mirror of
				https://github.com/invoiceninja/invoiceninja.git
				synced 2025-10-26 19:22:50 -04:00 
			
		
		
		
	Check for blank api secret
This commit is contained in:
		
							parent
							
								
									4c8414f616
								
							
						
					
					
						commit
						d472fcc93d
					
				| @ -23,7 +23,10 @@ class ApiCheck { | ||||
|     { | ||||
|         $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register'); | ||||
|         $headers = Utils::getApiHeaders(); | ||||
|         $hasApiSecret = hash_equals($request->api_secret ?: '', env(API_SECRET)); | ||||
| 
 | ||||
|         if ($secret = env(API_SECRET)) { | ||||
|             $hasApiSecret = hash_equals($request->api_secret ?: '', $secret); | ||||
|         } | ||||
| 
 | ||||
|         if ($loggingIn) { | ||||
|             // check API secret
 | ||||
|  | ||||
| @ -303,11 +303,10 @@ Route::get('/testimonials', function() { | ||||
| Route::get('/compare-online-invoicing{sites?}', function() { | ||||
|     return Redirect::to(NINJA_WEB_URL, 301); | ||||
| }); | ||||
| Route::get('/forgot_password', function() { | ||||
|     return Redirect::to(NINJA_APP_URL.'/forgot', 301); | ||||
| Route::get('/forgot', function() { | ||||
|     return Redirect::to(NINJA_APP_URL.'/recover_password', 301); | ||||
| }); | ||||
| 
 | ||||
| 
 | ||||
| if (!defined('CONTACT_EMAIL')) { | ||||
|     define('CONTACT_EMAIL', Config::get('mail.from.address')); | ||||
|     define('CONTACT_NAME', Config::get('mail.from.name')); | ||||
|  | ||||
| @ -10,16 +10,16 @@ class Document extends EntityModel | ||||
|         'jpg' => 'jpeg', | ||||
|         'tif' => 'tiff', | ||||
|     ); | ||||
|      | ||||
| 
 | ||||
|     public static $allowedMimes = array(// Used by Dropzone.js; does not affect what the server accepts
 | ||||
|         'image/png', 'image/jpeg', 'image/tiff', 'application/pdf', 'image/gif', 'image/vnd.adobe.photoshop', 'text/plain', | ||||
|         'application/zip', 'application/msword', | ||||
|         'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',  | ||||
|         'application/msword', | ||||
|         'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel', | ||||
|         'application/vnd.openxmlformats-officedocument.wordprocessingml.document', | ||||
|         'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet','application/postscript', 'image/svg+xml', | ||||
|         'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.ms-powerpoint', | ||||
|     ); | ||||
|      | ||||
| 
 | ||||
|     public static $types = array( | ||||
|         'png' => array( | ||||
|             'mime' => 'image/png', | ||||
| @ -48,9 +48,6 @@ class Document extends EntityModel | ||||
|         'txt' => array( | ||||
|             'mime' => 'text/plain', | ||||
|         ), | ||||
|         'zip' => array( | ||||
|             'mime' => 'application/zip', | ||||
|         ), | ||||
|         'doc' => array( | ||||
|             'mime' => 'application/msword', | ||||
|         ), | ||||
| @ -70,18 +67,18 @@ class Document extends EntityModel | ||||
|             'mime' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', | ||||
|         ), | ||||
|     ); | ||||
|      | ||||
| 
 | ||||
|     public function fill(array $attributes) | ||||
|     { | ||||
|         parent::fill($attributes); | ||||
|          | ||||
| 
 | ||||
|         if(empty($this->attributes['disk'])){ | ||||
|             $this->attributes['disk'] = env('DOCUMENT_FILESYSTEM', 'documents'); | ||||
|         } | ||||
|          | ||||
| 
 | ||||
|         return $this; | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function account() | ||||
|     { | ||||
|         return $this->belongsTo('App\Models\Account'); | ||||
