Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check user email isn't taken in lookup tables

Browse Source
This commit is contained in:
Hillel Coren 2017-05-01 21:46:31 +03:00
parent ebf5a9163c
commit d4f25fe490
6 changed files with 70 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Console/Commands/InitLookup.php
View File

@ -19,7 +19,7 @@ class InitLookup extends Command
* *
* @var string * @var string
*/ */
protected $signature = 'ninja:init-lookup {--truncate=} {--company_id=}'; protected $signature = 'ninja:init-lookup {--truncate=} {--company_id=} {--page_size=100}';
/** /**
* The console command description. * The console command description.
@ -65,7 +65,7 @@ class InitLookup extends Command
->where('id', '>=', $this->option('company_id') ?: 1) ->where('id', '>=', $this->option('company_id') ?: 1)
->count(); ->count();
for ($i=0; $i<$count; $i += 100) { for ($i=0; $i<$count; $i += (int) $this->option('page_size')) {
$this->initCompanies($dbServer->id, $i); $this->initCompanies($dbServer->id, $i);
} }
} }
@ -79,7 +79,7 @@ class InitLookup extends Command
$companies = DB::table('companies') $companies = DB::table('companies')
->offset($offset) ->offset($offset)
->limit(100) ->limit((int) $this->option('page_size'))
->orderBy('id') ->orderBy('id')
->where('id', '>=', $this->option('company_id') ?: 1) ->where('id', '>=', $this->option('company_id') ?: 1)
->get(['id']); ->get(['id']);
@ -196,7 +196,7 @@ class InitLookup extends Command
DB::statement('truncate lookup_users'); DB::statement('truncate lookup_users');
DB::statement('truncate lookup_contacts'); DB::statement('truncate lookup_contacts');
DB::statement('truncate lookup_invitations'); DB::statement('truncate lookup_invitations');
DB::statement('truncate lookup_tokens'); DB::statement('truncate lookup_account_tokens');
DB::statement('SET FOREIGN_KEY_CHECKS = 1'); DB::statement('SET FOREIGN_KEY_CHECKS = 1');
} }
@ -205,6 +205,7 @@ class InitLookup extends Command
return [ return [
['truncate', null, InputOption::VALUE_OPTIONAL, 'Truncate', null], ['truncate', null, InputOption::VALUE_OPTIONAL, 'Truncate', null],
['company_id', null, InputOption::VALUE_OPTIONAL, 'Company Id', null], ['company_id', null, InputOption::VALUE_OPTIONAL, 'Company Id', null],
['page_size', null, InputOption::VALUE_OPTIONAL, 'Page Size', null],
]; ];
} }

4
app/Http/Controllers/AccountApiController.php
View File

@ -39,6 +39,10 @@ class AccountApiController extends BaseAPIController
public function register(RegisterRequest $request) public function register(RegisterRequest $request)
{ {
if (! \App\Models\LookupUser::validateEmail()) {
return $this->errorResponse(['message' => trans('texts.email_taken')], 500);
}
$account = $this->accountRepo->create($request->first_name, $request->last_name, $request->email, $request->password); $account = $this->accountRepo->create($request->first_name, $request->last_name, $request->email, $request->password);
$user = $account->users()->first(); $user = $account->users()->first();

