From a584c21670ebda5bc1bbdcbed5ce7c6d032e442a Mon Sep 17 00:00:00 2001
From: Bubka <858858+Bubka@users.noreply.github.com>
Date: Wed, 19 Apr 2023 08:38:48 +0200
Subject: [PATCH] Set user to orphan 2FAs/groups when behind auth proxy - Fix
 #176

---
 app/Api/v1/Controllers/GroupController.php       |  9 +++++++++
 app/Api/v1/Controllers/TwoFAccountController.php |  9 +++++++++
 app/Models/Group.php                             | 11 +++++++++++
 app/Models/TwoFAccount.php                       | 11 +++++++++++
 app/Services/GroupService.php                    | 14 ++++++++++++++
 app/Services/TwoFAccountService.php              | 15 +++++++++++++++
 6 files changed, 69 insertions(+)

diff --git a/app/Api/v1/Controllers/GroupController.php b/app/Api/v1/Controllers/GroupController.php
index 11f50375..a9756a61 100644
--- a/app/Api/v1/Controllers/GroupController.php
+++ b/app/Api/v1/Controllers/GroupController.php
@@ -9,6 +9,7 @@
 use App\Facades\Groups;
 use App\Http\Controllers\Controller;
 use App\Models\Group;
+use App\Models\User;
 use Illuminate\Http\Request;
 
 class GroupController extends Controller
@@ -20,6 +21,14 @@ class GroupController extends Controller
      */
     public function index(Request $request)
     {
+        // Quick fix for #176
+        if (config('auth.defaults.guard') === 'reverse-proxy-guard' && User::count() === 1) {
+            if (Group::orphans()->exists()) {
+                $groups = Group::orphans()->get();
+                Groups::setUser($groups, $request->user());
+            }
+        }
+        
         // We do not use fluent call all over the call chain to ease tests
         $user   = $request->user();
         $groups = $user->groups()->withCount('twofaccounts')->get();
diff --git a/app/Api/v1/Controllers/TwoFAccountController.php b/app/Api/v1/Controllers/TwoFAccountController.php
index 5b1b0767..cfb49d49 100644
--- a/app/Api/v1/Controllers/TwoFAccountController.php
+++ b/app/Api/v1/Controllers/TwoFAccountController.php
@@ -18,6 +18,7 @@
 use App\Helpers\Helpers;
 use App\Http\Controllers\Controller;
 use App\Models\TwoFAccount;
+use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Arr;
 
@@ -30,6 +31,14 @@ class TwoFAccountController extends Controller
      */
     public function index(Request $request)
     {
+        // Quick fix for #176
+        if (config('auth.defaults.guard') === 'reverse-proxy-guard' && User::count() === 1) {
+            if (TwoFAccount::orphans()->exists()) {
+                $twofaccounts = TwoFAccount::orphans()->get();
+                TwoFAccounts::setUser($twofaccounts, $request->user());
+            }
+        }
+
         return new TwoFAccountCollection($request->user()->twofaccounts->sortBy('order_column'));
     }
 
diff --git a/app/Models/Group.php b/app/Models/Group.php
index 5d542a68..7717f62b 100644
--- a/app/Models/Group.php
+++ b/app/Models/Group.php
@@ -103,4 +103,15 @@ public function user()
    {
        return $this->belongsTo(\App\Models\User::class);
    }
+
+   /**
+    * Scope a query to only include orphan (userless) groups.
+    *
+    * @param  \Illuminate\Database\Eloquent\Builder<User>  $query
+    * @return \Illuminate\Database\Eloquent\Builder<User>
+    */
+   public function scopeOrphans($query)
+   {
+       return $query->where('user_id', null);
+   }
 }
diff --git a/app/Models/TwoFAccount.php b/app/Models/TwoFAccount.php
index bf884e3a..6a093c8f 100644
--- a/app/Models/TwoFAccount.php
+++ b/app/Models/TwoFAccount.php
@@ -215,6 +215,17 @@ public function user()
         return $this->belongsTo(\App\Models\User::class);
     }
 
+    /**
+     * Scope a query to only include orphan (userless) accounts.
+     *
+     * @param  \Illuminate\Database\Eloquent\Builder<User>  $query
+     * @return \Illuminate\Database\Eloquent\Builder<User>
+     */
+    public function scopeOrphans($query)
+    {
+        return $query->where('user_id', null);
+    }
+
     /**
      * Get legacy_uri attribute
      *
diff --git a/app/Services/GroupService.php b/app/Services/GroupService.php
index e136351a..0f360dc8 100644
--- a/app/Services/GroupService.php
+++ b/app/Services/GroupService.php
@@ -60,6 +60,20 @@ public static function prependTheAllGroup(Collection $groups, User $user) : Coll
         return $groups->prepend($theAllGroup);
     }
 
+    /**
+     * Set owner of given groups
+     * 
+     * @param  Collection<int, Group>  $groups
+     * @param  \App\Models\User  $user
+     */
+    public static function setUser(Collection $groups, User $user) : void
+    {
+        $groups->each(function ($group, $key) use ($user) {
+            $group->user_id = $user->id;
+            $group->save();
+        });
+    }
+
     /**
      * Determines the default group of the given user
      *
diff --git a/app/Services/TwoFAccountService.php b/app/Services/TwoFAccountService.php
index d0c7bdb9..086f6709 100644
--- a/app/Services/TwoFAccountService.php
+++ b/app/Services/TwoFAccountService.php
@@ -5,6 +5,7 @@
 use App\Factories\MigratorFactoryInterface;
 use App\Helpers\Helpers;
 use App\Models\TwoFAccount;
+use App\Models\User;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
@@ -93,6 +94,20 @@ public static function delete($ids) : int
         return $deleted;
     }
 
+    /**
+     * Set owner of given twofaccounts
+     * 
+     * @param  \Illuminate\Support\Collection<int, TwoFAccount>  $twofaccounts
+     * @param  \App\Models\User  $user
+     */
+    public static function setUser(Collection $twofaccounts, User $user) : void
+    {
+        $twofaccounts->each(function ($twofaccount, $key) use ($user) {
+            $twofaccount->user_id = $user->id;
+            $twofaccount->save();
+        });
+    }
+
     /**
      * Return the given collection with items marked as Duplicates (using id=-1) if similar records exist
      * in the authenticated user accounts