close #700 Fixed: Signed url not working

akaunting · Dec 26, 2018 · c914c73 · c914c73
1 parent 1ec85c8
commit c914c73
Show file tree

Hide file tree

Showing 9 changed files with 66 additions and 33 deletions.
diff --git a/app/Http/Controllers/Customers/Invoices.php b/app/Http/Controllers/Customers/Invoices.php
@@ -222,12 +222,12 @@ public function link(Invoice $invoice, Request $request)
             $codes = explode('.', $payment_method_key);
 
             if (!isset($payment_actions[$codes[0]])) {
-                $payment_actions[$codes[0]] = SignedUrl::sign(url('links/invoices/' . $invoice->id . '/' . $codes[0]), 1);
+                $payment_actions[$codes[0]] = SignedUrl::sign(url('signed/invoices/' . $invoice->id . '/' . $codes[0]), 1);
             }
         }
 
-        $print_action = SignedUrl::sign(url('links/invoices/' . $invoice->id . '/print'), 1);
-        $pdf_action = SignedUrl::sign(url('links/invoices/' . $invoice->id . '/pdf'), 1);
+        $print_action = SignedUrl::sign(route('signed.invoices.print', $invoice->id), 1);
+        $pdf_action = SignedUrl::sign(route('signed.invoices.pdf', $invoice->id), 1);
 
         return view('customers.invoices.link', compact('invoice', 'accounts', 'currencies', 'account_currency_code', 'customers', 'categories', 'payment_methods', 'payment_actions', 'print_action', 'pdf_action'));
     }

diff --git a/app/Http/Controllers/Incomes/Invoices.php b/app/Http/Controllers/Incomes/Invoices.php
@@ -85,7 +85,7 @@ public function show(Invoice $invoice)
 
         $payment_methods = Modules::getPaymentMethods();
 
-        $customer_share = SignedUrl::sign(url('links/invoices/' . $invoice->id));
+        $customer_share = SignedUrl::sign(route('signed.invoices', $invoice->id));
 
         return view('incomes.invoices.show', compact('invoice', 'accounts', 'currencies', 'account_currency_code', 'customers', 'categories', 'payment_methods', 'customer_share'));
     }

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -75,8 +75,18 @@ class Kernel extends HttpKernel
         ],
 
         'signed' => [
+            \App\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \App\Http\Middleware\VerifyCsrfToken::class,
             'signed-url',
             'signed-url.company',
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            \App\Http\Middleware\RedirectIfNotInstalled::class,
+            \App\Http\Middleware\AddXHeader::class,
+            'company.settings',
+            'company.currencies',
         ]
     ];
 

diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
@@ -39,6 +39,8 @@ public function map()
 
         $this->mapWebRoutes();
 
+        $this->mapSignedRoutes();
+
         //
     }
 
@@ -52,8 +54,23 @@ public function map()
     protected function mapWebRoutes()
     {
         Route::middleware('web')
-             ->namespace($this->namespace)
-             ->group(base_path('routes/web.php'));
+                ->namespace($this->namespace)
+                ->group(base_path('routes/web.php'));
+    }
+
+    /**
+     * Define the "signed" routes for the application.
+     *
+     * These routes all receive session state, CSRF protection, etc.
+     *
+     * @return void
+     */
+    protected function mapSignedRoutes()
+    {
+        Route::prefix('signed')
+                ->middleware('signed')
+                ->namespace($this->namespace)
+                ->group(base_path('routes/signed.php'));
     }
 
     /**
@@ -66,8 +83,8 @@ protected function mapWebRoutes()
     protected function mapApiRoutes()
     {
         Route::prefix('api')
-             ->middleware('api')
-             ->namespace($this->namespace)
-             ->group(base_path('routes/api.php'));
+                ->middleware('api')
+                ->namespace($this->namespace)
+                ->group(base_path('routes/api.php'));
     }
 }
diff --git a/modules/OfflinePayment/Http/Controllers/OfflinePayment.php b/modules/OfflinePayment/Http/Controllers/OfflinePayment.php
@@ -67,7 +67,7 @@ public function link(Invoice $invoice, PaymentRequest $request)
             }
         }
 
-        $confirm_action = SignedUrl::sign(url('links/invoices/' . $invoice->id . '/offlinepayment/confirm'), 1);
+        $confirm_action = SignedUrl::sign(url('signed/invoices/' . $invoice->id . '/offlinepayment/confirm'), 1);
 
         $html = view('offlinepayment::link', compact('gateway', 'invoice', 'confirm_action'))->render();
 

diff --git a/modules/OfflinePayment/Http/routes.php b/modules/OfflinePayment/Http/routes.php
@@ -12,7 +12,7 @@
 });
 
