diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/controller/shifts_controller.php | 16 | ||||
-rw-r--r-- | includes/controller/users_controller.php | 115 | ||||
-rw-r--r-- | includes/helper/error_helper.php | 11 | ||||
-rw-r--r-- | includes/includes.php | 1 | ||||
-rw-r--r-- | includes/model/User_model.php | 19 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 4 | ||||
-rw-r--r-- | includes/pages/user_atom.php | 16 | ||||
-rw-r--r-- | includes/pages/user_ical.php | 17 | ||||
-rw-r--r-- | includes/view/ShiftCalendarShiftRenderer.php | 32 | ||||
-rw-r--r-- | includes/view/User_view.php | 93 |
10 files changed, 59 insertions, 265 deletions
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index a4d44151..15f92a9d 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -1,5 +1,6 @@ <?php +use Engelsystem\Http\Exceptions\HttpForbidden; use Engelsystem\ShiftSignupState; /** @@ -349,17 +350,18 @@ function shift_next_controller() function shifts_json_export_controller() { $request = request(); + $user = auth()->apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$user + ) { + throw new HttpForbidden('{"error":"Missing or invalid key"}', ['content-type' => 'application/json']); } - $user = auth()->apiUser('key'); - if (!$user) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('shifts_json_export')) { - engelsystem_error('No privilege for shifts_json_export.'); + throw new HttpForbidden('{"error":"Not allowed"}', ['content-type' => 'application/json']); } $shifts = load_ical_shifts(); diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 892089e7..3ad2ffd9 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -1,7 +1,6 @@ <?php use Engelsystem\Database\DB; -use Engelsystem\Models\User\PasswordReset; use Engelsystem\Models\User\State; use Engelsystem\Models\User\User; use Engelsystem\ShiftCalendarRenderer; @@ -312,120 +311,6 @@ function users_list_controller() } /** - * Second step of password recovery: set a new password using the token link from email - * - * @return string - */ -function user_password_recovery_set_new_controller() -{ - $request = request(); - $passwordReset = PasswordReset::whereToken($request->input('token'))->first(); - if (!$passwordReset) { - error(__('Token is not correct.')); - redirect(page_link_to('login')); - } - - if ($request->hasPostData('submit')) { - $valid = true; - - if ( - $request->has('password') - && strlen($request->postData('password')) >= config('min_password_length') - ) { - if ($request->postData('password') != $request->postData('password2')) { - $valid = false; - error(__('Your passwords don\'t match.')); - } - } else { - $valid = false; - error(__('Your password is to short (please use at least 6 characters).')); - } - - if ($valid) { - auth()->setPassword($passwordReset->user, $request->postData('password')); - success(__('Password saved.')); - $passwordReset->delete(); - redirect(page_link_to('login')); - } - } - - return User_password_set_view(); -} - -/** - * First step of password recovery: display a form that asks for your email and send email with recovery link - * - * @return string - */ -function user_password_recovery_start_controller() -{ - $request = request(); - if ($request->hasPostData('submit')) { - $valid = true; - - $user_source = null; - if ($request->has('email') && strlen(strip_request_item('email')) > 0) { - $email = strip_request_item('email'); - if (check_email($email)) { - /** @var User $user_source */ - $user_source = User::whereEmail($email)->first(); - if (!$user_source) { - $valid = false; - error(__('E-mail address is not correct.')); - } - } else { - $valid = false; - error(__('E-mail address is not correct.')); - } - } else { - $valid = false; - error(__('Please enter your e-mail.')); - } - - if ($valid) { - $token = User_generate_password_recovery_token($user_source); - engelsystem_email_to_user( - $user_source, - __('Password recovery'), - sprintf( - __('Please visit %s to recover your password.'), - page_link_to('user_password_recovery', ['token' => $token]) - ) - ); - success(__('We sent an email containing your password recovery link.')); - redirect(page_link_to('login')); - } - } - - return User_password_recovery_view(); -} - -/** - * User password recovery in 2 steps. - * (By email) - * - * @return string - */ -function user_password_recovery_controller() -{ - if (request()->has('token')) { - return user_password_recovery_set_new_controller(); - } - - return user_password_recovery_start_controller(); -} - -/** - * Menu title for password recovery. - * - * @return string - */ -function user_password_recovery_title() -{ - return __('Password recovery'); -} - -/** * Loads a user from param user_id. * * @return User diff --git a/includes/helper/error_helper.php b/includes/helper/error_helper.php deleted file mode 100644 index 9314a57a..00000000 --- a/includes/helper/error_helper.