Password reminders

7 files changed, 133 insertions, 34 deletions

diff --git a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php
new file mode 100644
index 0000000..049dfc4
--- /dev/null
+++ b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php
@@ -0,0 +1,53 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: camilstaps
+ * Date: 24-5-15
+ * Time: 13:10
+ */
+
+namespace CamilStaps\BotleaguesApi;
+
+use CamilStaps\BotleaguesApi\Database\PasswordReminder;
+use CamilStaps\BotleaguesApi\Database\User;
+use Dingo\Api\Auth\Provider\Provider;
+use Dingo\Api\Routing\Route;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\DB;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+
+class ActivationCodeAuthenticationProvider implements Provider {
+
+    /**
+     * Authenticate the request and return the authenticated user instance.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Dingo\Api\Routing\Route $route
+     *
+     * @throw UnauthorizedHttpException invalid authentication
+     *
+     * @return mixed
+     */
+    public function authenticate(Request $request, Route $route) {
+        $user = User::findOrFail($request->route('user'));
+        $passwordReminder = PasswordReminder::find($request->route('password_reminder'));
+
+        if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userId == $user->id) {
+            $passwordReminder->useToken();
+            Auth::login($user);
+            return Auth::user();
+        }
+
+        throw new UnauthorizedHttpException(null, "Invalid credentials");
+    }
+
+    /**
+     * Get the providers authorization method.
+     *
+     * @return string
+     */
+    public function getAuthorizationMethod() {
+        return 'activationcode';
+    }
+}
\ No newline at end of file
diff --git a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php
index 65c4773..012d140 100644
--- a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php
+++ b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php
@@ -8,6 +8,7 @@
 
 namespace CamilStaps\BotleaguesApi\Database;
 
+use Illuminate\Events\Dispatcher;
 use Illuminate\Support\Facades\Mail;
 
 class PasswordReminder extends Model {
@@ -15,24 +16,35 @@ class PasswordReminder extends Model {
     protected $table = 'password_reminders';
     protected $hidden = ['token'];
     protected $fillable = ['userId', 'token', 'valid_till'];
+    protected $primaryKey = 'token';
 
-    /**
-     * Override the parent's save() function to automatically update the valid_till timestamp, and send an email
-     */
-    public function save(array $options = array()) {
-        $this->valid_till = date("Y-m-d H:i:s", time() + 3600);
+    public static function boot() {
+        parent::boot();
 
-        $user = User::findOrFail($this->userId);
-        Mail::send('botleagues-api::emails.auth.reminder', ['token' => $this->token], function($message) use ($user) {
-            $message->to($user->email, "User " . $user->id);
+        PasswordReminder::creating(function($passwordReminder) {
+            $passwordReminder->valid_till = date("Y-m-d H:i:s", time() + 3600);
+
+            $user = User::findOrFail($passwordReminder->userId);
+            Mail::send('botleagues-api::emails.auth.reminder', ['token' => $passwordReminder->token], function($message) use ($user) {
+                $message->to($user->email, "User " . $user->id);
+            });
         });
+    }
+
+    public function useToken() {
+        $this->used_at = date('Y-m-d H:i:s');
+        $this->save();
+    }
 
-        return parent::save($options);
+    public function getDates() {
+        return ['created_at'];
     }
 
-    /**
-     * Disable updated_at timestamp
-     */
-    public function setUpdatedAtAttribute($value) {}
+    public function getUpdatedAtColumn() {
+        return null;
+    }
+
+    public function setUpdatedAtAttribute() {
+    }
 
 }
\ No newline at end of file
diff --git a/src/CamilStaps/BotleaguesApi/Database/User.php b/src/CamilStaps/BotleaguesApi/Database/User.php
index 0af91c3..e74bd82 100644
--- a/src/CamilStaps/BotleaguesApi/Database/User.php
+++ b/src/CamilStaps/BotleaguesApi/Database/User.php
@@ -5,6 +5,7 @@ use Illuminate\Auth\Authenticatable;
 use Illuminate\Auth\Passwords\CanResetPassword;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
+use Illuminate\Support\Facades\Hash;
 
 class User extends Model implements AuthenticatableContract, CanResetPasswordContract {
 
@@ -22,6 +23,18 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
         return UserToken::where('userId', $this->id)->where('token', $token)->where('valid_till', '>', date("Y-m-d H:i:s"))->count() > 0;
     }
 
+    public function findPasswordReminders($token = null) {
+        $base = PasswordReminder
+            ::where('userId', $this->id)
+            ->where('used_at', null)
+            ->where('valid_till', '>', date('Y-m-d H:i:s'));
+        if ($token == null) {
+            return $base->get();
+        } else {
+            return $base->where('token', $token)->get();
+        }
+    }
+
     /**
      * Get the unique identifier for the user.
      *
@@ -76,4 +89,8 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
     public function getEmailForPasswordReset() {
         return $this->email;
     }
+
+    public function setPasswordAttribute($password) {
+        $this->attributes['password'] = Hash::make($password);
+    }
 }
\ No newline at end of file
diff --git a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php
index 3d15262..c973174 100644
--- a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php
+++ b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php
@@ -8,6 +8,7 @@
 
 namespace CamilStaps\BotleaguesApi;
 
