diff options
author | Camil Staps | 2015-05-24 17:17:52 +0200 |
---|---|---|
committer | Camil Staps | 2015-05-24 17:17:52 +0200 |
commit | ab31980b116ecd497d5d4610c212ae7b1f61fada (patch) | |
tree | e1708d0790c40eb13dbcb238280a0a32be3d9c2b /src | |
parent | Route caching (diff) |
Password reminders
Diffstat (limited to 'src')
-rw-r--r-- | src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php | 53 | ||||
-rw-r--r-- | src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php | 38 | ||||
-rw-r--r-- | src/CamilStaps/BotleaguesApi/Database/User.php | 17 | ||||
-rw-r--r-- | src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php | 3 | ||||
-rw-r--r-- | src/controllers/PasswordReminderController.php | 39 | ||||
-rw-r--r-- | src/controllers/UserController.php | 4 | ||||
-rw-r--r-- | src/routes.php | 13 |
7 files changed, 133 insertions, 34 deletions
diff --git a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php new file mode 100644 index 0000000..049dfc4 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php @@ -0,0 +1,53 @@ +<?php +/** + * Created by PhpStorm. + * User: camilstaps + * Date: 24-5-15 + * Time: 13:10 + */ + +namespace CamilStaps\BotleaguesApi; + +use CamilStaps\BotleaguesApi\Database\PasswordReminder; +use CamilStaps\BotleaguesApi\Database\User; +use Dingo\Api\Auth\Provider\Provider; +use Dingo\Api\Routing\Route; +use Illuminate\Http\Request; +use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\DB; +use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; + +class ActivationCodeAuthenticationProvider implements Provider { + + /** + * Authenticate the request and return the authenticated user instance. + * + * @param \Illuminate\Http\Request $request + * @param \Dingo\Api\Routing\Route $route + * + * @throw UnauthorizedHttpException invalid authentication + * + * @return mixed + */ + public function authenticate(Request $request, Route $route) { + $user = User::findOrFail($request->route('user')); + $passwordReminder = PasswordReminder::find($request->route('password_reminder')); + + if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userId == $user->id) { + $passwordReminder->useToken(); + Auth::login($user); + return Auth::user(); + } + + throw new UnauthorizedHttpException(null, "Invalid credentials"); + } + + /** + * Get the providers authorization method. + * + * @return string + */ + public function getAuthorizationMethod() { + return 'activationcode'; + } +}
\ No newline at end of file diff --git a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php index 65c4773..012d140 100644 --- a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php +++ b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php @@ -8,6 +8,7 @@ namespace CamilStaps\BotleaguesApi\Database; +use Illuminate\Events\Dispatcher; use Illuminate\Support\Facades\Mail; class PasswordReminder extends Model { @@ -15,24 +16,35 @@ class PasswordReminder extends Model { protected $table = 'password_reminders'; protected $hidden = ['token']; protected $fillable = ['userId', 'token', 'valid_till']; + protected $primaryKey = 'token'; - /** - * Override the parent's save() function to automatically update the valid_till timestamp, and send an email - */ - public function save(array $options = array()) { - $this->valid_till = date("Y-m-d H:i:s", time() + 3600); + public static function boot() { + parent::boot(); - $user = User::findOrFail($this->userId); - Mail::send('botleagues-api::emails.auth.reminder', ['token' => $this->token], function($message) use ($user) { - $message->to($user->email, "User " . $user->id); + PasswordReminder::creating(function($passwordReminder) { + $passwordReminder->valid_till = date("Y-m-d H:i:s", time() + 3600); + + $user = User::findOrFail($passwordReminder->userId); + Mail::send('botleagues-api::emails.auth.reminder', ['token' => $passwordReminder->token], function($message) use ($user) { + $message->to($user->email, "User " . $user->id); + }); }); + } + + public function useToken() { + $this->used_at = date('Y-m-d H:i:s'); + $this->save(); + } - return parent::save($options); + public function getDates() { + return ['created_at']; } - /** - * Disable updated_at timestamp - */ - public function setUpdatedAtAttribute($value) {} + public function getUpdatedAtColumn() { + return null; + } + + public function setUpdatedAtAttribute() { + } }
\ No newline at end of file diff --git a/src/CamilStaps/BotleaguesApi/Database/User.php b/src/CamilStaps/BotleaguesApi/Database/User.php index 0af91c3..e74bd82 100644 --- a/src/CamilStaps/BotleaguesApi/Database/User.php +++ b/src/CamilStaps/BotleaguesApi/Database/User.php @@ -5,6 +5,7 @@ use Illuminate\Auth\Authenticatable; use Illuminate\Auth\Passwords\CanResetPassword; use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract; +use Illuminate\Support\Facades\Hash; class User extends Model implements AuthenticatableContract, CanResetPasswordContract { @@ -22,6 +23,18 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon return UserToken::where('userId', $this->id)->where('token', $token)->where('valid_till', '>', date("Y-m-d H:i:s"))->count() > 0; } + public function findPasswordReminders($token = null) { + $base = PasswordReminder + ::where('userId', $this->id) + ->where('used_at', null) + ->where('valid_till', '>', date('Y-m-d H:i:s')); + if ($token == null) { + return $base->get(); + } else { + return $base->where('token', $token)->get(); + } + } + /** * Get the unique identifier for the user. * @@ -76,4 +89,8 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon public function getEmailForPasswordReset() { return $this->email; } + + public function setPasswordAttribute($password) { + $this->attributes['password'] = Hash::make($password); + } }