 Route::group([
-    'middleware' => ['web', 'auth', 'language', 'customermenu', 'permission:read-customer-panel'],
+    'middleware' => 'customer',
     'prefix' => 'customers',
     'namespace' => 'Modules\OfflinePayment\Http\Controllers'
 ], function () {
@@ -21,12 +21,10 @@
 });
 
 Route::group([
-    'middleware' => ['web', 'language'],
-    'prefix' => 'links',
+    'middleware' => ['signed', 'language'],
+    'prefix' => 'signed',
     'namespace' => 'Modules\OfflinePayment\Http\Controllers'
 ], function () {
-    Route::group(['middleware' => 'signed-url'], function () {
-        Route::post('invoices/{invoice}/offlinepayment', 'OfflinePayment@link');
-        Route::post('invoices/{invoice}/offlinepayment/confirm', 'OfflinePayment@confirm');
-    });
+    Route::post('invoices/{invoice}/offlinepayment', 'OfflinePayment@link');
+    Route::post('invoices/{invoice}/offlinepayment/confirm', 'OfflinePayment@confirm');
 });
diff --git a/modules/PaypalStandard/Http/routes.php b/modules/PaypalStandard/Http/routes.php
@@ -1,16 +1,25 @@
 <?php
 
-Route::group(['middleware' => ['web', 'auth', 'language', 'customermenu', 'permission:read-customer-panel'], 'prefix' => 'customers', 'namespace' => 'Modules\PaypalStandard\Http\Controllers'], function () {
+Route::group([
+    'middleware' => 'customer',
+    'prefix' => 'customers',
+    'namespace' => 'Modules\PaypalStandard\Http\Controllers'
+], function () {
     Route::get('invoices/{invoice}/paypalstandard', 'PaypalStandard@show');
 });
 
-Route::group(['prefix' => 'customers', 'namespace' => 'Modules\PaypalStandard\Http\Controllers'], function () {
+Route::group([
+    'prefix' => 'customers',
+    'namespace' => 'Modules\PaypalStandard\Http\Controllers'
+], function () {
     Route::post('invoices/{invoice}/paypalstandard/result', 'PaypalStandard@result');
     Route::post('invoices/{invoice}/paypalstandard/callback', 'PaypalStandard@callback');
 });
 
-Route::group(['middleware' => ['web', 'language'], 'prefix' => 'links', 'namespace' => 'Modules\PaypalStandard\Http\Controllers'], function () {
-    Route::group(['middleware' => 'signed-url'], function () {
-        Route::post('invoices/{invoice}/paypalstandard', 'PaypalStandard@show');
-    });
+Route::group([
+    'middleware' => ['signed', 'language'],
+    'prefix' => 'signed',
+    'namespace' => 'Modules\PaypalStandard\Http\Controllers'
+], function () {
+    Route::post('invoices/{invoice}/paypalstandard', 'PaypalStandard@show');
 });
diff --git a/routes/signed.php b/routes/signed.php
@@ -0,0 +1,9 @@
+<?php
+
+Route::group(['middleware' => 'language'], function () {
+    Route::get('invoices/{invoice}', 'Customers\Invoices@link')->name('signed.invoices');
+    Route::get('invoices/{invoice}/print', 'Customers\Invoices@printInvoice')->name('signed.invoices.print');
+    Route::get('invoices/{invoice}/pdf', 'Customers\Invoices@pdfInvoice')->name('signed.invoices.pdf');
+    Route::post('invoices/{invoice}/payment', 'Customers\Invoices@payment')->name('signed.invoices.payment');
+    Route::post('invoices/{invoice}/confirm', 'Customers\Invoices@confirm')->name('signed.invoices.confirm');
+});
diff --git a/routes/web.php b/routes/web.php
@@ -237,16 +237,6 @@
         });
     });
 
-    Route::group(['middleware' => 'signed'], function () {
-        Route::group(['prefix' => 'links'], function () {
-            Route::get('invoices/{invoice}', 'Customers\Invoices@link');
-            Route::get('invoices/{invoice}/print', 'Customers\Invoices@printInvoice');
-            Route::get('invoices/{invoice}/pdf', 'Customers\Invoices@pdfInvoice');
-            Route::post('invoices/{invoice}/payment', 'Customers\Invoices@payment');
-            Route::post('invoices/{invoice}/confirm', 'Customers\Invoices@confirm');
-        });
-    });
-
     Route::group(['middleware' => 'guest'], function () {
         Route::group(['prefix' => 'auth'], function () {
             Route::get('login', 'Auth\Login@create')->name('login');