|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App\Http\Controllers; |
|
4
|
|
|
|
|
5
|
|
|
use App\Models\ChocolateyId; |
|
6
|
|
|
use App\Models\Mail; |
|
7
|
|
|
use App\Models\Question; |
|
8
|
|
|
use App\Models\TrustedDevice; |
|
9
|
|
|
use App\Models\User; |
|
10
|
|
|
use App\Models\UserSecurity; |
|
11
|
|
|
use Illuminate\Http\JsonResponse; |
|
12
|
|
|
use Illuminate\Http\Request; |
|
13
|
|
|
use Illuminate\Http\Response; |
|
14
|
|
|
use Illuminate\Support\Facades\DB; |
|
15
|
|
|
use Laravel\Lumen\Routing\Controller as BaseController; |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* Class AccountSecurityController |
|
19
|
|
|
* @package App\Http\Controllers |
|
20
|
|
|
*/ |
|
21
|
|
|
class AccountSecurityController extends BaseController |
|
22
|
|
|
{ |
|
23
|
|
|
/** |
|
24
|
|
|
* Check if Feature Status is Enabled |
|
25
|
|
|
* |
|
26
|
|
|
* @param Request $request |
|
27
|
|
|
* @return Response |
|
28
|
|
|
*/ |
|
29
|
|
|
public function featureStatus(Request $request): Response |
|
30
|
|
|
{ |
|
31
|
|
|
if ($request->user()->emailVerified == false) |
|
32
|
|
|
return response('identity_verification_required', 200); |
|
33
|
|
|
|
|
34
|
|
|
$featureEnabled = UserSecurity::find($request->user()->uniqueId); |
|
35
|
|
|
|
|
36
|
|
|
return response($featureEnabled !== null ? 'enabled' : 'disabled', 200); |
|
37
|
|
|
} |
|
38
|
|
|
|
|
39
|
|
|
/** |
|
40
|
|
|
* Save Security Questions |
|
41
|
|
|
* |
|
42
|
|
|
* @param Request $request |
|
43
|
|
|
* @return JsonResponse |
|
44
|
|
|
*/ |
|
45
|
|
|
public function saveQuestions(Request $request): JsonResponse |
|
46
|
|
|
{ |
|
47
|
|
View Code Duplication |
if (User::where('password', hash('sha256', $request->json()->get('password')))->count() == 0) |
|
|
|
|
|
|
48
|
|
|
return response()->json(['error' => 'invalid_password'], 400); |
|
|
|
|
|
|
49
|
|
|
|
|
50
|
|
|
UserSecurity::updateOrCreate([ |
|
51
|
|
|
'user_id' => $request->user()->uniqueId, |
|
52
|
|
|
'firstQuestion' => $request->json()->get('questionId1'), |
|
53
|
|
|
'secondQuestion' => $request->json()->get('questionId2'), |
|
54
|
|
|
'firstAnswer' => $request->json()->get('answer1'), |
|
55
|
|
|
'secondAnswer' => $request->json()->get('answer2')]); |
|
56
|
|
|
|
|
57
|
|
|
return response()->json(null, 204); |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* Disable Safety Lock |
|
62
|
|
|
* |
|
63
|
|
|
* @param Request $request |
|
64
|
|
|
* @return JsonResponse |
|
65
|
|
|
*/ |
|
66
|
|
|
public function disable(Request $request): JsonResponse |
|
67
|
|
|
{ |
|
68
|
|
|
UserSecurity::find($request->user()->uniqueId)->delete(); |
|
69
|
|
|
|
|
70
|
|
|
return response()->json(null, 204); |
|
|
|
|
|
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
/** |
|
74
|
|
|
* Reset Trusted Devices |
|
75
|
|
|
* |
|
76
|
|
|
* @param Request $request |
|
77
|
|
|
* @return JsonResponse |
|
78
|
|
|
*/ |
|
79
|
|
|
public function reset(Request $request): JsonResponse |
|
80
|
|
|
{ |
|
81
|
|
|
