modified middleware

app/Http/Controllers/HomeController.php

@@ -13,6 +13,22 @@ use Illuminate\Support\Facades\DB;
 
 class HomeController extends Controller
 {
+
+    public function confirmSmsAuthToken(Request $request)
+    {
+        return view('app/confirm_sms_auth_token');
+    }
+
+    public function setPassword(Request $request)
+    {
+        return view('app/set_password');
+    }
+
+    public function setSecurityQuestions(Request $request)
+    {
+        return view('app/set_security_questions');
+    }
+
     public function dashboard(Request $request)
     {
 
@@ -56,43 +72,43 @@ class HomeController extends Controller
         $keyNumbers['pendingNotesToSign'] = $pendingNotesToSign;
 
         $reimbursement = [];
-        $reimbursement["currentBalance"] = '$'.$performer->pro->balance;
+        $reimbursement["currentBalance"] = '$' . $performer->pro->balance;
         $reimbursement["nextPaymentDate"] = '--';
         $lastPayment = ProTransaction::where('pro_id', $performerProID)->where('plus_or_minus', 'PLUS')->orderBy('created_at', 'DESC')->first();
         if ($lastPayment) {
-            $reimbursement["lastPayment"] = '$'.$lastPayment->amount;
+            $reimbursement["lastPayment"] = '$' . $lastPayment->amount;
             $reimbursement["lastPaymentDate"] = $lastPayment->created_at;
         } else {
             $reimbursement["lastPayment"] = '--';
             $reimbursement["lastPaymentDate"] = '--';
         }
 
-         //if today is < 15th, next payment is 15th, else nextPayment is
-         $today = strtotime(date('Y-m-d'));
-         $todayDate = date('j', $today);
-
-         $todayMonth =  date('m', $today);
-         $todayYear = date('Y', $today);
-         if($todayDate < 15){
-             $nextPaymentDate = new DateTime();
-             $nextPaymentDate->setDate($todayYear, $todayMonth, 15);
-             $reimbursement['nextPaymentDate'] = $nextPaymentDate->format('m/d/Y');
-         }else{
-             $nextPaymentDate = new \DateTime();
-             $lastDayOfMonth = date('t', $today);
-             $nextPaymentDate->setDate($todayYear, $todayMonth, $lastDayOfMonth);
-             $reimbursement['nextPaymentDate'] = $nextPaymentDate->format('m/d/Y');
-         }
-
-         //expectedPay
-        $expectedForHcp = DB::select(DB::raw("SELECT coalesce(SUM(hcp_expected_payment_amount),0) as expected_pay FROM bill WHERE hcp_pro_id = :performerProID  AND has_hcp_been_paid = false AND is_cancelled = false"), ['performerProID'=>$performerProID])[0]->expected_pay;
-        $expectedForCm = DB::select(DB::raw("SELECT coalesce(SUM(cm_expected_payment_amount),0) as expected_pay  FROM bill WHERE cm_pro_id = :performerProID  AND has_cm_been_paid = false AND is_cancelled = false"), ['performerProID'=>$performerProID])[0]->expected_pay;
-        $expectedForRme = DB::select(DB::raw("SELECT coalesce(SUM(rme_expected_payment_amount),0) as expected_pay  FROM bill WHERE rme_pro_id = :performerProID  AND has_rme_been_paid = false AND is_cancelled = false"), ['performerProID'=>$performerProID])[0]->expected_pay;
-        $expectedForRmm = DB::select(DB::raw("SELECT coalesce(SUM(rmm_expected_payment_amount),0) as expected_pay  FROM bill WHERE rmm_pro_id = :performerProID  AND has_rmm_been_paid = false AND is_cancelled = false"), ['performerProID'=>$performerProID])[0]->expected_pay;
-        $expectedForNa = DB::select(DB::raw("SELECT coalesce(SUM(na_expected_payment_amount),0) as expected_pay  FROM bill WHERE na_pro_id = :performerProID  AND has_na_been_paid = false AND is_cancelled = false"), ['performerProID'=>$performerProID])[0]->expected_pay;
+        //if today is < 15th, next payment is 15th, else nextPayment is
+        $today = strtotime(date('Y-m-d'));
+        $todayDate = date('j', $today);
+
+        $todayMonth =  date('m', $today);
+        $todayYear = date('Y', $today);
+        if ($todayDate < 15) {
+            $nextPaymentDate = new DateTime();
+            $nextPaymentDate->setDate($todayYear, $todayMonth, 15);
+            $reimbursement['nextPaymentDate'] = $nextPaymentDate->format('m/d/Y');
+        } else {
+            $nextPaymentDate = new \DateTime();
+            $lastDayOfMonth = date('t', $today);
+            $nextPaymentDate->setDate($todayYear, $todayMonth, $lastDayOfMonth);
+            $reimbursement['nextPaymentDate'] = $nextPaymentDate->format('m/d/Y');
+        }
+
+        //expectedPay
+        $expectedForHcp = DB::select(DB::raw("SELECT coalesce(SUM(hcp_expected_payment_amount),0) as expected_pay FROM bill WHERE hcp_pro_id = :performerProID  AND has_hcp_been_paid = false AND is_cancelled = false"), ['performerProID' => $performerProID])[0]->expected_pay;
+        $expectedForCm = DB::select(DB::raw("SELECT coalesce(SUM(cm_expected_payment_amount),0) as expected_pay  FROM bill WHERE cm_pro_id = :performerProID  AND has_cm_been_paid = false AND is_cancelled = false"), ['performerProID' => $performerProID])[0]->expected_pay;
+        $expectedForRme = DB::select(DB::raw("SELECT coalesce(SUM(rme_expected_payment_amount),0) as expected_pay  FROM bill WHERE rme_pro_id = :performerProID  AND has_rme_been_paid = false AND is_cancelled = false"), ['performerProID' => $performerProID])[0]->expected_pay;
+        $expectedForRmm = DB::select(DB::raw("SELECT coalesce(SUM(rmm_expected_payment_amount),0) as expected_pay  FROM bill WHERE rmm_pro_id = :performerProID  AND has_rmm_been_paid = false AND is_cancelled = false"), ['performerProID' => $performerProID])[0]->expected_pay;
+        $expectedForNa = DB::select(DB::raw("SELECT coalesce(SUM(na_expected_payment_amount),0) as expected_pay  FROM bill WHERE na_pro_id = :performerProID  AND has_na_been_paid = false AND is_cancelled = false"), ['performerProID' => $performerProID])[0]->expected_pay;
 