| @ -101,7 +98,7 @@ class Document extends EntityModel | ||||
|     { | ||||
|         return $this->belongsTo('App\Models\Invoice')->withTrashed(); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getDisk(){ | ||||
|         return Storage::disk(!empty($this->disk)?$this->disk:env('DOCUMENT_FILESYSTEM', 'documents')); | ||||
|     } | ||||
| @ -110,19 +107,19 @@ class Document extends EntityModel | ||||
|     { | ||||
|         $this->attributes['disk'] = $value?$value:env('DOCUMENT_FILESYSTEM', 'documents'); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getDirectUrl(){ | ||||
|         return static::getDirectFileUrl($this->path, $this->getDisk()); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getDirectPreviewUrl(){ | ||||
|         return $this->preview?static::getDirectFileUrl($this->preview, $this->getDisk(), true):null; | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public static function getDirectFileUrl($path, $disk, $prioritizeSpeed = false){ | ||||
|         $adapter = $disk->getAdapter(); | ||||
|         $fullPath = $adapter->applyPathPrefix($path); | ||||
|          | ||||
| 
 | ||||
|         if($adapter instanceof \League\Flysystem\AwsS3v3\AwsS3Adapter) { | ||||
|             $client = $adapter->getClient(); | ||||
|             $command = $client->getCommand('GetObject', [ | ||||
| @ -136,12 +133,12 @@ class Document extends EntityModel | ||||
|             $secret = env('RACKSPACE_TEMP_URL_SECRET'); | ||||
|             if($secret){ | ||||
|                 $object = $adapter->getContainer()->getObject($fullPath); | ||||
|                  | ||||
| 
 | ||||
|                 if(env('RACKSPACE_TEMP_URL_SECRET_SET')){ | ||||
|                     // Go ahead and set the secret too
 | ||||
|                     $object->getService()->getAccount()->setTempUrlSecret($secret); | ||||
|                 }             | ||||
|                  | ||||
|                 } | ||||
| 
 | ||||
|                 $url = $object->getUrl(); | ||||
|                 $expiry = strtotime('+10 minutes'); | ||||
|                 $urlPath = urldecode($url->getPath()); | ||||
| @ -150,64 +147,64 @@ class Document extends EntityModel | ||||
|                 return sprintf('%s?temp_url_sig=%s&temp_url_expires=%d', $url, $hash, $expiry); | ||||
|             } | ||||
|         } | ||||
|          | ||||
| 
 | ||||
|         return null; | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getRaw(){ | ||||
|         $disk = $this->getDisk(); | ||||
|          | ||||
| 
 | ||||
|         return $disk->get($this->path); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getStream(){ | ||||
|         $disk = $this->getDisk(); | ||||
|          | ||||
| 
 | ||||
|         return $disk->readStream($this->path); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getRawPreview(){ | ||||
|         $disk = $this->getDisk(); | ||||
|          | ||||
| 
 | ||||
|         return $disk->get($this->preview); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getUrl(){ | ||||
|         return url('documents/'.$this->public_id.'/'.$this->name); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getClientUrl($invitation){ | ||||
|         return url('client/documents/'.$invitation->invitation_key.'/'.$this->public_id.'/'.$this->name); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function isPDFEmbeddable(){ | ||||
|         return $this->type == 'jpeg' || $this->type == 'png' || $this->preview; | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getVFSJSUrl(){ | ||||
|         if(!$this->isPDFEmbeddable())return null; | ||||
|         return url('documents/js/'.$this->public_id.'/'.$this->name.'.js'); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getClientVFSJSUrl(){ | ||||