TrustedDevice::find($request->user()->uniqueId)->delete(); |
|
82
|
|
|
|
|
83
|
|
|
return response()->json(null, 204); |
|
|
|
|
|
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
|
|
/** |
|
87
|
|
|
* Change User Password |
|
88
|
|
|
* |
|
89
|
|
|
* @TODO: Implement Notification E-mail of Password change |
|
90
|
|
|
* |
|
91
|
|
|
* @param Request $request |
|
92
|
|
|
* @return JsonResponse |
|
93
|
|
|
*/ |
|
94
|
|
|
public function changePassword(Request $request): JsonResponse |
|
95
|
|
|
{ |
|
96
|
|
|
if (strlen($request->json()->get('password')) < 6) |
|
97
|
|
|
return response()->json(['error' => 'password.current_password.invalid'], 409); |
|
|
|
|
|
|
98
|
|
|
|
|
99
|
|
|
//@TODO: This search the whole base. If anyone has the same password.. This will give error. Is this good? |
|
100
|
|
View Code Duplication |
if (User::where('password', hash('sha256', $request->json()->get('currentPassword')))->count() >= 1) |
|
|
|
|
|
|
101
|
|
|
return response()->json(['error' => 'password.used_earlier'], 409); |
|
102
|
|
|
|
|
103
|
|
|
User::find($request->user()->uniqueId)->update(['password' => |
|
104
|
|
|
hash('sha256', $request->json()->get('password'))]); |
|
105
|
|
|
|
|
106
|
|
|
return response()->json(null, 204); |
|
107
|
|
|
} |
|
108
|
|
|
|
|
109
|
|
|
/** |
|
110
|
|
|
* Change User E-mail |
|
111
|
|
|
* |
|
112
|
|
|
* @param Request $request |
|
113
|
|
|
* @return JsonResponse |
|
114
|
|
|
*/ |
|
115
|
|
|
public function changeMail(Request $request): JsonResponse |
|
116
|
|
|
{ |
|
117
|
|
View Code Duplication |
if (User::where('password', hash('sha256', $request->json()->get('currentPassword')))->count() == 0) |
|
|
|
|
|
|
118
|
|
|
return response()->json(['error' => 'changeEmail.invalid_password'], 400); |
|
|
|
|
|
|
119
|
|
|
|
|
120
|
|
|
if (ChocolateyId::where('mail', $request->json()->get('newEmail'))->count() > 0) |
|
121
|
|
|
return response()->json(['error' => 'changeEmail.email_already_in_use'], 400); |
|
122
|
|
|
|
|
123
|
|
|
$this->sendChangeMailConfirmation($request); |
|
124
|
|
|
|
|
125
|
|
|
return response()->json(['email' => $request->json()->get('newEmail')], 200); |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
/** |
|
129
|
|
|
* Send the E-Mail confirmation |
|
130
|
|
|
* |
|
131
|
|
|
* @param Request $request |
|
132
|
|
|
*/ |
|
133
|
|
|
protected function sendChangeMailConfirmation(Request $request) |
|
134
|
|
|
{ |
|
135
|
|
|
$mailController = new MailController; |
|
136
|
|
|
|
|
137
|
|
|
$mailController->send([ |
|
138
|
|
|
'mail' => $request->user()->email, |
|
139
|
|
|
'newMail' => $request->json()->get('newEmail'), |
|
140
|
|
|
'name' => $request->user()->name |
|
141
|
|
|
], 'habbo-web-mail.mail-change-alert'); |
|
142
|
|
|
|
|
143
|
|
|
$generatedToken = $mailController->prepare( |
|
144
|
|
|
$request->user()->email, |
|
145
|
|
|
"change-email/{$request->json()->get('newEmail')}"); |
|
146
|
|
|
|
|
147
|
|
|
$mailController->send([ |
|
148
|
|
|
'mail' => $request->json()->get('newEmail'), |
