From dbbd86063d0fef3034292405268f05b368d1bc76 Mon Sep 17 00:00:00 2001
From: = <turbo124@gmail.com>
Date: Mon, 31 Jan 2022 11:03:01 +1100
Subject: [PATCH 1/3] Purge clients - password protected route

---
 app/Http/Controllers/ClientController.php     | 71 ++++++++++++++++++-
 .../Requests/Client/PurgeClientRequest.php    | 27 +++++++
 routes/api.php                                |  1 +
 3 files changed, 97 insertions(+), 2 deletions(-)
 create mode 100644 app/Http/Requests/Client/PurgeClientRequest.php

diff --git a/app/Http/Controllers/ClientController.php b/app/Http/Controllers/ClientController.php
index a867b9045b77..f3f8155851aa 100644
--- a/app/Http/Controllers/ClientController.php
+++ b/app/Http/Controllers/ClientController.php
@@ -19,6 +19,7 @@ use App\Http\Requests\Client\AdjustClientLedgerRequest;
 use App\Http\Requests\Client\CreateClientRequest;
 use App\Http\Requests\Client\DestroyClientRequest;
 use App\Http\Requests\Client\EditClientRequest;
+use App\Http\Requests\Client\PurgeClientRequest;
 use App\Http\Requests\Client\ShowClientRequest;
 use App\Http\Requests\Client\StoreClientRequest;
 use App\Http\Requests\Client\UpdateClientRequest;
@@ -36,7 +37,7 @@ use App\Utils\Traits\SavesDocuments;
 use App\Utils\Traits\Uploadable;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
-
+use Illuminate\Support\Facades\Storage;
 /**
  * Class ClientController.
  * @covers App\Http\Controllers\ClientController
@@ -510,7 +511,7 @@ class ClientController extends BaseController
         $ids = request()->input('ids');
         $clients = Client::withTrashed()->whereIn('id', $this->transformKeys($ids))->cursor();
 
-        if(!in_array($action, ['restore','archive','delete','purge']))
+        if(!in_array($action, ['restore','archive','delete']))
             return response()->json(['message' => 'That action is not available.'], 400);
 
         $clients->each(function ($client, $key) use ($action) {
@@ -586,5 +587,71 @@ class ClientController extends BaseController
 
     }
 
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param UploadClientRequest $request
+     * @param Client $client
+     * @return Response
+     *
+     *
+     *
+     * @OA\Put(
+     *      path="/api/v1/clients/{id}/purge",
+     *      operationId="uploadClient",
+     *      tags={"clients"},
+     *      summary="Purges a client from the system",
+     *      description="Handles purging a client",
+     *      @OA\Parameter(ref="#/components/parameters/X-Api-Secret"),
+     *      @OA\Parameter(ref="#/components/parameters/X-Api-Token"),
+     *      @OA\Parameter(ref="#/components/parameters/X-Requested-With"),
+     *      @OA\Parameter(ref="#/components/parameters/include"),
+     *      @OA\Parameter(
+     *          name="id",
+     *          in="path",
+     *          description="The Client Hashed ID",
+     *          example="D2J234DFA",
+     *          required=true,
+     *          @OA\Schema(
+     *              type="string",
+     *              format="string",
+     *          ),
+     *      ),
+     *      @OA\Response(
+     *          response=200,
+     *          description="Returns the client object",
+     *          @OA\Header(header="X-MINIMUM-CLIENT-VERSION", ref="#/components/headers/X-MINIMUM-CLIENT-VERSION"),
+     *          @OA\Header(header="X-RateLimit-Remaining", ref="#/components/headers/X-RateLimit-Remaining"),
+     *          @OA\Header(header="X-RateLimit-Limit", ref="#/components/headers/X-RateLimit-Limit")
+     *       ),
+     *       @OA\Response(
+     *          response=422,
+     *          description="Validation error",
+     *          @OA\JsonContent(ref="#/components/schemas/ValidationError"),
+     *
+     *       ),
+     *       @OA\Response(
+     *           response="default",
+     *           description="Unexpected Error",
+     *           @OA\JsonContent(ref="#/components/schemas/Error"),
+     *       ),
+     *     )
+     */
+    public function purge(PurgeClientRequest $request, Client $client)
+    {
+        //delete all documents
+        $client->documents->each(function ($document){
+
+            Storage::disk(config('filesystems.default'))->delete($document->url);
+
+        });
+
+        //force delete the client
+        $this->client_repo->purge($client);
+
+        return response()->json(['message' => 'Success'], 200);
+
+        //todo add an event here using the client name as reference for purge event
+    }
 