|         if(!$this->isPDFEmbeddable())return null; | ||||
|         return url('client/documents/js/'.$this->public_id.'/'.$this->name.'.js'); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function getPreviewUrl(){ | ||||
|         return $this->preview?url('documents/preview/'.$this->public_id.'/'.$this->name.'.'.pathinfo($this->preview, PATHINFO_EXTENSION)):null; | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function toArray() | ||||
|     { | ||||
|         $array = parent::toArray(); | ||||
|          | ||||
| 
 | ||||
|         if(empty($this->visible) || in_array('url', $this->visible))$array['url'] = $this->getUrl(); | ||||
|         if(empty($this->visible) || in_array('preview_url', $this->visible))$array['preview_url'] = $this->getPreviewUrl(); | ||||
|          | ||||
| 
 | ||||
|         return $array; | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     public function cloneDocument(){ | ||||
|         $document = Document::createNew($this); | ||||
|         $document->path = $this->path; | ||||
| @ -219,7 +216,7 @@ class Document extends EntityModel | ||||
|         $document->size = $this->size; | ||||
|         $document->width = $this->width; | ||||
|         $document->height = $this->height; | ||||
|          | ||||
| 
 | ||||
|         return $document; | ||||
|     } | ||||
| } | ||||
| @ -230,11 +227,11 @@ Document::deleted(function ($document) { | ||||
|         ->where('documents.path', '=', $document->path) | ||||
|         ->where('documents.disk', '=', $document->disk) | ||||
|         ->count(); | ||||
|      | ||||
| 
 | ||||
|     if(!$same_path_count){ | ||||
|         $document->getDisk()->delete($document->path); | ||||
|     } | ||||
|      | ||||
| 
 | ||||
|     if($document->preview){ | ||||
|         $same_preview_count = DB::table('documents') | ||||
|             ->where('documents.account_id', '=', $document->account_id) | ||||
| @ -245,5 +242,5 @@ Document::deleted(function ($document) { | ||||
|             $document->getDisk()->delete($document->preview); | ||||
|         } | ||||
|     } | ||||
|      | ||||
| }); | ||||
| 
 | ||||
| }); | ||||
|  | ||||
| @ -378,7 +378,7 @@ | ||||
|         } | ||||
| 
 | ||||
|         window.countUploadingDocuments = 0; | ||||
|         @if (Auth::user()->account->hasFeature(FEATURE_DOCUMENTS)) | ||||
| 
 | ||||
|         function handleDocumentAdded(file){ | ||||
|             // open document when clicked
 | ||||
|             if (file.url) { | ||||
| @ -419,7 +419,7 @@ | ||||
|         function handleDocumentError() { | ||||
|             window.countUploadingDocuments--; | ||||
|         } | ||||
|         @endif | ||||
|          | ||||
|     </script> | ||||
| 
 | ||||
| @stop | ||||
|  | ||||
| @ -222,7 +222,7 @@ | ||||
|                 @endif | ||||
| 				<th style="min-width:120px" data-bind="text: costLabel">{{ $invoiceLabels['unit_cost'] }}</th> | ||||
| 				<th style="{{ $account->hide_quantity ? 'display:none' : 'min-width:120px' }}" data-bind="text: qtyLabel">{{ $invoiceLabels['quantity'] }}</th> | ||||
| 				<th style="min-width:180px;display:none;" data-bind="visible: $root.invoice_item_taxes.show">{{ trans('texts.tax') }}</th> | ||||
| 				<th style="min-width:120px;display:none;" data-bind="visible: $root.invoice_item_taxes.show">{{ trans('texts.tax') }}</th> | ||||
| 				<th style="min-width:120px;">{{ trans('texts.line_total') }}</th> | ||||
| 				<th style="min-width:32px;" class="hide-border"></th> | ||||
| 			</tr> | ||||
| @ -1409,7 +1409,7 @@ | ||||
|     } | ||||
| 
 | ||||
|     window.countUploadingDocuments = 0; | ||||
|     @if ($account->hasFeature(FEATURE_DOCUMENTS)) | ||||
| 
 | ||||
|     function handleDocumentAdded(file){ | ||||
