This repository has been archived on 2024-07-27. You can view files and clone it, but cannot push or open issues or pull requests.
keksAccount/app/Http/Controllers/GUI/AccountController.php
2019-04-25 17:33:15 +02:00

263 lines
7.4 KiB
PHP

<?php
namespace App\Http\Controllers\GUI;
use App\Exceptions\HTTPException;
use App\Http\Controllers\Controller;
use App\Http\Resources\oAuth\AccessToken;
use App\Jobs\Mails\ValidateMailAddressJob;
use App\Models\App;
use App\Models\AppAccess;
use App\Models\Invite;
use App\Models\Mail;
use App\Models\Setting;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
class AccountController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
//
}
public function registerView(Request $request) {
$invite = Invite::query()->where("code", "=", $request->input("invite"))->first();
if($invite != null) {
if($invite->status != "active") {
return view('error', ["msg"=>"Invite code invalide"]);
}
return view('account/register', ["msg"=>"", "username" => $invite->username, "invite"=>$invite->code]);
}
$setting = Setting::query()->where("name", "=", "registration_possible")->firstOrFail();
if(!$setting->value) {
return view('error', ["msg"=>"Registration is disabled"]);
} else {
return view('account/register', ["msg"=>"", "username" => "", "invite"=>$request->input("invite")]);
}
}
public function register(Request $request) {
$this->validate($request, [
'username' => 'required|max:255|min:5|regex:@^[a-z0-9]*$@|unique:users',
'password' => 'required|min:8',
'mail' => 'required|email|unique:mails'
]);
DB::beginTransaction();
$invite = Invite::query()->where("code", "=", $request->input("invite"))->first();
if($invite != null) {
if($invite->status != "active") {
throw new HTTPException("Invite code invalide");
}
if(!empty($invite->username) && $request->input("username") != $invite->username) {
throw new HTTPException("Invalide username for invite");
}
} else {
$setting = Setting::query()->where("name", "=", "registration_possible")->firstOrFail();
if(!$setting->value) {
throw new HTTPException("400", "Registration disabled");
}
}
$user = new User();
$user->username = $request->input("username");
$user->password = password_hash($request->input("password"), PASSWORD_BCRYPT);
if($invite != null) {
$user->inviteCode = $invite->code;
}
//Make first user an admin
$count = User::query()->count("*");
if($count == 1) {
$user->admin = 1;
$user->developer = 1;
}
$user->saveOrFail();
$mail = new Mail();
$mail->createValidationToken();
$mail->mail = $request->input("mail");
$mail->primary = false;
$mail->status = "waiting";
$mail->user_id = $user->id;
$mail->saveOrFail();
$this->dispatch(new ValidateMailAddressJob($mail));
if($invite != null) {
$invite->status = "used";
$invite->saveOrFail();
}
DB::commit();
}
public function inviteView() {
return view('account/invite_code', ["msg"=>""]);
}
public function loginView() {
return view('account/login', ["msg"=>""]);
}
public function login(Request $request) {
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
$user = User::query()->where("username", "=", $request->input("username"))->first();
if($user==null) {
abort(401, "Username or Password wrong");
}
if(!password_verify($request->input("password"), $user->password)) {
abort(401, "Username or Password wrong");
}
$access = AppAccess::getOrCreate($user->id, App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id);
$token = \App\Models\AccessToken::createToken($access);
$_SESSION["token"] = $token->token;
return new AccessToken($token);
}
public function logout() {
session_destroy();
return view('account/login', ["msg"=>"Logout successful", "user" => null]);
}
public function validateEMail($id, $code) {
$mail = Mail::query()->where("id", "=", $id)->firstOrFail();
if($mail->validation_code != $code) {
throw new \App\Exceptions\HTTPException(400, "Wrong validation code");
}
$mail->status = "valide";
$user = User::query()->where("id", "=", $mail->user_id)->firstOrFail();
if($user->getMail() == null) {
$mail->primary = true;
}
//Dont set new Mails as primary
/*$mails = Mail::query()->where("user_id", "=", $mail->user_id)->where("primary", "=", true)->get("*");
foreach($mails as $m) {
$m->primary = false;
$m->saveOrFail();
}*/
$mail->saveOrFail();
echo "E-Mail wurde validiert";
}
public function profileView() {
if(!Auth::check()) {
abort(401);
}
$mails = Mail::query()->where("user_id", "=", Auth::user()->id)->get();
return view('account/profile', ["mails" => $mails]);
}
public function addMail(Request $request) {
if(!Auth::check()) {
abort(401);
}
$this->validate($request, [
'mail' => 'required|email|unique:mails'
]);
$mail = new Mail();
$mail->createValidationToken();
$mail->mail = $request->input("mail");
$mail->primary = false;
$mail->status = "waiting";
$mail->user_id = Auth::user()->id;
$mail->saveOrFail();
$this->dispatch(new ValidateMailAddressJob($mail));
return redirect("/gui/profile");
}
public function changePrimaryMail(Request $request) {
if(!Auth::check()) {
abort(401);
}
$mail = Mail::query()->where("id", "=", $request->input("mail"))->firstOrFail();
if($mail->user_id != Auth::user()->id) {
abort(401);
}
if($mail->status != "valide") {
return "Mail not valide";
}
$mails = Mail::query()->where("user_id", "=", Auth::user()->id)->get();
foreach($mails as $m) {
$m->primary = false;
$m->saveOrFail();
}
$mail->primary = true;
$mail->saveOrFail();
return redirect("/gui/profile");
}
public function removeMail(Request $request) {
if(!Auth::check()) {
abort(401);
}
$mail = Mail::query()->where("id", "=", $request->input("mail"))->firstOrFail();
if($mail->user_id != Auth::user()->id) {
abort(401);
}
if($mail->primary) {
return "You cant delete your primary mail";
}
$mail->delete();
return redirect("/gui/profile");
}
public function changePassword(Request $request) {
if(!Auth::check()) {
abort(401);
}
$this->validate($request, [
'password' => 'required|min:8'
]);
$user = Auth::user();
$user->password = password_hash($request->input("password"), PASSWORD_BCRYPT);
$user->saveOrFail();
return redirect('/gui/logout');
}
//
}