 }
diff --git a/app/Http/Requests/Client/PurgeClientRequest.php b/app/Http/Requests/Client/PurgeClientRequest.php
new file mode 100644
index 000000000000..7b392c89cb94
--- /dev/null
+++ b/app/Http/Requests/Client/PurgeClientRequest.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\Requests\Client;
+
+use App\Http\Requests\Request;
+
+class PurgeClientRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize() : bool
+    {
+        return auth()->user()->isAdmin();
+    }
+}
diff --git a/routes/api.php b/routes/api.php
index ff853ab9f400..4e4721d76de4 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -40,6 +40,7 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale
     Route::resource('clients', 'ClientController'); // name = (clients. index / create / show / update / destroy / edit
     Route::put('clients/{client}/adjust_ledger', 'ClientController@adjustLedger')->name('clients.adjust_ledger');
     Route::put('clients/{client}/upload', 'ClientController@upload')->name('clients.upload');
+    Route::post('clients/{client}/purge', 'ClientController@purge')->name('clients.purge')->middleware('password_protected');
     Route::post('clients/bulk', 'ClientController@bulk')->name('clients.bulk');
 
     Route::post('filters/{entity}', 'FilterController@index')->name('filters');

From cea49c43fc3821b259e9080ca36173aa45f0c7b5 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 1 Feb 2022 10:03:51 +1100
Subject: [PATCH 2/3] Minor fixes

---
 app/Http/Requests/Request.php                             | 4 ++++
 app/Http/ValidationRules/Company/ValidCompanyQuantity.php | 8 +++++++-
 app/Http/ValidationRules/Ninja/CanStoreClientsRule.php    | 4 ++--
 app/PaymentDrivers/Authorize/AuthorizeCreateCustomer.php  | 2 +-
 app/PaymentDrivers/CheckoutCom/Utilities.php              | 2 +-
 app/Repositories/ActivityRepository.php                   | 2 +-
 6 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/app/Http/Requests/Request.php b/app/Http/Requests/Request.php
index a53cd70540c6..628fb76ef547 100644
--- a/app/Http/Requests/Request.php
+++ b/app/Http/Requests/Request.php
@@ -39,6 +39,10 @@ class Request extends FormRequest
             }
         }
 
+        //01-02-2022 needed for CSV Imports
+        if(!$merge_rules)
+            return $rules;
+
         return array_merge($merge_rules, $rules);
     }
 
diff --git a/app/Http/ValidationRules/Company/ValidCompanyQuantity.php b/app/Http/ValidationRules/Company/ValidCompanyQuantity.php
index 1e5de928edde..6dd88aab32d3 100644
--- a/app/Http/ValidationRules/Company/ValidCompanyQuantity.php
+++ b/app/Http/ValidationRules/Company/ValidCompanyQuantity.php
@@ -11,6 +11,7 @@
 
 namespace App\Http\ValidationRules\Company;
 
+use App\Utils\Ninja;
 use Illuminate\Contracts\Validation\Rule;
 
 /**
@@ -25,7 +26,12 @@ class ValidCompanyQuantity implements Rule
      */
     public function passes($attribute, $value)
     {
-        return auth()->user()->company()->account->companies->count() <= 10;
+        if(Ninja::isSelfHost())
+            return auth()->user()->company()->account->companies->count() < 10;
+
+
+        return auth()->user()->company()->account->companies->count() < auth()->user()->company()->account->hosted_company_count;
+
     }
 