27
app/Http/Controllers/AccountController.php
View File

@ -1085,6 +1085,14 @@ class AccountController extends BaseController
{ {
/** @var \App\Models\User $user */ /** @var \App\Models\User $user */
$user = Auth::user(); $user = Auth::user();
$email = trim(strtolower(Input::get('email')));
if (! \App\Models\LookupUser::validateEmail($email, $user)) {
return Redirect::to('settings/' . ACCOUNT_USER_DETAILS)
->withError(trans('texts.email_taken'))
->withInput();
}
$rules = ['email' => 'email|required|unique:users,email,'.$user->id.',id']; $rules = ['email' => 'email|required|unique:users,email,'.$user->id.',id'];
$validator = Validator::make(Input::all(), $rules); $validator = Validator::make(Input::all(), $rules);
@ -1095,8 +1103,8 @@ class AccountController extends BaseController
} else { } else {
$user->first_name = trim(Input::get('first_name')); $user->first_name = trim(Input::get('first_name'));
$user->last_name = trim(Input::get('last_name')); $user->last_name = trim(Input::get('last_name'));
$user->username = trim(Input::get('email')); $user->username = $email;
$user->email = trim(strtolower(Input::get('email'))); $user->email = $email;
$user->phone = trim(Input::get('phone')); $user->phone = trim(Input::get('phone'));
if (! Auth::user()->is_admin) { if (! Auth::user()->is_admin) {
@ -1193,8 +1201,15 @@ class AccountController extends BaseController
*/ */
public function checkEmail() public function checkEmail()
{ {
$email = User::withTrashed()->where('email', '=', Input::get('email')) $email = trim(strtolower(Input::get('email')));
->where('id', '<>', Auth::user()->registered ? 0 : Auth::user()->id) $user = Auth::user();
if (! \App\Models\LookupUser::validateEmail($email, $user)) {
return 'taken';
}
$email = User::withTrashed()->where('email', '=', $email)
->where('id', '<>', $user->registered ? 0 : $user->id)
->first(); ->first();
if ($email) { if ($email) {
@ -1234,6 +1249,10 @@ class AccountController extends BaseController
$email = trim(strtolower(Input::get('new_email'))); $email = trim(strtolower(Input::get('new_email')));
$password = trim(Input::get('new_password')); $password = trim(Input::get('new_password'));
if (! \App\Models\LookupUser::validateEmail($email, $user)) {
return '';
}
if ($user->registered) { if ($user->registered) {
$newAccount = $this->accountRepo->create($firstName, $lastName, $email, $password, $account->company); $newAccount = $this->accountRepo->create($firstName, $lastName, $email, $password, $account->company);
$newUser = $newAccount->users()->first(); $newUser = $newAccount->users()->first();

11
app/Http/Controllers/UserController.php
View File

@ -170,13 +170,22 @@ class UserController extends BaseController
$rules['email'] = 'required|email|unique:users,email,'.$user->id.',id'; $rules['email'] = 'required|email|unique:users,email,'.$user->id.',id';
} else { } else {
$user = false;
$rules['email'] = 'required|email|unique:users'; $rules['email'] = 'required|email|unique:users';
} }
$validator = Validator::make(Input::all(), $rules); $validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) { if ($validator->fails()) {
return Redirect::to($userPublicId ? 'users/edit' : 'users/create')->withInput()->withErrors($validator); return Redirect::to($userPublicId ? 'users/edit' : 'users/create')
->withErrors($validator)
->withInput();
}
if (! \App\Models\LookupUser::validateEmail($email, $user)) {
return Redirect::to($userPublicId ? 'users/edit' : 'users/create')
->withError(trans('texts.email_taken'))
->withInput();
} }
if ($userPublicId) { if ($userPublicId) {

23
app/Models/LookupUser.php
View File

@ -42,4 +42,27 @@ class LookupUser extends LookupModel
config(['database.default' => $current]); config(['database.default' => $current]);
} }
public static function validateEmail($email, $user = false)
{
if (! env('MULTI_DB_ENABLED')) {
return true;
}
$current = config('database.default');
config(['database.default' => DB_NINJA_LOOKUP]);
$lookupUser = LookupUser::whereEmail($email)->first();
if ($user) {
$lookupAccount = LookupAccount::whereAccountKey($user->account->account_key)->firstOrFail();
$isValid = ! $lookupUser || ($lookupUser->lookup_account_id == $lookupAccount->id && $lookupUser->user_id == $user->id);
} else {
$isValid = ! $lookupUser;
}
config(['database.default' => $current]);
return $isValid;
}
} }

6
app/Ninja/Repositories/AccountRepository.php
View File

@ -449,12 +449,16 @@ class AccountRepository
if (! $user->registered) { if (! $user->registered) {
$rules = ['email' => 'email|required|unique:users,email,'.$user->id.',id']; $rules = ['email' => 'email|required|unique:users,email,'.$user->id.',id'];
$validator = Validator::make(['email' => $email], $rules); $validator = Validator::make(['email' => $email], $rules);
if ($validator->fails()) { if ($validator->fails()) {
$messages = $validator->messages(); $messages = $validator->messages();
return $messages->first('email'); return $messages->first('email');
} }
if (! \App\Models\LookupUser::validateEmail($email, $user)) {
return trans('texts.email_taken');
}
$user->email = $email; $user->email = $email;
$user->first_name = $firstName; $user->first_name = $firstName;
$user->last_name = $lastName; $user->last_name = $lastName;