Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-01 06:34:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Microsoft oauth + signup

Browse Source
This commit is contained in:
David Bomba 2022-06-17 12:52:08 +10:00
parent 8e7dc5fca4
commit c5f4b31023
1 changed files with 111 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
app/Http/Controllers/Auth/LoginController.php
View File

@ -45,6 +45,7 @@ use Illuminate\Support\Str;
use Laravel\Socialite\Facades\Socialite; use Laravel\Socialite\Facades\Socialite;
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use Turbo124\Beacon\Facades\LightLogs; use Turbo124\Beacon\Facades\LightLogs;
use Microsoft\Graph\Model;
class LoginController extends BaseController class LoginController extends BaseController
{ {
@ -514,7 +515,7 @@ class LoginController extends BaseController
CreateCompanyToken::dispatchNow($company, auth()->user(), "Google_O_Auth"); CreateCompanyToken::dispatchNow($company, auth()->user(), "Google_O_Auth");
} }
}); });
@ -533,14 +534,90 @@ class LoginController extends BaseController
else else
return response()->json(['message' => 'Invalid response from oauth server'], 400); return response()->json(['message' => 'Invalid response from oauth server'], 400);
$graph = new Microsoft\Graph(); $graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken($accessToken); $graph->setAccessToken($accessToken);
$user = $graph->createRequest("GET", "/me") $user = $graph->createRequest("GET", "/me")
->setReturnType(Microsoft\Graph\Model\User::class) ->setReturnType(Model\User::class)
->execute(); ->execute();
nlog($user); if($user){
$account = request()->input('account');
$email = $user->getMail();
$query = [
'oauth_user_id' => $account['idToken']['sub'],
'oauth_provider_id'=> 'microsoft',
];
if ($existing_user = MultiDB::hasUser($query)) {
if(!$existing_user->account)
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
return $this->existingOauthUser($existing_user);
}
//If this is a result user/email combo - lets add their OAuth details details
if($existing_login_user = MultiDB::hasUser(['email' => $email]))
{
if(!$existing_login_user->account)
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
Auth::login($existing_login_user, true);
return $this->existingLoginUser($account['idToken']['sub'], 'microsoft');
}
// Signup!
$new_account = [
'first_name' => $user->getGivenName() ?: '',
'last_name' => $user->getSurname() ?: '' ,
'password' => '',
'email' => $email,
'oauth_user_id' => $account['idToken']['sub'],
'oauth_provider_id' => 'microsoft',
];
return $this->createNewAccount($new_account);
}
}
private function existingOauthUser($existing_user)
{
Auth::login($existing_user, true);
$cu = $this->hydrateCompanyUser();
if($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
}
private function existingLoginUser($oauth_user_id, $provider)
{
auth()->user()->update([
'oauth_user_id' => $oauth_user_id,
'oauth_provider_id'=> $provider,
]);
$cu = $this->hydrateCompanyUser();
if($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
} }
@ -564,18 +641,7 @@ class LoginController extends BaseController
if(!$existing_user->account) if(!$existing_user->account)
return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400); return response()->json(['message' => 'User exists, but not attached to any companies! Orphaned user!'], 400);
Auth::login($existing_user, true); return $this->existingOauthUser($existing_user);
$cu = $this->hydrateCompanyUser();
if($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_user->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
} }
//If this is a result user/email combo - lets add their OAuth details details //If this is a result user/email combo - lets add their OAuth details details
@ -586,20 +652,7 @@ class LoginController extends BaseController
Auth::login($existing_login_user, true); Auth::login($existing_login_user, true);
auth()->user()->update([ return $this->existingLoginUser($google->harvestSubField($user), 'google');
'oauth_user_id' => $google->harvestSubField($user),
'oauth_provider_id'=> 'google',
]);
$cu = $this->hydrateCompanyUser();
if($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
} }
} }
@ -607,7 +660,6 @@ class LoginController extends BaseController
if ($user) { if ($user) {
//check the user doesn't already exist in some form //check the user doesn't already exist in some form
if($existing_login_user = MultiDB::hasUser(['email' => $google->harvestEmail($user)])) if($existing_login_user = MultiDB::hasUser(['email' => $google->harvestEmail($user)]))
{ {
if(!$existing_login_user->account) if(!$existing_login_user->account)
@ -615,23 +667,9 @@ class LoginController extends BaseController
Auth::login($existing_login_user, true); Auth::login($existing_login_user, true);
auth()->user()->update([ return $this->existingLoginUser($google->harvestSubField($user), 'google');
'oauth_user_id' => $google->harvestSubField($user),
'oauth_provider_id'=> 'google',
]);
$cu = $this->hydrateCompanyUser();
if ($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !$existing_login_user->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
} }
//user not found anywhere - lets sign them up. //user not found anywhere - lets sign them up.
$name = OAuth::splitName($google->harvestName($user)); $name = OAuth::splitName($google->harvestName($user));
@ -644,26 +682,7 @@ class LoginController extends BaseController
'oauth_provider_id' => 'google', 'oauth_provider_id' => 'google',
]; ];
MultiDB::setDefaultDatabase(); return $this->createNewAccount($new_account);
$account = CreateAccount::dispatchNow($new_account, request()->getClientIp());
if(!$account instanceOf Account)
return $account;
Auth::login($account->default_company->owner(), true);
auth()->user()->email_verified_at = now();
auth()->user()->save();
$cu = $this->hydrateCompanyUser();
if($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
} }
return response() return response()
@ -672,6 +691,32 @@ class LoginController extends BaseController
->header('X-Api-Version', config('ninja.minimum_client_version')); ->header('X-Api-Version', config('ninja.minimum_client_version'));
} }
private function createNewAccount($new_account)
{
MultiDB::setDefaultDatabase();
$account = CreateAccount::dispatchNow($new_account, request()->getClientIp());
if(!$account instanceOf Account)
return $account;
Auth::login($account->default_company->owner(), true);
auth()->user()->email_verified_at = now();
auth()->user()->save();
$cu = $this->hydrateCompanyUser();
if($cu->count() == 0)
return response()->json(['message' => 'User found, but not attached to any companies, please see your administrator'], 400);
if(Ninja::isHosted() && !$cu->first()->is_owner && !auth()->user()->account->isEnterpriseClient())
return response()->json(['message' => 'Pro / Free accounts only the owner can log in. Please upgrade'], 403);
return $this->timeConstrainedResponse($cu);
}
public function redirectToProvider(string $provider) public function redirectToProvider(string $provider)
{ {