+use CamilStaps\BotleaguesApi\Database\User;
 use Dingo\Api\Auth\Provider\Provider;
 use Dingo\Api\Routing\Route;
 use Illuminate\Http\Request;
@@ -22,6 +23,8 @@ class TokenAuthenticationProvider implements Provider {
      * @param \Illuminate\Http\Request $request
      * @param \Dingo\Api\Routing\Route $route
      *
+     * @throw UnauthorizedHttpException invalid authentication
+     *
      * @return mixed
      */
     public function authenticate(Request $request, Route $route) {
diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php
index bf9d959..b3fd8da 100644
--- a/src/controllers/PasswordReminderController.php
+++ b/src/controllers/PasswordReminderController.php
@@ -9,9 +9,10 @@
 namespace CamilStaps\BotleaguesApi\Controllers;
 
 use CamilStaps\BotleaguesApi\Database\PasswordReminder;
-use CamilStaps\BotleaguesApi\Exception\ValidationException;
-use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Validator;
+use CamilStaps\BotleaguesApi\Database\User;
+use Dingo\Api\Exception\StoreResourceFailedException;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Request;
 
 class PasswordReminderController extends BaseController {
 
@@ -23,25 +24,33 @@ class PasswordReminderController extends BaseController {
 
     /**
      * Set the userId and create a random token
+     * @param $userId
+     * @throws StoreResourceFailedException
+     * @return PasswordReminder
      */
-    public function store() {
-        $rules = [
-            'user_id' => ['required']
-        ];
-        $payload = Input::only('user_id');
-        $validator = Validator::make($payload, $rules);
-        if ($validator->fails()) {
-            throw new ValidationException('Could not find user.', $validator->errors());
-        }
+    public function store($userId) {
+        $user = User::findOrFail($userId);
 
-        $this->passwordReminder->userId = Input::get('user_id');
-        $this->passwordReminder->token = base64_encode(openssl_random_pseudo_bytes(64));
+        $this->passwordReminder->userId = $user->id;
+        $this->passwordReminder->token = bin2hex(openssl_random_pseudo_bytes(24));
 
         if ($this->passwordReminder->save()) {
             return $this->passwordReminder;
         } else {
-            throw new \Dingo\Api\Exception\StoreResourceFailedException;
+            throw new StoreResourceFailedException;
         }
     }
 
+    /**
+     * Destroy the password reminder means setting a new password for the user
+     * @param Request $request
+     * @param $userId
+     */
+    public function destroy($userId, $reminderToken) {
+        $user = Auth::user();
+        $user->password = Request::get('password');
+        $user->save();
+        return null;
+    }
+
 }
\ No newline at end of file
diff --git a/src/controllers/UserController.php b/src/controllers/UserController.php
index 6af3fe8..2a454ff 100644
--- a/src/controllers/UserController.php
+++ b/src/controllers/UserController.php
@@ -30,7 +30,7 @@ class UserController extends BaseController {
 		$s = $this->user->find($id);
 
 		if (!empty(Input::get('password')))
-			$s->password = Hash::make(Input::get('password'));
+			$s->password = Input::get('password');
 
 		if ($s->save()) {
 			return $this->show($id);
@@ -51,7 +51,7 @@ class UserController extends BaseController {
         }
 
 		$this->user->email = Input::get('email');
-		$this->user->password = empty(Input::get('password')) ? null : Hash::make(Input::get('password'));
+		$this->user->password = Input::get('password');
 
 		if ($this->user->save()) {
 			return $this->response->created();
diff --git a/src/routes.php b/src/routes.php
index b11e2ff..d86759d 100644
--- a/src/routes.php
+++ b/src/routes.php
@@ -22,7 +22,7 @@ Route::group(['https'], function() use ($api) {
         $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController',
             ['only' => ['index','show','store']]);
 
-        $api->resource('password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController',
+        $api->resource('user.password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController',
             ['only' => ['store']]);
 
     });
@@ -30,6 +30,14 @@ Route::group(['https'], function() use ($api) {
     $api->version('v1', ['protected' => true, 'providers' => 'basic'], function ($api) {
         $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController',
             ['only' => ['store']]);
+
+        $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController',
+            ['only' => ['update', 'destroy']]);
+    });
+
+    $api->version('v1', ['protected' => true, 'providers' => 'activationcode'], function ($api) {
+        $api->resource('user.password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController',
+            ['only' => ['destroy']]);
     });
 
     $api->version('v1', ['protected' => true, 'providers' => 'token'], function ($api) {
@@ -37,9 +45,6 @@ Route::group(['https'], function() use ($api) {
         $api->resource('bot', 'CamilStaps\BotleaguesApi\Controllers\BotController',
             ['except' => ['index', 'show', 'create','edit']]);
 
-        $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController',
-            ['except' => ['index', 'show', 'create','edit','store']]);
-
         $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController',
             ['only' => ['index', 'show']]);