         $totalExpectedAmount =  $expectedForHcp + $expectedForCm + $expectedForRme + $expectedForRmm + $expectedForNa;
-        $reimbursement['nextPaymentAmount'] = '$'.$totalExpectedAmount;
+        $reimbursement['nextPaymentAmount'] = '$' . $totalExpectedAmount;
 
         $clientsWithAppointments = Client::where("mcp_pro_id", $performerProID)
             ->whereNotNull('next_mcp_appointment')->get();
@@ -113,13 +129,13 @@ class HomeController extends Controller
     public function patients(Request $request)
     {
         $proID = $this->performer()->pro->id;
-        $patients = Client::where(function ($q) use($proID) {
-                $q->where('mcp_pro_id', $proID)
-                    ->orWhere('cm_pro_id', $proID)
-                    ->orWhere('rmm_pro_id', $proID)
-                    ->orWhere('rme_pro_id', $proID)
-                    ->orWhereRaw('id IN (SELECT client_id FROM client_pro_access WHERE is_active AND pro_id = ?)', [$proID]);
-            })
+        $patients = Client::where(function ($q) use ($proID) {
+            $q->where('mcp_pro_id', $proID)
+                ->orWhere('cm_pro_id', $proID)
+                ->orWhere('rmm_pro_id', $proID)
+                ->orWhere('rme_pro_id', $proID)
+                ->orWhereRaw('id IN (SELECT client_id FROM client_pro_access WHERE is_active AND pro_id = ?)', [$proID]);
+        })
             ->orderBy('name_last', 'asc')
             ->orderBy('name_first', 'asc')
             ->get();
@@ -140,7 +156,8 @@ class HomeController extends Controller
         return view('app/mc', compact('page'));
     }
 
-    public function blank(Request $request) {
+    public function blank(Request $request)
+    {
         return view('app/blank');
     }
 }

app/Http/Middleware/ProAuthenticated.php

@@ -17,13 +17,37 @@ class ProAuthenticated
     public function handle($request, Closure $next)
     {
         $sessionKey = $request->cookie('sessionKey');
-        $authenticated = $sessionKey &&
-            AppSession::where(['session_key' => $sessionKey, 'is_active' => true])->first();
+        $appSession = AppSession::where(['session_key' => $sessionKey, 'is_active' => true])->first();
+        $authenticated = $sessionKey && $appSession;
 
         if (!$authenticated) {
             return redirect()->route('login');
         }
 
