287 lines
8.1 KiB
PHP
287 lines
8.1 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\GUI;
|
|
|
|
use App\Exceptions\HTTPException;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Resources\oAuth\AccessToken;
|
|
use App\Jobs\Mails\RecoverPasswortJob;
|
|
use App\Jobs\Mails\ValidateMailAddressJob;
|
|
use App\Models\App;
|
|
use App\Models\AppAccess;
|
|
use App\Models\Invite;
|
|
use App\Models\Mail;
|
|
use App\Models\Setting;
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\DB;
|
|
|
|
class AccountController extends Controller
|
|
{
|
|
/**
|
|
* Create a new controller instance.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function __construct()
|
|
{
|
|
//
|
|
}
|
|
|
|
public function registerView(Request $request) {
|
|
$invite = Invite::query()->where("code", "=", $request->input("invite"))->first();
|
|
if($invite != null) {
|
|
if($invite->status != "active") {
|
|
return view('error', ["msg"=>"Invite code invalide"]);
|
|
}
|
|
return view('account/register', ["msg"=>"", "username" => $invite->username, "invite"=>$invite->code]);
|
|
}
|
|
$setting = Setting::query()->where("name", "=", "registration_possible")->firstOrFail();
|
|
if(!$setting->value) {
|
|
return view('error', ["msg"=>"Registration is disabled"]);
|
|
} else {
|
|
return view('account/register', ["msg"=>"", "username" => "", "invite"=>$request->input("invite")]);
|
|
}
|
|
|
|
}
|
|
|
|
public function register(Request $request) {
|
|
$this->validate($request, [
|
|
'username' => 'required|max:255|min:5|regex:@^[a-z0-9]*$@|unique:users',
|
|
'password' => 'required|min:8',
|
|
'mail' => 'required|email|unique:mails'
|
|
]);
|
|
|
|
DB::beginTransaction();
|
|
$invite = Invite::query()->where("code", "=", $request->input("invite"))->first();
|
|
if($invite != null) {
|
|
if($invite->status != "active") {
|
|
throw new HTTPException("Invite code invalide");
|
|
}
|
|
if(!empty($invite->username) && $request->input("username") != $invite->username) {
|
|
throw new HTTPException("Invalide username for invite");
|
|
}
|
|
|
|
} else {
|
|
$setting = Setting::query()->where("name", "=", "registration_possible")->firstOrFail();
|
|
if(!$setting->value) {
|
|
throw new HTTPException("400", "Registration disabled");
|
|
}
|
|
}
|
|
|
|
|
|
$user = new User();
|
|
$user->username = $request->input("username");
|
|
$user->password = password_hash($request->input("password"), PASSWORD_BCRYPT);
|
|
|
|
if($invite != null) {
|
|
$user->inviteCode = $invite->code;
|
|
}
|
|
|
|
//Make first user an admin
|
|
$count = User::query()->count("*");
|
|
if($count == 1) {
|
|
$user->admin = 1;
|
|
$user->developer = 1;
|
|
}
|
|
|
|
$user->saveOrFail();
|
|
|
|
$mail = new Mail();
|
|
$mail->createValidationToken();
|
|
$mail->mail = $request->input("mail");
|
|
$mail->primary = false;
|
|
$mail->status = "waiting";
|
|
$mail->user_id = $user->id;
|
|
|
|
$mail->saveOrFail();
|
|
|
|
$this->dispatch(new ValidateMailAddressJob($mail));
|
|
|
|
if($invite != null) {
|
|
$invite->status = "used";
|
|
$invite->saveOrFail();
|
|
}
|
|
|
|
DB::commit();
|
|
}
|
|
|
|
public function inviteView() {
|
|
return view('account/invite_code', ["msg"=>""]);
|
|
}
|
|
|
|
public function loginView() {
|
|
return view('account/login', ["msg"=>""]);
|
|
}
|
|
|
|
public function logout() {
|
|
session_destroy();
|
|
return view('account/login', ["msg"=>"Logout successful", "user" => null]);
|
|
|
|
}
|
|
|
|
public function validateEMail($id, $code) {
|
|
$mail = Mail::query()->where("id", "=", $id)->firstOrFail();
|
|
if($mail->validation_code != $code) {
|
|
throw new \App\Exceptions\HTTPException(400, "Wrong validation code");
|
|
}
|
|
|
|
$mail->status = "valide";
|
|
|
|
$user = User::query()->where("id", "=", $mail->user_id)->firstOrFail();
|
|
if($user->getMail() == null) {
|
|
$mail->primary = true;
