Compare commits

...

9 Commits

Author SHA1 Message Date
db757de71c
Merge pull request 'feature/user-data' (!11) from feature/user-data into master
All checks were successful
rvr-nextgen/pipeline/head This commit looks good
Reviewed-on: #11
2023-04-09 02:59:35 +02:00
71aed9dcec
send all user data with oauth
All checks were successful
rvr-nextgen/pipeline/pr-master This commit looks good
2023-04-09 02:55:42 +02:00
b809542083
reload account page after save 2023-04-09 02:55:40 +02:00
749b93e3af
make it possible to modify personal user data fields 2023-04-09 02:55:10 +02:00
df3bf89079
add personal user data fields 2023-04-09 02:54:18 +02:00
de346c0c6e
fix HTML syntax error in account.php 2023-04-09 02:29:53 +02:00
6df63373ab
fix observeInput logic 2023-04-09 02:29:53 +02:00
a0fe77fe66
make it possible to modify email and username 2023-04-09 02:29:53 +02:00
151112bd2a
make it possible to have username 2023-04-09 02:29:46 +02:00
11 changed files with 167 additions and 23 deletions

View File

@ -0,0 +1,3 @@
ALTER TABLE `users`
ADD `username` varchar(100) DEFAULT NULL,
ADD UNIQUE `username` (`username`);

View File

@ -0,0 +1,5 @@
ALTER TABLE `users`
ADD `full_name` varchar(255) NOT NULL DEFAULT '',
ADD `nickname` varchar(255) NOT NULL DEFAULT '',
ADD `phone` varchar(255) NOT NULL DEFAULT '',
ADD `id_number` varchar(255) NOT NULL DEFAULT '';

View File

@ -158,12 +158,17 @@ var RVR = {
document.getElementById('cover').style.visibility = 'hidden'; document.getElementById('cover').style.visibility = 'hidden';
}, },
observeInput: function (input, buttonToToggle) { observeInput: function (form, observedInputs) {
if (input.defaultValue !== input.value) { var anyChanged = false;
buttonToToggle.disabled = false;
} else { for (var i = 0; i < observedInputs.length; i++) {
buttonToToggle.disabled = true; var input = form.elements[observedInputs[i]];
if (input.defaultValue !== input.value) {
anyChanged = true;
}
} }
form.elements.submit.disabled = !anyChanged;
}, },
observeInputsInForm: function (form, observedInputs) { observeInputsInForm: function (form, observedInputs) {
@ -174,12 +179,12 @@ var RVR = {
case 'INPUT': case 'INPUT':
case 'TEXTAREA': case 'TEXTAREA':
input.oninput = function () { input.oninput = function () {
RVR.observeInput(this, form.elements.submit); RVR.observeInput(form, observedInputs);
}; };
break; break;
case 'SELECT': case 'SELECT':
input.onchange = function () { input.onchange = function () {
RVR.observeInput(this, form.elements.submit); RVR.observeInput(form, observedInputs);
}; };
break; break;
} }

View File

@ -21,6 +21,11 @@ class AddUserCommand extends Command
public function execute(InputInterface $input, OutputInterface $output): int public function execute(InputInterface $input, OutputInterface $output): int
{ {
if (!filter_var($input->getArgument('email'), FILTER_VALIDATE_EMAIL)) {
$output->writeln('<error>Please provide a valid email address.</error>');
return 1;
}
$user = new User(); $user = new User();
$user->setEmail($input->getArgument('email')); $user->setEmail($input->getArgument('email'));
$user->setPlainPassword($input->getArgument('password')); $user->setPlainPassword($input->getArgument('password'));