+        // - is_two_step_sms_auth_completed
+        $currentRouteName = $request->route()->getName();
+        if (!$appSession->is_two_step_sms_auth_completed) {
+            if ($currentRouteName != 'confirm_sms_auth_token') {
+                return redirect()->route('confirm_sms_auth_token');
+            }
+            return $next($request);
+        }
+
+        // - is_password_temporary
+        if (!$appSession->is_password_temporary) {
+            if ($currentRouteName != 'set_password') {
+                return redirect()->route('set_password');
+            }
+            return $next($request);
+        }
+        // - are_security_questions_set
+        if (!$appSession->are_security_questions_set) {
+            if ($currentRouteName != 'set_security_questions') {
+                return redirect()->route('set_security_questions');
+            }
+            return $next($request());
+        }
+
         return $next($request);
     }
 }

resources/views/app/confirm_sms_auth_token.blade.php

@@ -0,0 +1,34 @@
+@extends ('layouts.auth')
+
+@section('content')
+
+<div class="container">
+    <div class="row">
+        <div class="col-md-4">
+            <div class="card mt-4">
+                <div class="card-header">
+                    Confirm Authentication Token
+                </div>
+                <div class="card-body">
+                    <form action="/api/pro/confirmSmsAuthToken" method="POST">
+                        <div class="form-group">
+                            <label for="" class="control-label">Cell Number</label>
+                            <input type="text" class="form-control">
+                        </div>
+                        <div class="form-group">
+                            <label for="" class="control-label">Authentication Token</label>
+                            <input type="text" class="form-control">
+                        </div>
+                        <div class="form-group">
+                            <button class="btn btn-primary btn-sm">Submit</button>
+                        </div>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+
+
+@endsection

resources/views/app/set_password.blade.php

@@ -0,0 +1,8 @@
+@extends ('layouts.template')
+
+@section('content')
+<h1>Your have a temporary password. Set the password</h1>
+
+<form action=""></form>
+@endsection
+

resources/views/app/set_security_questions.blade.php

@@ -0,0 +1,6 @@
+@extends ('layouts.template')
+
+@section('content')
+<h1>You do not have security questions. Set security questions.</h1>
+<form action=""></form>
+@endsection

resources/views/layouts/auth.blade.php

@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <title>{{ config('app.name') }}</title>
+
+    <!-- Fonts -->
+    <link href="https://fonts.googleapis.com/css?family=Nunito:200,600" rel="stylesheet">
+
+    {{-- Quill RTE --}}
+    <link href="https://cdn.quilljs.com/1.3.6/quill.snow.css" rel="stylesheet">
+    <script src="https://cdn.quilljs.com/1.3.6/quill.js"></script>
+
+    <!-- <link href="{{ asset('bootstrap-4.5.0/css/bootstrap.css') }}" rel="stylesheet"> -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.1/css/all.min.css">
+    <link href="{{ asset('/css/app.css') }}" rel="stylesheet">
+    <link href="{{ asset('/css/style.css') }}" rel="stylesheet">
+    <link rel="stylesheet" href="{{asset('/fullcalendar/main.min.css')}}">
+    <link href="{{ asset('/css/yemi.css') }}" rel="stylesheet">
+    <link rel="stylesheet" href="{{ asset('/css/toastr.min.css') }}">
+    <link href="{{asset('/css/z.css')}}" rel=stylesheet>
+    <!-- Styles -->
+
+    <script src="{{ asset('js/app.js') }}" type="application/javascript"></script>
+    <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
+    <script src="{{ asset('fullcalendar/main.min.js') }}" type="application/javascript"></script>
+    <script src="{{ asset('js/toastr.min.js') }}" type="application/javascript"></script>
+    <script src="/js/yemi.js?_=4" type="application/javascript"></script>
+
+    @yield('head')
+</head>
+
+<body>
+<div id="mask" style="background: rgba(0, 0, 0, 0) url(&quot;/vanillaspin.gif&quot;) no-repeat scroll center center; position: fixed; top: 0px; left: 0px; z-index: 9999; width: 100%; height: 100%; display: none;">
+</div>
+<div id="moe-form-mask" style="background: rgba(0, 0, 0, .1) no-repeat scroll center center; position: fixed; top: 0px; left: 0px; z-index: 99; width: 100%; height: 100%; display: none;">
+</div>
+
+    <main role="main" class="stag-content px-0">
+
+        @yield('content')
+
+    </main><!-- /.container -->
+
+</body>
+
+</html>

routes/web.php

@@ -27,6 +27,11 @@ Route::post('logout', 'LoginController@logout')->name('logout');
 
 Route::middleware('pro.auth')->group(function () {
 
+    //complete authentication
+    Route::get('/confirm_sms_auth_token', 'HomeController@confirmSmsAuthToken')->name('confirm_sms_auth_token');
+    Route::get('/set_password', 'HomeController@setPassword')->name('set_password');
+    Route::get('/set_security_questions', 'HomeController@setSecurityQuestions')->name('set_security_questions');
+    
     Route::get('/blank', 'HomeController@blank')->name('blank');
 
     Route::get('/', 'HomeController@dashboard')->name('dashboard');