|         // open document when clicked
 | ||||
|         if (file.url) { | ||||
| @ -1454,7 +1454,6 @@ | ||||
|     function handleDocumentError() { | ||||
|         window.countUploadingDocuments--; | ||||
|     } | ||||
|     @endif | ||||
| 
 | ||||
| 	</script> | ||||
|     @if ($account->hasFeature(FEATURE_DOCUMENTS) && $account->invoice_embed_documents) | ||||
|  | ||||
| @ -4,7 +4,7 @@ | ||||
|     @if (isset($hideLogo) && $hideLogo) | ||||
|         <title>{{ trans('texts.client_portal') }}</title> | ||||
|     @else | ||||
|         <title>{{ isset($title) ? ($title . ' | Invoice Ninja') : ('Invoice Ninja | ' . trans('texts.app_title')) }}</title>  | ||||
|         <title>{{ isset($title) ? ($title . ' | Invoice Ninja') : ('Invoice Ninja | ' . trans('texts.app_title')) }}</title> | ||||
|         <meta name="description" content="{{ isset($description) ? $description : trans('texts.app_description') }}" /> | ||||
|         <link href="{{ asset('favicon-v2.png') }}" rel="shortcut icon" type="image/png"> | ||||
|     @endif | ||||
| @ -22,24 +22,37 @@ | ||||
|     <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||||
|     <meta name="csrf-token" content="{{ csrf_token() }}"> | ||||
|     <meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||||
|     <meta name="msapplication-config" content="none"/>  | ||||
|     <meta name="msapplication-config" content="none"/> | ||||
| 
 | ||||
|     <!-- http://stackoverflow.com/questions/19012698/browser-cache-issues-in-laravel-4-application --> | ||||
|     <meta http-equiv="cache-control" content="max-age=0" /> | ||||
|     <meta http-equiv="cache-control" content="no-cache" /> | ||||
|     <meta http-equiv="cache-control" content="no-store" /> | ||||
|     <meta http-equiv="cache-control" content="must-revalidate" /> | ||||
|     <meta http-equiv="expires" content="0" /> | ||||
|     <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> | ||||
|     <meta http-equiv="pragma" content="no-cache" /> | ||||
| 
 | ||||
|     <link rel="canonical" href="{{ NINJA_APP_URL }}/{{ Request::path() }}" /> | ||||
| 
 | ||||
|     <script src="{{ asset('built.js') }}?no_cache={{ NINJA_VERSION }}" type="text/javascript"></script>     | ||||
|     <script src="{{ asset('built.js') }}?no_cache={{ NINJA_VERSION }}" type="text/javascript"></script> | ||||
| 
 | ||||
|     <script type="text/javascript"> | ||||
|         var NINJA = NINJA || {}; | ||||
|         NINJA.fontSize = 9; | ||||
|         NINJA.isRegistered = {{ \Utils::isRegistered() ? 'true' : 'false' }}; | ||||
|          | ||||
| 
 | ||||
|         window.onerror = function (errorMsg, url, lineNumber, column, error) { | ||||
|             if (errorMsg.indexOf('Script error.') > -1) { | ||||
|                 return; | ||||
|             } | ||||
| 
 | ||||
|             if (errorMsg.indexOf('No unicode cmap for font') > -1) { | ||||
|                 alert("Please force refresh the page to update the font cache.\n\n - Windows: Ctrl + F5\n - Mac/Apple: Apple + R or Command + R\n - Linux: F5"); | ||||
|             } | ||||
| 
 | ||||
|             try { | ||||
|                 // Use StackTraceJS to parse the error context 
 | ||||
|                 // Use StackTraceJS to parse the error context
 | ||||
|                 if (error) { | ||||
|                     var message = error.message ? error.message : error; | ||||
|                     StackTrace.fromError(error).then(function(result) { | ||||
| @ -51,7 +64,7 @@ | ||||
|                 } else { | ||||
|                     logError(errorMsg); | ||||
|                 } | ||||
|                  | ||||
| 
 | ||||
|                 trackEvent('/error', errorMsg); | ||||
|             } catch(err) {} | ||||