     /**
diff --git a/app/Http/ValidationRules/Ninja/CanStoreClientsRule.php b/app/Http/ValidationRules/Ninja/CanStoreClientsRule.php
index a1523c2f2efd..23221c042c2b 100644
--- a/app/Http/ValidationRules/Ninja/CanStoreClientsRule.php
+++ b/app/Http/ValidationRules/Ninja/CanStoreClientsRule.php
@@ -35,7 +35,7 @@ class CanStoreClientsRule implements Rule
     {
         $company = Company::find($this->company_id);
 
-        return $company->clients->count() < config('ninja.quotas.free.clients');
+        return $company->clients->count() < $company->account->hosted_client_count;
     }
 
     /**
@@ -43,6 +43,6 @@ class CanStoreClientsRule implements Rule
      */
     public function message()
     {
-        return ctrans('texts.limit_clients', ['count' => config('ninja.quotas.free.clients')]);
+        return ctrans('texts.limit_clients', ['count' => $company->account->hosted_client_count]);
     }
 }
diff --git a/app/PaymentDrivers/Authorize/AuthorizeCreateCustomer.php b/app/PaymentDrivers/Authorize/AuthorizeCreateCustomer.php
index af39afbe3249..e170a5042968 100644
--- a/app/PaymentDrivers/Authorize/AuthorizeCreateCustomer.php
+++ b/app/PaymentDrivers/Authorize/AuthorizeCreateCustomer.php
@@ -44,7 +44,7 @@ class AuthorizeCreateCustomer
         $this->authorize->init();
         // Create the Bill To info for new payment type
 
-        $contact = $this->client->primary_contact()->first();
+        $contact = $this->client->primary_contact()->first() ?: $this->client->contacts()->first();
         $refId = 'ref'.time();
 
         // Create a new CustomerProfileType and add the payment profile object
diff --git a/app/PaymentDrivers/CheckoutCom/Utilities.php b/app/PaymentDrivers/CheckoutCom/Utilities.php
index eddc38495eba..3697f3d8c5c5 100644
--- a/app/PaymentDrivers/CheckoutCom/Utilities.php
+++ b/app/PaymentDrivers/CheckoutCom/Utilities.php
@@ -62,7 +62,7 @@ trait Utilities
 
         $data = [
             'payment_method' => $_payment->source['id'],
-            'payment_type' => PaymentType::parseCardType(strtolower($_payment->source['scheme'])),
+            'payment_type' => 12,
             'amount' => $this->getParent()->payment_hash->data->raw_value,
             'transaction_reference' => $_payment->id,
             'gateway_type_id' => GatewayType::CREDIT_CARD,
diff --git a/app/Repositories/ActivityRepository.php b/app/Repositories/ActivityRepository.php
index 6da7e24d398d..a4a771991813 100644
--- a/app/Repositories/ActivityRepository.php
+++ b/app/Repositories/ActivityRepository.php
@@ -54,7 +54,7 @@ class ActivityRepository extends BaseRepository
             $activity->token_id = $token_id;
         }
 
-        $activity->ip = $event_vars['ip'];
+        $activity->ip = $event_vars['ip'] ?: ' ';
         $activity->is_system = $event_vars['is_system'];
 
         $activity->save();

From 9f068e62fffa91e6d0ca578a6d11e4b83f58bd91 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 1 Feb 2022 13:55:11 +1100
Subject: [PATCH 3/3] Clean up routes

---
 routes/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routes/api.php b/routes/api.php
index 4e4721d76de4..2ae7c343f9f5 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -213,7 +213,7 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale
     Route::resource('subscriptions', 'SubscriptionController');
     Route::post('subscriptions/bulk', 'SubscriptionController@bulk')->name('subscriptions.bulk');
     Route::get('statics', 'StaticController');
-    Route::post('apple_pay/upload_file','ApplyPayController@upload');
+    // Route::post('apple_pay/upload_file','ApplyPayController@upload');
 
 });