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -/** - * Displays a fatal message and stops execution. - * - * @param string $message - */ -function engelsystem_error($message) -{ - raw_output($message); -} diff --git a/includes/includes.php b/includes/includes.php index 855ff359..601a6ca2 100644 --- a/includes/includes.php +++ b/includes/includes.php @@ -60,7 +60,6 @@ $includeFiles = [ __DIR__ . '/../includes/helper/graph_helper.php', __DIR__ . '/../includes/helper/message_helper.php', - __DIR__ . '/../includes/helper/error_helper.php', __DIR__ . '/../includes/helper/email_helper.php', __DIR__ . '/../includes/mailer/shifts_mailer.php', diff --git a/includes/model/User_model.php b/includes/model/User_model.php index 1994bc47..681e70aa 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -2,7 +2,6 @@ use Carbon\Carbon; use Engelsystem\Database\DB; -use Engelsystem\Models\User\PasswordReset; use Engelsystem\Models\User\User; use Engelsystem\ValidationResult; use Illuminate\Database\Query\JoinClause; @@ -228,24 +227,6 @@ function User_reset_api_key($user, $log = true) } /** - * Generates a new password recovery token for given user. - * - * @param User $user - * @return string - */ -function User_generate_password_recovery_token($user) -{ - $reset = PasswordReset::findOrNew($user->id); - $reset->user_id = $user->id; - $reset->token = md5($user->name . time() . rand()); - $reset->save(); - - engelsystem_log('Password recovery for ' . User_Nick_render($user, true) . ' started.'); - - return $reset->token; -} - -/** * @param User $user * @return float */ diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 280743e5..170572e4 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -242,9 +242,9 @@ function guest_register() redirect(page_link_to('register')); } - // If a welcome message is present, display registration success page. + // If a welcome message is present, display it on the next page if ($message = $config->get('welcome_msg')) { - return User_registration_success_view($message); + info((new Parsedown())->text($message)); } redirect(page_link_to('/')); diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 8e5b4858..a491fea7 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -1,6 +1,7 @@ <?php use Engelsystem\Database\DB; +use Engelsystem\Http\Exceptions\HttpForbidden; /** * Publically available page to feed the news to feed readers @@ -8,17 +9,18 @@ use Engelsystem\Database\DB; function user_atom() { $request = request(); + $user = auth()->apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || empty($user) + ) { + throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); } - $user = auth()->apiUser('key'); - if (empty($user)) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('atom')) { - engelsystem_error('No privilege for atom.'); + throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']); } $news = DB::select(' diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ee3a8340..2f3a7ccc 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -1,22 +1,25 @@ <?php +use Engelsystem\Http\Exceptions\HttpForbidden; + /** * Controller for ical output of users own shifts or any user_shifts filter. */ function user_ical() { $request = request(); + $user = auth()->apiUser('key'); - if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { - engelsystem_error('Missing key.'); + if ( + !$request->has('key') + || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$user + ) { + throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); } - $user = auth()->apiUser('key'); - if (!$user) { - engelsystem_error('Key invalid.'); - } if (!auth()->can('ical')) { - engelsystem_error('No privilege for ical.'); + throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']); } $ical_shifts = load_ical_shifts(); diff --git a/includes/view/ShiftCalendarShiftRenderer.php b/includes/view/ShiftCalendarShiftRenderer.php index 1414c351..4911979f 100644 --- a/includes/view/ShiftCalendarShiftRenderer.php +++ b/includes/view/ShiftCalendarShiftRenderer.php @@ -38,23 +38,23 @@ class ShiftCalendarShiftRenderer return [ $blocks, - div( - 'shift panel panel-' . $class . '" ' - . 'style="height: ' + div('shift-card" style="height: ' . ($blocks * ShiftCalendarRenderer::BLOCK_HEIGHT - ShiftCalendarRenderer::MARGIN) - . 