View File

@ -109,11 +109,11 @@ class LoginController
return new JsonContent(['success' => true]); return new JsonContent(['success' => true]);
} }
$user = $this->userRepository->getByEmail($this->request->post('email')); $user = $this->userRepository->getByEmailOrUsername($this->request->post('email'));
if ($user === null || !$user->checkPassword($this->request->post('password'))) { if ($user === null || !$user->checkPassword($this->request->post('password'))) {
return new JsonContent([ return new JsonContent([
'error' => [ 'error' => [
'errorText' => 'No user found with the given email address or the given password is wrong. You can <a href="/password/requestReset?email=' . 'errorText' => 'No user found with the given email address / username or the given password is wrong. You can <a href="/password/requestReset?email=' .
urlencode($this->request->post('email')) . '" title="Request password reset">request password reset</a>!' urlencode($this->request->post('email')) . '" title="Request password reset">request password reset</a>!'
] ]
]); ]);
@ -200,11 +200,11 @@ class LoginController
} }
} }
$user = $this->userRepository->getByEmail($this->request->post('email')); $user = $this->userRepository->getByEmailOrUsername($this->request->post('email'));
if ($user === null) { if ($user === null) {
return new JsonContent([ return new JsonContent([
'error' => [ 'error' => [
'errorText' => 'No user found with the given email address.' 'errorText' => 'No user found with the given email address / username.'
] ]
]); ]);
} }

View File

@ -106,7 +106,12 @@ class OAuthLoginController
'exp' => (int)$token->getExpiresDate()->format('U'), 'exp' => (int)$token->getExpiresDate()->format('U'),
'nonce' => $token->getNonce(), 'nonce' => $token->getNonce(),
'sub' => $user->getId(), 'sub' => $user->getId(),
'email' => $user->getEmail() 'email' => $user->getEmail(),
'username' => $user->getUsername(),
'full_name' => $user->getFullName(),
'nickname' => $user->getNickname(),
'phone' => $user->getPhone(),
'id_number' => $user->getIdNumber()
]; ];
$privateKey = file_get_contents(ROOT . '/' . $_ENV['JWT_RSA_PRIVATE_KEY']); $privateKey = file_get_contents(ROOT . '/' . $_ENV['JWT_RSA_PRIVATE_KEY']);
$jwt = JWT::encode($payload, $privateKey, 'RS256'); $jwt = JWT::encode($payload, $privateKey, 'RS256');

View File

@ -13,6 +13,7 @@ use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\JsonContent; use SokoWeb\Response\JsonContent;
use SokoWeb\Response\Redirect; use SokoWeb\Response\Redirect;
use SokoWeb\Util\JwtParser; use SokoWeb\Util\JwtParser;
use RVR\Repository\UserRepository;
class UserController implements ISecured class UserController implements ISecured
{ {
@ -20,10 +21,13 @@ class UserController implements ISecured
private PersistentDataManager $pdm; private PersistentDataManager $pdm;
private UserRepository $userRepository;
public function __construct(IRequest $request) public function __construct(IRequest $request)
{ {
$this->request = $request; $this->request = $request;
$this->pdm = new PersistentDataManager(); $this->pdm = new PersistentDataManager();
$this->userRepository = new UserRepository();
} }
public function authorize(): bool public function authorize(): bool
@ -126,8 +130,39 @@ class UserController implements ISecured
return new JsonContent(['error' => ['errorText' => $error]]); return new JsonContent(['error' => ['errorText' => $error]]);
} }
if (strlen($this->request->post('password_new')) > 0) { $newEmail = $this->request->post('email');
if (strlen($this->request->post('password_new')) < 6) { if ($newEmail !== $user->getEmail()) {
if (!filter_var($newEmail, FILTER_VALIDATE_EMAIL)) {
return new JsonContent(['error' => ['errorText' => 'Please provide a valid email address.']]);
}
if ($this->userRepository->getByEmail($newEmail) !== null) {
return new JsonContent(['error' => ['errorText' => 'The given email address belongs to another account.']]);
}
$user->setEmail($newEmail);
}
$newUsername = $this->request->post('username');
if ($newUsername !== $user->getUsername()) {
if (strlen($newUsername) > 0) {
if (filter_var($newUsername, FILTER_VALIDATE_EMAIL)) {
return new JsonContent(['error' => ['errorText' => 'Please select a username that is not a valid email address.']]);
}
if ($this->userRepository->getByUsername($newUsername) !== null) {
return new JsonContent(['error' => ['errorText' => 'The given username is already taken.']]);
}
$user->setUsername($newUsername);
} else {
$user->setUsername(null);
}
}
$newPassword = $this->request->post('password_new');
if (strlen($newPassword) > 0) {
if (strlen($newPassword) < 6) {
return new JsonContent([ return new JsonContent([
'error' => [ 'error' => [
'errorText' => 'The given new password is too short. Please choose a password that is at least 6 characters long!' 'errorText' => 'The given new password is too short. Please choose a password that is at least 6 characters long!'
@ -135,7 +170,7 @@ class UserController implements ISecured
]); ]);
} }
if ($this->request->post('password_new') !== $this->request->post('password_new_confirm')) { if ($newPassword !== $this->request->post('password_new_confirm')) {
return new JsonContent([ return new JsonContent([
'error' => [ 'error' => [
'errorText' => 'The given new passwords do not match.' 'errorText' => 'The given new passwords do not match.'
@ -143,9 +178,13 @@ class UserController implements ISecured
]); ]);
} }
$user->setPlainPassword($this->request->post('password_new')); $user->setPlainPassword($newPassword);
} }
$user->setNickname($this->request->post('nickname'));
$user->setPhone($this->request->post('phone'));
$user->setIdNumber($this->request->post('id_number'));
$this->pdm->saveToDb($user); $this->pdm->saveToDb($user);
$this->request->session()->delete('authenticated_with_google_until'); $this->request->session()->delete('authenticated_with_google_until');

