enforce authorize with cache key for oauth routes

2025-05-04 12:33:35 +10:00 · 2025-05-04 12:33:35 +10:00 · 7506bb790e
parent 802d932ada
commit 7506bb790e
4 changed files with 9 additions and 10 deletions
--- a/app/Helpers/Bank/Nordigen/Nordigen.php
+++ b/app/Helpers/Bank/Nordigen/Nordigen.php
@ -224,29 +224,28 @@ class Nordigen
     * isAccountActive
     *
     * @param  string $account_id
-     * @return bool
+     * @return array
     */
-    public function isAccountActive(string $account_id): bool
+    public function isAccountActive(string $account_id): array
    {
        try {
            $account = $this->client->account($account_id)->getAccountMetaData();

            if ($account['status'] != 'READY') {
                nlog("Nordigen account '{$account_id}' is not ready (status={$account['status']})");
-
-                return false;
            }

-            return true;
+            return $account;
+
        } catch (\Exception $e) {

            nlog("Nordigen:: AccountActiveStatus:: {$e->getMessage()} {$e->getCode()}");

            if (strpos($e->getMessage(), 'Invalid Account ID') !== false) {
-                return false;
+                ['status' => 'Invalid Account ID'];
            }

-            throw $e;
+            return ['status' => 'EXPIRED'];
        }
    }

--- a/app/Http/Controllers/BankIntegrationController.php
+++ b/app/Http/Controllers/BankIntegrationController.php
@ -291,7 +291,7 @@ class BankIntegrationController extends BaseController

                $nordigen->disabledAccountEmail($bank_integration);
                return;
-            } elseif (!$is_account_active || !$account || isset($account['requisition'])) {
+            } elseif ($is_account_active['status'] != 'READY' || !$account || isset($account['requisition'])) {
                $bank_integration->disabled_upstream = true;
                $bank_integration->save();

--- a/app/Http/Requests/GoCardless/OAuthConnectRequest.php
+++ b/app/Http/Requests/GoCardless/OAuthConnectRequest.php
@ -21,7 +21,7 @@ class OAuthConnectRequest extends FormRequest
 {
    public function authorize(): bool
    {
-        return true;
+        return Cache::has($this->token);
    }

    /**
--- a/app/Http/Requests/Yodlee/YodleeAuthRequest.php
+++ b/app/Http/Requests/Yodlee/YodleeAuthRequest.php
@ -32,7 +32,7 @@ class YodleeAuthRequest extends Request
     */
    public function authorize()
    {
-        return true;
+        return Cache::has($this->state ?? $this->token);
    }

    /**