diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php index 5471a8f..21ca4e8 100644 --- a/app/Http/Controllers/API/UserController.php +++ b/app/Http/Controllers/API/UserController.php @@ -72,6 +72,30 @@ class UserController extends BaseController return $response->withData(new AccessToken($token)); } + public function checkPassword(Request $request, Response $response) { + //Validate Input + $this->validate($request, [ + 'username' => 'required', + 'password' => 'required' + ]); + + //Get User + $user = User::query()->where("username", "=", $request->input("username"))->first(); + + //Check if a user is found + if($user == null) { + throw new HTTPException("400", "Username or Password wrong"); + } + + if(!password_verify($request->input("password"), $user->password)) { + throw new HTTPException("400", "Username or Password wrong"); + } + + $response->setMessage("Account ok"); + + return $response; + } + public function me(Response $response) { if(!Auth::check()) { throw new NotLoggedInException(); @@ -192,4 +216,45 @@ class UserController extends BaseController return $response->withData(\App\Http\Resources\API\Mail::collection(collect($mails))); } + public function addMail(Request $request, Response $response) { + if(!Auth::check()) { + throw new NotLoggedInException(); + } + + $this->validate($request, [ + 'mail' => 'required|email|unique:mails' + ]); + + $mail = new Mail(); + $mail->createValidationToken(); + $mail->mail = $request->input("mail"); + $mail->primary = false; + $mail->status = "waiting"; + $mail->user_id = Auth::user()->id; + + $mail->saveOrFail(); + + $this->dispatch(new ValidateMailAddressJob($mail)); + return $response; + } + public function removeMail(Request $request, Response $response, $id) { + if(!Auth::check()) { + abort(401); + } + + $mail = Mail::query()->where("id", "=", $id)->firstOrFail(); + + if($mail->user_id != Auth::user()->id) { + abort(401); + } + + if($mail->primary) { + throw new HTTPException(400, "You can't delete your primary mail"); + } + + $mail->delete(); + + $response->setMessage("Mail address deleted"); + return $response; + } } diff --git a/routes/web.php b/routes/web.php index fdd4c1d..2625978 100644 --- a/routes/web.php +++ b/routes/web.php @@ -22,10 +22,8 @@ $router->group(['prefix' => 'gitlab', 'middleware' => 'gui'], function () use ($ $router->post("/authorize", ['middleware' => 'gui', 'uses' => 'oAuthController@authorizeDo']); $router->post("/token", ['uses' => 'oAuthController@token']); }); - $router->get('/api/v4/user', ['uses' => 'oAuthController@getUserTMP']); $router->get('/api/v4/groups', ['uses' => 'oAuthController@getGroupsTMP']); - }); //Oauth URLS, moved to /api, this is just that old versions still work @@ -39,13 +37,19 @@ $router->group(['prefix' => 'oauth'], function () use ($router) { //Internal API $router->group(['prefix' => 'api'], function () use ($router) { $router->group(['prefix' => 'v1'], function () use ($router) { + $router->get("status/check", ["uses" => "StatusController@check"]); $router->group(['prefix' => 'user'], function () use ($router) { $router->post("/login", ['uses' => 'API\UserController@passwordLogin']); + $router->post("/check", ['uses' => 'API\UserController@checkPassword']); $router->post("/register", ['uses' => 'API\UserController@register']); $router->get("/captcha", ['uses' => 'API\UserController@reCAPTCHA']); $router->get("/invites", ['uses' => 'API\UserController@getInviteCodeInfo']); $router->get("/me", ['uses' => 'API\UserController@me']); $router->get("/me/mails", ['uses' => 'API\UserController@listMails']); + $router->post("/me/mails", ["uses" => "API\UserController@addMail"]); + $router->group(['prefix' => '/me/mail/{id}'], function () use ($router) { + $router->delete("", ['uses' => 'API\UserController@removeMail']); + }); }); $router->group(['prefix' => 'app'], function () use ($router) { $router->get("/", ['uses' => 'API\AppController@listApps']);