View File

@ -8,12 +8,14 @@ class User extends Model implements IUser
{ {
protected static string $table = 'users'; protected static string $table = 'users';
protected static array $fields = ['email', 'password', 'type', 'google_sub', 'created']; protected static array $fields = ['email', 'username', 'password', 'type', 'google_sub', 'created', 'full_name', 'nickname', 'phone', 'id_number'];
private static array $types = ['user', 'admin']; private static array $types = ['user', 'admin'];
private string $email = ''; private string $email = '';
private ?string $username = null;
private ?string $password = null; private ?string $password = null;
private string $type = 'user'; private string $type = 'user';
@ -22,11 +24,24 @@ class User extends Model implements IUser
private DateTime $created; private DateTime $created;
private string $fullName = '';
private string $nickname = '';
private string $phone = '';
private string $idNumber = '';
public function setEmail(string $email): void public function setEmail(string $email): void
{ {
$this->email = $email; $this->email = $email;
} }
public function setUsername(?string $username): void
{
$this->username = $username;
}
public function setPassword(?string $hashedPassword): void public function setPassword(?string $hashedPassword): void
{ {
$this->password = $hashedPassword; $this->password = $hashedPassword;
@ -59,11 +74,36 @@ class User extends Model implements IUser
$this->created = new DateTime($created); $this->created = new DateTime($created);
} }
public function setFullName(string $fullName): void
{
$this->fullName = $fullName;
}
public function setNickname(string $nickname): void
{
$this->nickname = $nickname;
}
public function setPhone(string $phone): void
{
$this->phone = $phone;
}
public function setIdNumber(string $idNumber): void
{
$this->idNumber = $idNumber;
}
public function getEmail(): string public function getEmail(): string
{ {
return $this->email; return $this->email;
} }
public function getUsername(): ?string
{
return $this->username;
}
public function getPassword(): ?string public function getPassword(): ?string
{ {
return $this->password; return $this->password;
@ -89,6 +129,26 @@ class User extends Model implements IUser
return $this->created->format('Y-m-d H:i:s'); return $this->created->format('Y-m-d H:i:s');
} }
public function getFullName(): string
{
return $this->fullName;
}
public function getNickname(): string
{
return $this->nickname;
}
public function getPhone(): string
{
return $this->phone;
}
public function getIdNumber(): string
{
return $this->idNumber;
}
public function hasPermission(int $permission): bool public function hasPermission(int $permission): bool
{ {
switch ($permission) { switch ($permission) {
@ -108,7 +168,7 @@ class User extends Model implements IUser
public function getDisplayName(): string public function getDisplayName(): string
{ {
return $this->email; return $this->nickname ?: $this->fullName;
} }
public function checkPassword(string $password): bool public function checkPassword(string $password): bool

