replace($input); + } + +} diff --git a/database/migrations/2022_10_27_044909_add_user_sms_verification_code.php b/database/migrations/2022_10_27_044909_add_user_sms_verification_code.php new file mode 100644 index 000000000000..b0dcaa823b9d --- /dev/null +++ b/database/migrations/2022_10_27_044909_add_user_sms_verification_code.php @@ -0,0 +1,30 @@ +string('sms_verification_code', 191)->nullable(); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + // + } +}; diff --git a/routes/api.php b/routes/api.php index 0c52e5fcb8e2..b937e1cb07f1 100644 --- a/routes/api.php +++ b/routes/api.php @@ -298,7 +298,6 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale Route::post('settings/enable_two_factor', [TwoFactorController::class, 'enableTwoFactor']); Route::post('settings/disable_two_factor', [TwoFactorController::class, 'disableTwoFactor']); - Route::post('verify', [TwilioController::class, 'generate'])->name('verify.generate')->middleware('throttle:100,1'); Route::post('verify/confirm', [TwilioController::class, 'confirm'])->name('verify.confirm'); @@ -344,6 +343,9 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale }); +Route::post('sms_reset', [TwilioController::class, 'generate2faResetCode'])->name('sms_reset.generate')->middleware('throttle:10,1'); +Route::post('sms_reset/confirm', [TwilioController::class, 'confirm2faResetCode'])->name('sms_reset.confirm')->middleware('throttle:20,1'); + Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id}', PaymentWebhookController::class) ->middleware('throttle:1000,1') ->name('payment_webhook'); From 44f12bcd5eae4b1154f608ec89511e06ce42e76c Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 27 Oct 2022 16:27:19 +1100 Subject: [PATCH 4/5] 2FA reset --- app/Http/Requests/Twilio/Confirm2faRequest.php | 2 +- app/Http/Requests/Twilio/Generate2faRequest.php | 2 +- routes/api.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/Http/Requests/Twilio/Confirm2faRequest.php b/app/Http/Requests/Twilio/Confirm2faRequest.php index 1e25a01dd3dd..461971d4dcce 100644 --- a/app/Http/Requests/Twilio/Confirm2faRequest.php +++ b/app/Http/Requests/Twilio/Confirm2faRequest.php @@ -33,7 +33,7 @@ class Confirm2faRequest extends Request return [ 'code' => 'required', - 'email' => 'required|exists,users:email', + 'email' => 'required|exists:users,email', ]; } diff --git a/app/Http/Requests/Twilio/Generate2faRequest.php b/app/Http/Requests/Twilio/Generate2faRequest.php index c4c43eb73183..a008587d7b99 100644 --- a/app/Http/Requests/Twilio/Generate2faRequest.php +++ b/app/Http/Requests/Twilio/Generate2faRequest.php @@ -33,7 +33,7 @@ class Generate2faRequest extends Request { return [ - 'email' => 'required|exists,users:email', + 'email' => 'required|exists:users,email', ]; } diff --git a/routes/api.php b/routes/api.php index b937e1cb07f1..8219f65630fb 100644 --- a/routes/api.php +++ b/routes/api.php @@ -343,8 +343,8 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale }); -Route::post('sms_reset', [TwilioController::class, 'generate2faResetCode'])->name('sms_reset.generate')->middleware('throttle:10,1'); -Route::post('sms_reset/confirm', [TwilioController::class, 'confirm2faResetCode'])->name('sms_reset.confirm')->middleware('throttle:20,1'); +Route::post('api/v1/sms_reset', [TwilioController::class, 'generate2faResetCode'])->name('sms_reset.generate')->middleware('throttle:10,1'); +Route::post('api/v1/sms_reset/confirm', [TwilioController::class, 'confirm2faResetCode'])->name('sms_reset.confirm')->middleware('throttle:20,1'); Route::match(['get', 'post'], 'payment_webhook/{company_key}/{company_gateway_id}', PaymentWebhookController::class) ->middleware('throttle:1000,1') From 9d5ff0711f802c34236f738441a1d05addbc2c25 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 27 Oct 2022 17:24:49 +1100 Subject: [PATCH 5/5] 2FA reset --- app/Http/Controllers/TwilioController.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/app/Http/Controllers/TwilioController.php b/app/Http/Controllers/TwilioController.php index ff96a24d31c4..1348eec07250 100644 --- a/app/Http/Controllers/TwilioController.php +++ b/app/Http/Controllers/TwilioController.php @@ -172,4 +172,19 @@ class TwilioController extends BaseController } + public function validatePhoneNumber() + { + + $sid = config('ninja.twilio_account_sid'); + $token = config('ninja.twilio_auth_token'); + + $twilio = new Client($sid, $token); + + $phone_number = $twilio->lookups->v1->phoneNumbers("0417918829") + ->fetch(["countryCode" => "AU"]); + + print($phone_number); + + } + }