|
|
}
|
|
|
|
$mail->saveOrFail();
|
|
echo "E-Mail wurde validiert";
|
|
}
|
|
|
|
public function profileView() {
|
|
if(!Auth::check()) {
|
|
abort(401);
|
|
}
|
|
|
|
$mails = Mail::query()->where("user_id", "=", Auth::user()->id)->get();
|
|
|
|
return view('account/profile', ["mails" => $mails]);
|
|
}
|
|
|
|
public function addMail(Request $request) {
|
|
if(!Auth::check()) {
|
|
abort(401);
|
|
}
|
|
|
|
$this->validate($request, [
|
|
'mail' => 'required|email|unique:mails'
|
|
]);
|
|
|
|
$mail = new Mail();
|
|
$mail->createValidationToken();
|
|
$mail->mail = $request->input("mail");
|
|
$mail->primary = false;
|
|
$mail->status = "waiting";
|
|
$mail->user_id = Auth::user()->id;
|
|
|
|
$mail->saveOrFail();
|
|
|
|
$this->dispatch(new ValidateMailAddressJob($mail));
|
|
|
|
return redirect("/gui/profile");
|
|
}
|
|
|
|
public function changePrimaryMail(Request $request) {
|
|
if(!Auth::check()) {
|
|
abort(401);
|
|
}
|
|
|
|
$mail = Mail::query()->where("id", "=", $request->input("mail"))->firstOrFail();
|
|
if($mail->user_id != Auth::user()->id) {
|
|
abort(401);
|
|
}
|
|
|
|
if($mail->status != "valide") {
|
|
return "Mail not valide";
|
|
}
|
|
|
|
$mails = Mail::query()->where("user_id", "=", Auth::user()->id)->get();
|
|
foreach($mails as $m) {
|
|
$m->primary = false;
|
|
$m->saveOrFail();
|
|
}
|
|
|
|
$mail->primary = true;
|
|
$mail->saveOrFail();
|
|
|
|
return redirect("/gui/profile");
|
|
}
|
|
|
|
public function removeMail(Request $request) {
|
|
if(!Auth::check()) {
|
|
abort(401);
|
|
}
|
|
|
|
$mail = Mail::query()->where("id", "=", $request->input("mail"))->firstOrFail();
|
|
if($mail->user_id != Auth::user()->id) {
|
|
abort(401);
|
|
}
|
|
|
|
if($mail->primary) {
|
|
return "You cant delete your primary mail";
|
|
}
|
|
|
|
$mail->delete();
|
|
return redirect("/gui/profile");
|
|
}
|
|
|
|
public function changePassword(Request $request) {
|
|
if(!Auth::check()) {
|
|
abort(401);
|
|
}
|
|
|
|
$this->validate($request, [
|
|
'password' => 'required|min:8'
|
|
]);
|
|
|
|
$user = Auth::user();
|
|
$user->password = password_hash($request->input("password"), PASSWORD_BCRYPT);
|
|
$user->saveOrFail();
|
|
|
|
return redirect('/gui/logout');
|
|
}
|
|
|
|
public function recoverPasswordView(Request $request) {
|
|
return view('account/password_recovery', []);
|
|
}
|
|
public function recoverPassword(Request $request) {
|
|
$this->validate($request, [
|
|
'mail' => 'required|email'
|
|
]);
|
|
|
|
$mail = Mail::query()->where("mail", "=", $request->input("mail"))->first();
|
|
|
|
if(is_null($mail)) {
|
|
return "If a E-Mail address is used for this Account we send you a Password-Recovery-Link";
|
|
}
|
|
|
|
$user = $mail->getUser();
|
|
$user->createMailResetToken();
|
|
$user->save();
|
|
|
|
$this->dispatch(new RecoverPasswortJob($mail, $user->password_recovery_code));
|
|
|
|
return "If a E-Mail address is used for this Account we send you a Password-Recovery-Link";
|
|
}
|
|
|
|
public function recoveryPasswordNewPasswordView(Request $request, $userId, $code) {
|
|
$user = User::query()->where("id", "=", $userId)->firstOrFail();
|
|
|
|
if($user->password_recovery_code != $code) {
|
|
throw new HTTPException(400, "Code not valide");
|
|
}
|
|
|
|
return view('account/password_recovery_new_password', []);
|
|
}
|
|
public function recoveryPasswordNewPassword(Request $request, $userId, $code) {
|
|
$user = User::query()->where("id", "=", $userId)->firstOrFail();
|
|
|
|
if($user->password_recovery_code != $code) {
|
|
throw new HTTPException(400, "Code not valide");
|
|
}
|
|
|
|
$this->validate($request, [
|
|
'password' => 'required|min:8',
|
|
]);
|
|
|
|
$user->password = password_hash($request->input("password"), PASSWORD_BCRYPT);
|
|
$user->saveOrFail();
|
|
|
|
return redirect("/gui/login");
|
|
}
|
|
|
|
|
|
|
|
//
|
|
}
|