Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-01 14:44:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Refactor client portal authentication

Browse Source
This commit is contained in:
David Bomba 2021-12-09 21:50:29 +11:00
parent de0bebcd2c
commit d2a929b975
9 changed files with 54 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/Auth/ContactForgotPasswordController.php
View File

@ -58,15 +58,14 @@ class ContactForgotPasswordController extends Controller
*/ */
public function showLinkRequestForm(Request $request) public function showLinkRequestForm(Request $request)
{ {
// $account_id = $request->has('account_id') ? $request->get('account_id') : 1;
// $account = Account::find($account_id);
$account = false; $account = false;
if(Ninja::isHosted() && $request->has('company_key')) if(Ninja::isHosted() && $request->session()->has('company_key'))
{ {
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
$company = Company::where('company_key', $request->input('company_key'))->first(); $company = Company::where('company_key', $request->session()->get('company_key'))->first();
$account = $company->first(); $account = $company->account;
} }
if(!$account){ if(!$account){
@ -95,12 +94,12 @@ class ContactForgotPasswordController extends Controller
public function sendResetLinkEmail(ContactPasswordResetRequest $request) public function sendResetLinkEmail(ContactPasswordResetRequest $request)
{ {
if(Ninja::isHosted() && $request->has('company_key')) if(Ninja::isHosted() && $request->session()->has('company_key'))
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
$this->validateEmail($request); $this->validateEmail($request);
$company = Company::where('company_key', $request->input('company_key'))->first(); $company = Company::where('company_key', $request->session()->get('company_key'))->first();
$contact = ClientContact::where(['company_id' => $company->id, 'email' => $request->input('email')])->first(); $contact = ClientContact::where(['company_id' => $company->id, 'email' => $request->input('email')])->first();
$response = false; $response = false;

8
app/Http/Controllers/Auth/ContactLoginController.php
View File

@ -40,8 +40,8 @@ class ContactLoginController extends Controller
$company = false; $company = false;
$account = false; $account = false;
if($request->has('company_key')){ if($request->session()->has('company_key')){
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
$company = Company::where('company_key', $request->input('company_key'))->first(); $company = Company::where('company_key', $request->input('company_key'))->first();
} }
@ -80,8 +80,8 @@ class ContactLoginController extends Controller
{ {
Auth::shouldUse('contact'); Auth::shouldUse('contact');
if(Ninja::isHosted() && $request->has('company_key')) if(Ninja::isHosted() && $request->session()->has('company_key'))
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
$this->validateLogin($request); $this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle // If the class is using the ThrottlesLogins trait, we can automatically throttle

2
app/Http/Controllers/Auth/ContactRegisterController.php
View File

@ -29,7 +29,7 @@ class ContactRegisterController extends Controller
public function showRegisterForm(string $company_key = '') public function showRegisterForm(string $company_key = '')
{ {
$key = request()->has('key') ? request('key') : $company_key; $key = request()->session()->has('key') ? request()->session()->get('key') : $company_key;
$company = Company::where('company_key', $key)->firstOrFail(); $company = Company::where('company_key', $key)->firstOrFail();

27
app/Http/Controllers/Auth/ContactResetPasswordController.php
View File

@ -15,6 +15,7 @@ use App\Http\Controllers\Controller;
use App\Libraries\MultiDB; use App\Libraries\MultiDB;
use App\Models\Account; use App\Models\Account;
use App\Models\ClientContact; use App\Models\ClientContact;
use App\Models\Company;
use Illuminate\Auth\Events\PasswordReset; use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Contracts\View\Factory; use Illuminate\Contracts\View\Factory;
use Illuminate\Foundation\Auth\ResetsPasswords; use Illuminate\Foundation\Auth\ResetsPasswords;
@ -69,18 +70,29 @@ class ContactResetPasswordController extends Controller
public function showResetForm(Request $request, $token = null) public function showResetForm(Request $request, $token = null)
{ {
if($request->has('company_key')){ if($request->session()->has('company_key')){
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
$company = Company::where('company_key', $request->input('company_key'))->first(); $company = Company::where('company_key', $request->session()->get('company_key'))->first();
$db = $company->db; $db = $company->db;
$account = $company->account; $account = $company->account;
} }
else { else {
$account_id = $request->has('account_id') ? $request->get('account_id') : 1; $account_key = $request->session()->has('account_key') ? $request->session()->get('account_key') : false;
$account = Account::find($account_id);
if($account_key){
MultiDB::findAndSetDbByAccountKey($account_key);
$account = Account::where('key', $account_key)->first();
$db = $account->companies->first()->db; $db = $account->companies->first()->db;
$company = $account->companies->first(); $company = $account->companies->first();
}
else{
$account = Account::first();
$db = $account->companies->first()->db;
$company = $account->companies->first();
}
} }
@ -88,12 +100,13 @@ class ContactResetPasswordController extends Controller
return $this->render('auth.passwords.reset')->with( return $this->render('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email, 'account' => $account, 'db' => $db, 'company' => $company] ['token' => $token, 'email' => $request->email, 'account' => $account, 'db' => $db, 'company' => $company]
); );
} }
public function reset(Request $request) public function reset(Request $request)
{ {
if($request->has('company_key')) if($request->session()->has('company_key'))
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
$request->validate($this->rules(), $this->validationErrorMessages()); $request->validate($this->rules(), $this->validationErrorMessages());

