Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5618 from turbo124/v5-develop

Browse Source 
Fixes for password protection
This commit is contained in:
David Bomba 2021-05-05 16:44:45 +10:00 committed by GitHub
commit c40c56789a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/Http/Controllers/Auth/LoginController.php
View File

@ -194,7 +194,14 @@ class LoginController extends BaseController
} }
$user->setCompany($user->account->default_company); $user->setCompany($user->account->default_company);
$timeout = $user->company()->default_password_timeout / 60000;
$timeout = $user->company()->default_password_timeout;
if($timeout == 0)
$timeout = 30*60*1000*1000;
else
$timeout = $timeout/1000;
Cache::put($user->hashed_id.'_logged_in', Str::random(64), $timeout); Cache::put($user->hashed_id.'_logged_in', Str::random(64), $timeout);
$cu = CompanyUser::query() $cu = CompanyUser::query()
@ -333,7 +340,15 @@ class LoginController extends BaseController
Auth::login($existing_user, true); Auth::login($existing_user, true);
$existing_user->setCompany($existing_user->account->default_company); $existing_user->setCompany($existing_user->account->default_company);
$timeout = $existing_user->company()->default_password_timeout / 60000;
$timeout = $existing_user->company()->default_password_timeout;
if($timeout == 0)
$timeout = 30*60*1000*1000;
else
$timeout = $timeout/1000;
Cache::put($existing_user->hashed_id.'_logged_in', Str::random(64), $timeout); Cache::put($existing_user->hashed_id.'_logged_in', Str::random(64), $timeout);
$cu = CompanyUser::query() $cu = CompanyUser::query()
@ -375,7 +390,15 @@ class LoginController extends BaseController
auth()->user()->email_verified_at = now(); auth()->user()->email_verified_at = now();
auth()->user()->save(); auth()->user()->save();
$timeout = auth()->user()->company()->default_password_timeout / 60000;
$timeout = auth()->user()->company()->default_password_timeout;
if($timeout == 0)
$timeout = 30*60*1000*1000;
else
$timeout = $timeout/1000;
Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout); Cache::put(auth()->user()->hashed_id.'_logged_in', Str::random(64), $timeout);
$cu = CompanyUser::whereUserId(auth()->user()->id); $cu = CompanyUser::whereUserId(auth()->user()->id);

4
app/Http/Middleware/PasswordProtection.php
View File

@ -40,9 +40,9 @@ class PasswordProtection
$timeout = auth()->user()->company()->default_password_timeout; $timeout = auth()->user()->company()->default_password_timeout;
if($timeout == 0) if($timeout == 0)
$timeout = now()->addYear(); $timeout = 30*60*1000*1000;
else else
$timeout = now()->addMinutes($timeout/1000); $timeout = $timeout/1000;
if (Cache::get(auth()->user()->hashed_id.'_logged_in')) { if (Cache::get(auth()->user()->hashed_id.'_logged_in')) {