'px"', - [ - $this->renderShiftHead($shift, $class), - div('panel-body', [ - $info_text, - Room_name_render([ - 'RID' => $shift['RID'], - 'Name' => $shift['room_name'] - ]) - ]), - $shifts_row, - div('shift-spacer') - ] + . 'px;', + div( + 'shift panel panel-' . $class, + [ + $this->renderShiftHead($shift, $class), + div('panel-body', [ + $info_text, + Room_name_render([ + 'RID' => $shift['RID'], + 'Name' => $shift['room_name'] + ]) + ]), + $shifts_row + ] + ) ) ]; } diff --git a/includes/view/User_view.php b/includes/view/User_view.php index bfe7e02c..95ecb626 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -108,46 +108,6 @@ function User_settings_view( } /** - * Displays the welcome message to the user and shows a login form. - * - * @param string $event_welcome_message - * @return string - */ -function User_registration_success_view($event_welcome_message) -{ - $parsedown = new Parsedown(); - $event_welcome_message = $parsedown->text($event_welcome_message); - - return page_with_title(__('Registration successful'), [ - msg(), - div('row', [ - div('col-md-4', [ - $event_welcome_message - ]), - div('col-md-4', [ - '<h2>' . __('Login') . '</h2>', - form([ - form_text('login', __('Nick'), ''), - form_password('password', __('Password')), - form_submit('submit', __('Login')), - buttons([ - button(page_link_to('user_password_recovery'), __('I forgot my password')) - ]), - info(__('Please note: You have to activate cookies!'), true) - ], page_link_to('login')) - ]), - div('col-md-4', [ - '<h2>' . __('What can I do?') . '</h2>', - '<p>' . __('Please read about the jobs you can do to help us.') . '</p>', - buttons([ - button(page_link_to('angeltypes', ['action' => 'about']), __('Teams/Job description') . ' »') - ]) - ]) - ]) - ]); -} - -/** * Gui for deleting user with password field. * * @param User $user @@ -255,13 +215,13 @@ function Users_view( ]; $user_table_headers = [ - 'name' => Users_table_header_link('name', __('Nick'), $order_by) + 'name' => Users_table_header_link('name', __('Nick'), $order_by) ]; - if(config('enable_user_name')) { + if (config('enable_user_name')) { $user_table_headers['first_name'] = Users_table_header_link('first_name', __('Prename'), $order_by); $user_table_headers['last_name'] = Users_table_header_link('last_name', __('Name'), $order_by); } - if(config('enable_dect')) { + if (config('enable_dect')) { $user_table_headers['dect'] = Users_table_header_link('dect', __('DECT'), $order_by); } $user_table_headers['arrived'] = Users_table_header_link('arrived', __('Arrived'), $order_by); @@ -271,8 +231,16 @@ function Users_view( $user_table_headers['force_active'] = Users_table_header_link('force_active', __('Forced'), $order_by); $user_table_headers['got_shirt'] = Users_table_header_link('got_shirt', __('T-Shirt'), $order_by); $user_table_headers['shirt_size'] = Users_table_header_link('shirt_size', __('Size'), $order_by); - $user_table_headers['arrival_date'] = Users_table_header_link('planned_arrival_date', __('Planned arrival'), $order_by); - $user_table_headers['departure_date'] = Users_table_header_link('planned_departure_date', __('Planned departure'), $order_by); + $user_table_headers['arrival_date'] = Users_table_header_link( + 'planned_arrival_date', + __('Planned arrival'), + $order_by + ); + $user_table_headers['departure_date'] = Users_table_header_link( + 'planned_departure_date', + __('Planned departure'), + $order_by + ); $user_table_headers['last_login_at'] = Users_table_header_link('last_login_at', __('Last login'), $order_by); $user_table_headers['actions'] = ''; @@ -792,41 +760,6 @@ function User_view_state_admin($freeloader, $user_source) } /** - * View for password recovery step 1: E-Mail - * - * @return string - */ -function User_password_recovery_view() -{ - return page_with_title(user_password_recovery_title(), [ - msg(), - __('We will send you an e-mail with a password recovery link. Please use the email address you used for registration.'), - form([ - form_text('email', __('E-Mail'), ''), - form_submit('submit', __('Recover')) - ]) - ]); -} - -/** - * View for password recovery step 2: New password - * - * @return string - */ -function User_password_set_view() -{ - return page_with_title(user_password_recovery_title(), [ - msg(), - __('Please enter a new password.'), - form([ - form_password('password', __('Password')), - form_password('password2', __('Confirm password')), - form_submit('submit', __('Save')) - ]) - ]); -} - -/** * @param array[] $user_angeltypes * @return string */ |