9
app/Http/Controllers/Auth/ResetPasswordController.php
View File

@ -12,7 +12,9 @@
namespace App\Http\Controllers\Auth; namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Libraries\MultiDB;
use App\Models\Account; use App\Models\Account;
use App\Models\Company;
use Illuminate\Foundation\Auth\ResetsPasswords; use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse; use Illuminate\Http\RedirectResponse;
@ -53,10 +55,9 @@ class ResetPasswordController extends Controller
public function showResetForm(Request $request, $token = null) public function showResetForm(Request $request, $token = null)
{ {
// $account_id = $request->get('account_id');
// $account = Account::find($account_id); MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
MultiDB::findAndSetDbByCompanyKey($request->input('company_key')); $company = Company::where('company_key', $request->session()->get('company_key'))->first();
$company = Company::where('company_key', $request->input('company_key'))->first();
$account = $company->account; $account = $company->account;
return $this->render('auth.passwords.reset', ['root' => 'themes', 'token' => $token, 'account' => $account]); return $this->render('auth.passwords.reset', ['root' => 'themes', 'token' => $token, 'account' => $account]);

2
app/Http/Controllers/ClientPortal/InvoiceController.php
View File

@ -42,8 +42,6 @@ class InvoiceController extends Controller
*/ */
public function index(ShowInvoicesRequest $request) public function index(ShowInvoicesRequest $request)
{ {
// $request->request->remove('account_id');
// $request->request->remove('company_key');
return $this->render('invoices.index'); return $this->render('invoices.index');
} }

2
app/Http/Middleware/ContactAccount.php
View File

@ -32,8 +32,8 @@ class ContactAccount
if(!Ninja::isHosted()) { if(!Ninja::isHosted()) {
$account = Account::first(); $account = Account::first();
$request->merge(['account_id' => $account->id, 'account_key' => $account->key]);
session()->put('account_key', $account->key);
} }
return $next($request); return $next($request);

12
app/Http/Middleware/ContactRegister.php
View File

@ -37,7 +37,8 @@ class ContactRegister
if(! $company->client_can_register) if(! $company->client_can_register)
abort(400, 'Registration disabled'); abort(400, 'Registration disabled');
$request->merge(['key' => $company->company_key]); // $request->merge(['key' => $company->company_key]);
session()->put('key', $company->company_key);
return $next($request); return $next($request);
} }
@ -55,7 +56,8 @@ class ContactRegister
if(! $company->client_can_register) if(! $company->client_can_register)
abort(400, 'Registration disabled'); abort(400, 'Registration disabled');
$request->merge(['key' => $company->company_key]); // $request->merge(['key' => $company->company_key]);
session()->put('key', $company->company_key);
return $next($request); return $next($request);
} }
@ -69,7 +71,8 @@ class ContactRegister
if(! (bool)$company->client_can_register); if(! (bool)$company->client_can_register);
abort(400, 'Registration disabled'); abort(400, 'Registration disabled');
$request->merge(['key' => $company->company_key]); //$request->merge(['key' => $company->company_key]);
session()->put('key', $company->company_key);
return $next($request); return $next($request);
} }
@ -82,7 +85,8 @@ class ContactRegister
if(! $company->client_can_register) if(! $company->client_can_register)
abort(400, 'Registration disabled'); abort(400, 'Registration disabled');
$request->merge(['key' => $company->company_key]); //$request->merge(['key' => $company->company_key]);
session()->put('key', $company->company_key);
return $next($request); return $next($request);
} }

8
app/Http/Middleware/SetDomainNameDb.php
View File

@ -50,8 +50,8 @@ class SetDomainNameDb
]; ];
if($company = MultiDB::findAndSetDbByDomain($query)){ if($company = MultiDB::findAndSetDbByDomain($query)){
$request->merge(['company_key' => $company->company_key]); //$request->merge(['company_key' => $company->company_key]);
// $request->merge(['account_id' => $company->account_id, 'company_key' => $company->company_key]); session()->put('company_key', $company->company_key);
} }
else else
{ {
@ -73,8 +73,8 @@ class SetDomainNameDb
]; ];
if($company = MultiDB::findAndSetDbByDomain($query)){ if($company = MultiDB::findAndSetDbByDomain($query)){
$request->merge(['company_key' => $company->company_key]); //$request->merge(['company_key' => $company->company_key]);
//$request->merge(['account_id' => $company->account_id, 'company_key' => $company->company_key]); session()->put('company_key', $company->company_key);
} }
else else
{ {