|
149
|
|
|
'name' => $request->user()->name, |
|
150
|
|
|
'url' => "/activate/{$generatedToken}" |
|
151
|
|
|
], 'habbo-web-mail.confirm-mail-change'); |
|
152
|
|
|
} |
|
153
|
|
|
|
|
154
|
|
|
/** |
|
155
|
|
|
* Get User Security Questions |
|
156
|
|
|
* |
|
157
|
|
|
* @param Request $request |
|
158
|
|
|
* @return JsonResponse |
|
159
|
|
|
*/ |
|
160
|
|
|
public function getQuestions(Request $request): JsonResponse |
|
161
|
|
|
{ |
|
162
|
|
|
if (UserSecurity::find($request->user()->uniqueId) == null) |
|
163
|
|
|
return response()->json(''); |
|
|
|
|
|
|
164
|
|
|
|
|
165
|
|
|
$userSecurity = UserSecurity::find($request->user()->uniqueId); |
|
166
|
|
|
|
|
167
|
|
|
return response()->json([ |
|
168
|
|
|
new Question($userSecurity->firstQuestion, |
|
169
|
|
|
"IDENTITY_SAFETYQUESTION_{$userSecurity->firstQuestion}"), |
|
170
|
|
|
new Question($userSecurity->secondQuestion, |
|
171
|
|
|
"IDENTITY_SAFETYQUESTION_{$userSecurity->secondQuestion}") |
|
172
|
|
|
]); |
|
173
|
|
|
} |
|
174
|
|
|
|
|
175
|
|
|
/** |
|
176
|
|
|
* Verify User Security Questions |
|
177
|
|
|
* |
|
178
|
|
|
* @param Request $request |
|
179
|
|
|
* @return JsonResponse |
|
180
|
|
|
*/ |
|
181
|
|
|
public function verifyQuestions(Request $request): JsonResponse |
|
182
|
|
|
{ |
|
183
|
|
|
if (UserSecurity::where('user_id', $request->user()->uniqueId) |
|
184
|
|
|
->where('firstAnswer', $request->json()->get('answer1')) |
|
185
|
|
|
->where('secondAnswer', $request->json()->get('answer2'))->count() > 0 |
|
186
|
|
|
): |
|
187
|
|
|
if ($request->json()->get('trust') == true) |
|
188
|
|
|
(new TrustedDevice)->store($request->user()->uniqueId, $request->ip())->save(); |
|
189
|
|
|
|
|
190
|
|
|
return response()->json(null, 204); |
|
|
|
|
|
|
191
|
|
|
endif; |
|
192
|
|
|
|
|
193
|
|
|
return response()->json(null, 409); |
|
194
|
|
|
} |
|
195
|
|
|
|
|
196
|
|
|
/** |
|
197
|
|
|
* Confirm User Change Password |
|
198
|
|
|
* |
|
199
|
|
|
* @param Request $request |
|
200
|
|
|
* @return mixed |
|
201
|
|
|
*/ |
|
202
|
|
|
public function confirmChangePassword(Request $request): JsonResponse |
|
203
|
|
|
{ |
|
204
|
|
|
$mailRequest = Mail::where('token', $request->json()->get('token'))->where('used', '0')->first(); |
|
205
|
|
|
|
|
206
|
|
|
if ($mailRequest == null) |
|
207
|
|
|
return response()->json(null, 404); |
|
|
|
|
|
|
208
|
|
|
|
|
209
|
|
View Code Duplication |
if (User::where('password', hash('sha256', $request->json()->get('password')))->count() >= 1) |
|
|
|
|
|
|
210
|
|
|
return response()->json(['error' => 'password.used_earlier'], 400); |
|
211
|
|
|
|
|
212
|
|
|
$mailRequest->update(['used' => '1']); |
|
213
|
|
|
|
|
214
|
|
|
DB::table('users')->where('mail', $mailRequest->mail) |
|
215
|
|
|
->update(['password' => hash('sha256', $request->json()->get('password'))]); |
|
216
|
|
|
|
|
217
|
|
|
return response()->json(''); |
|
218
|
|
|
} |
|
219
|
|
|
} |
|
220
|
|
|
|
sant0ro /
chocolatey
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.