\ No newline at end of file diff --git a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php index 3d15262..c973174 100644 --- a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php @@ -8,6 +8,7 @@ namespace CamilStaps\BotleaguesApi; +use CamilStaps\BotleaguesApi\Database\User; use Dingo\Api\Auth\Provider\Provider; use Dingo\Api\Routing\Route; use Illuminate\Http\Request; @@ -22,6 +23,8 @@ class TokenAuthenticationProvider implements Provider { * @param \Illuminate\Http\Request $request * @param \Dingo\Api\Routing\Route $route * + * @throw UnauthorizedHttpException invalid authentication + * * @return mixed */ public function authenticate(Request $request, Route $route) { diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php index bf9d959..b3fd8da 100644 --- a/src/controllers/PasswordReminderController.php +++ b/src/controllers/PasswordReminderController.php @@ -9,9 +9,10 @@ namespace CamilStaps\BotleaguesApi\Controllers; use CamilStaps\BotleaguesApi\Database\PasswordReminder; -use CamilStaps\BotleaguesApi\Exception\ValidationException; -use Illuminate\Support\Facades\Input; -use Illuminate\Support\Facades\Validator; +use CamilStaps\BotleaguesApi\Database\User; +use Dingo\Api\Exception\StoreResourceFailedException; +use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\Request; class PasswordReminderController extends BaseController { @@ -23,25 +24,33 @@ class PasswordReminderController extends BaseController { /** * Set the userId and create a random token + * @param $userId + * @throws StoreResourceFailedException + * @return PasswordReminder */ - public function store() { - $rules = [ - 'user_id' => ['required'] - ]; - $payload = Input::only('user_id'); - $validator = Validator::make($payload, $rules); - if ($validator->fails()) { - throw new ValidationException('Could not find user.', $validator->errors()); - } + public function store($userId) { + $user = User::findOrFail($userId); - $this->passwordReminder->userId = Input::get('user_id'); - $this->passwordReminder->token = base64_encode(openssl_random_pseudo_bytes(64)); + $this->passwordReminder->userId = $user->id; + $this->passwordReminder->token = bin2hex(openssl_random_pseudo_bytes(24)); if ($this->passwordReminder->save()) { return $this->passwordReminder; } else { - throw new \Dingo\Api\Exception\StoreResourceFailedException; + throw new StoreResourceFailedException; } } + /** + * Destroy the password reminder means setting a new password for the user + * @param Request $request + * @param $userId + */ + public function destroy($userId, $reminderToken) { + $user = Auth::user(); + $user->password = Request::get('password'); + $user->save(); + return null; + } + }
\ No newline at end of file diff --git a/src/controllers/UserController.php b/src/controllers/UserController.php index 6af3fe8..2a454ff 100644 --- a/src/controllers/UserController.php +++ b/src/controllers/UserController.php @@ -30,7 +30,7 @@ class UserController extends BaseController { $s = $this->user->find($id); if (!empty(Input::get('password'))) - $s->password = Hash::make(Input::get('password')); + $s->password = Input::get('password'); if ($s->save()) { return $this->show($id); @@ -51,7 +51,7 @@ class UserController extends BaseController { } $this->user->email = Input::get('email'); - $this->user->password = empty(Input::get('password')) ? null : Hash::make(Input::get('password')); + $this->user->password = Input::get('password'); if ($this->user->save()) { return $this->response->created(); diff --git a/src/routes.php b/src/routes.php index b11e2ff..d86759d 100644 --- a/src/routes.php +++ b/src/routes.php @@ -22,7 +22,7 @@ Route::group(['https'], function() use ($api) { $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController', ['only' => ['index','show','store']]); - $api->resource('password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController', + $api->resource('user.password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController', ['only' => ['store']]); }); @@ -30,6 +30,14 @@ Route::group(['https'], function() use ($api) { $api->version('v1', ['protected' => true, 'providers' => 'basic'], function ($api) { $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', ['only' => ['store']]); + + $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController', + ['only' => ['update', 'destroy']]); + }); + + $api->version('v1', ['protected' => true, 'providers' => 'activationcode'], function ($api) { + $api->resource('user.password_reminder', 'CamilStaps\BotleaguesApi\Controllers\PasswordReminderController', + ['only' => ['destroy']]); }); $api->version('v1', ['protected' => true, 'providers' => 'token'], function ($api) { @@ -37,9 +45,6 @@ Route::group(['https'], function() use ($api) { $api->resource('bot', 'CamilStaps\BotleaguesApi\Controllers\BotController', ['except' => ['index', 'show', 'create','edit']]); - $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController', - ['except' => ['index', 'show', 'create','edit','store']]); - $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', ['only' => ['index', 'show']]); |