From eeaf2e1f618e75306a1de552b50f20f4784ae04d Mon Sep 17 00:00:00 2001
From: Alexis Saettler <alexis@saettler.org>
Date: Sun, 2 May 2021 22:14:22 +0200
Subject: [PATCH] fix: fix import job without subscription bypass

---
 app/Exceptions/Handler.php                       |  8 +-------
 app/Http/Controllers/SettingsController.php      |  9 ++++++++-
 app/Services/Contact/Document/UploadDocument.php | 10 ++++++++++
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index fa8132138fb..5d3aa6d6aad 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -4,9 +4,6 @@
 
 use Throwable;
 use Illuminate\Session\TokenMismatchException;
-use Illuminate\Validation\ValidationException;
-use Illuminate\Auth\Access\AuthorizationException;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
@@ -19,11 +16,8 @@ class Handler extends ExceptionHandler
      * @var array
      */
     protected $dontReport = [
-        AuthorizationException::class,
-        HttpException::class,
-        ModelNotFoundException::class,
+        AccountLimitException::class,
         OAuthServerException::class,
-        ValidationException::class,
         WrongIdException::class,
     ];
 
diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
index 118cdff8800..2c2b32a5a09 100644
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -233,9 +233,16 @@ public function upload()
 
     public function storeImport(ImportsRequest $request)
     {
+        $account = auth()->user()->account;
+        if (AccountHelper::hasReachedContactLimit($account)
+            && AccountHelper::hasLimitations($account)
+            && ! $account->legacy_free_plan_unlimited_contacts) {
+            throw new AccountLimitException();
+        }
+
         $filename = $request->file('vcard')->store('imports', 'public');
 
-        $importJob = auth()->user()->account->importjobs()->create([
+        $importJob = $account->importjobs()->create([
             'user_id' => auth()->user()->id,
             'type' => 'vcard',
             'filename' => $filename,
diff --git a/app/Services/Contact/Document/UploadDocument.php b/app/Services/Contact/Document/UploadDocument.php
index ff3e7f466a9..b5b02e3b0bf 100644
--- a/app/Services/Contact/Document/UploadDocument.php
+++ b/app/Services/Contact/Document/UploadDocument.php
@@ -3,8 +3,11 @@
 namespace App\Services\Contact\Document;
 
 use App\Services\BaseService;
+use App\Helpers\AccountHelper;
+use App\Models\Account\Account;
 use App\Models\Contact\Contact;
 use App\Models\Contact\Document;
+use App\Exceptions\AccountLimitException;
 
 class UploadDocument extends BaseService
 {
@@ -32,6 +35,13 @@ public function execute(array $data): Document
     {
         $this->validate($data);
 
+        $account = Account::find($data['account_id']);
+        if (AccountHelper::hasReachedContactLimit($account)
+            && AccountHelper::hasLimitations($account)
+            && ! $account->legacy_free_plan_unlimited_contacts) {
+            throw new AccountLimitException();
+        }
+
         Contact::where('account_id', $data['account_id'])
                 ->findOrFail($data['contact_id']);