| 
 | ||||
| @ -78,7 +91,7 @@ | ||||
|                 'sSearch': '' | ||||
|             } | ||||
|         } ); | ||||
|          | ||||
| 
 | ||||
|         /* This causes problems with some languages. ie, fr_CA | ||||
| 		var appLocale = '{{App::getLocale()}}'; | ||||
|         $.extend( true, $.fn.datepicker.defaults, { | ||||
| @ -108,7 +121,7 @@ | ||||
|                 _fbq.loaded = true; | ||||
|              } | ||||
|             })(); | ||||
|              | ||||
| 
 | ||||
|         @else | ||||
|             function fbq() { | ||||
|                 // do nothing
 | ||||
| @ -116,7 +129,7 @@ | ||||
|         @endif | ||||
| 
 | ||||
|         window._fbq = window._fbq || []; | ||||
|              | ||||
| 
 | ||||
|     </script> | ||||
| 
 | ||||
| 
 | ||||
| @ -132,7 +145,7 @@ | ||||
| 
 | ||||
| <body class="body"> | ||||
| 
 | ||||
|     @if (isset($_ENV['TAG_MANAGER_KEY']) && $_ENV['TAG_MANAGER_KEY'])   | ||||
|     @if (isset($_ENV['TAG_MANAGER_KEY']) && $_ENV['TAG_MANAGER_KEY']) | ||||
|     <!-- Google Tag Manager --> | ||||
|     <noscript><iframe src="//www.googletagmanager.com/ns.html?id={{ $_ENV['TAG_MANAGER_KEY'] }}" | ||||
|         height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> | ||||
| @ -140,20 +153,20 @@ | ||||
|             new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], | ||||
|         j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= | ||||
|         '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); | ||||
|     })(window,document,'script','dataLayer','{{ $_ENV['TAG_MANAGER_KEY'] }}');</script>       | ||||
|     })(window,document,'script','dataLayer','{{ $_ENV['TAG_MANAGER_KEY'] }}');</script> | ||||
|     <!-- End Google Tag Manager --> | ||||
| 
 | ||||
|     <script> | ||||
|         function trackEvent(category, action) {} | ||||
|     </script> | ||||
|     @elseif (isset($_ENV['ANALYTICS_KEY']) && $_ENV['ANALYTICS_KEY'])   | ||||
|     @elseif (isset($_ENV['ANALYTICS_KEY']) && $_ENV['ANALYTICS_KEY']) | ||||
|     <script> | ||||
|         (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ | ||||
|             (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), | ||||
|             m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) | ||||
|         })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); | ||||
| 
 | ||||
|         ga('create', '{{ $_ENV['ANALYTICS_KEY'] }}', 'auto');         | ||||
|         ga('create', '{{ $_ENV['ANALYTICS_KEY'] }}', 'auto'); | ||||
|         ga('send', 'pageview'); | ||||
| 
 | ||||
|         function trackEvent(category, action) { | ||||
| @ -165,7 +178,7 @@ | ||||
|         function trackEvent(category, action) {} | ||||
|     </script> | ||||
|     @endif | ||||
|      | ||||
| 
 | ||||
| @yield('body') | ||||
| 
 | ||||
| <script type="text/javascript"> | ||||
| @ -174,7 +187,7 @@ | ||||
|     $(function() { | ||||
|         $('form.warn-on-exit input, form.warn-on-exit textarea, form.warn-on-exit select').change(function() { | ||||
|             NINJA.formIsChanged = true; | ||||
|         });  | ||||
|         }); | ||||
| 
 | ||||
|         @if (Session::has('trackEventCategory') && Session::has('trackEventAction')) | ||||
|             @if (Session::get('trackEventAction') === '/buy_pro_plan') | ||||
| @ -195,12 +208,12 @@ | ||||
|         } else { | ||||
|             return undefined; | ||||
|         } | ||||
|     });  | ||||
|     }); | ||||
|     function openUrl(url, track) { | ||||
|         trackEvent('/view_link', track ? track : url); | ||||
|         window.open(url, '_blank'); | ||||
|     } | ||||
| </script>  | ||||
| </script> | ||||
| 
 | ||||
| </body> | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user