View File

@ -27,6 +27,23 @@ class UserRepository implements IUserRepository
return $this->pdm->selectFromDb($select, User::class); return $this->pdm->selectFromDb($select, User::class);
} }
public function getByUsername(string $username): ?User
{
$select = new Select(\Container::$dbConnection);
$select->where('username', '=', $username);
return $this->pdm->selectFromDb($select, User::class);
}
public function getByEmailOrUsername(string $emailOrUsername): ?User
{
if (filter_var($emailOrUsername, FILTER_VALIDATE_EMAIL)) {
return $this->getByEmail($emailOrUsername);
}
return $this->getByUsername($emailOrUsername);
}
public function getByGoogleSub(string $sub): ?User public function getByGoogleSub(string $sub): ?User
{ {
$select = new Select(\Container::$dbConnection); $select = new Select(\Container::$dbConnection);

View File

@ -5,11 +5,11 @@
@section(main) @section(main)
<h2>Account</h2> <h2>Account</h2>
<div class="box"> <div class="box">
<form id="accountForm" action="/account" method="post" data-observe-inputs="password_new,password_new_confirm"> <form id="accountForm" action="/account" method="post" data-reload-on-success="true" data-observe-inputs="email,username,password_new,password_new_confirm,nickname,phone,id_number">
<?php if ($user['password'] !== null && $user['google_sub'] !== null): ?> <?php if ($user['password'] !== null && $user['google_sub'] !== null): ?>
<p class="justify small">Please confirm your identity with your password or with Google to modify your account.</p> <p class="justify small">Please confirm your identity with your password or with Google to modify your account.</p>
<div class="inputWithButton"> <div class="inputWithButton">
<input type="password" class="text name="password" placeholder="Current password" required minlength="6" autofocus><!-- <input type="password" class="text" name="password" placeholder="Current password" required minlength="6" autofocus><!--
--><button id="authenticateWithGoogleButton" class="yellow" type="button">Google</button> --><button id="authenticateWithGoogleButton" class="yellow" type="button">Google</button>
</div> </div>
<?php elseif ($user['password'] !== null): ?> <?php elseif ($user['password'] !== null): ?>
@ -23,10 +23,15 @@
</div> </div>
<?php endif; ?> <?php endif; ?>
<hr> <hr>
<?php /* TODO: disabled for the time being, email modification should be implemented */ ?> <input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= $user['email'] ?>">
<input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= $user['email'] ?>" disabled> <input type="text" class="text big fullWidth marginTop" name="username" placeholder="Username" value="<?= $user['username'] ?>">
<input type="password" class="text big fullWidth marginTop" name="password_new" placeholder="New password" minlength="6"> <input type="password" class="text big fullWidth marginTop" name="password_new" placeholder="New password" minlength="6">
<input type="password" class="text big fullWidth marginTop" name="password_new_confirm" placeholder="New password confirmation" minlength="6"> <input type="password" class="text big fullWidth marginTop" name="password_new_confirm" placeholder="New password confirmation" minlength="6">
<hr>
<input type="text" class="text big fullWidth marginTop" name="full_name" placeholder="Full name" value="<?= $user['full_name'] ?>" disabled>
<input type="text" class="text big fullWidth marginTop" name="nickname" placeholder="Nickname" value="<?= $user['nickname'] ?>">
<input type="text" class="text big fullWidth marginTop" name="phone" placeholder="Phone" value="<?= $user['phone'] ?>">
<input type="text" class="text big fullWidth marginTop" name="id_number" placeholder="ID number" value="<?= $user['id_number'] ?>">
<p id="accountFormError" class="formError justify marginTop"></p> <p id="accountFormError" class="formError justify marginTop"></p>
<div class="right marginTop"> <div class="right marginTop">
<button type="submit" name="submit" disabled>Save</button> <button type="submit" name="submit" disabled>Save</button>

View File

@ -4,7 +4,7 @@
<h2>Login</h2> <h2>Login</h2>
<div class="box"> <div class="box">
<form id="loginForm" action="/login" method="post" data-redirect-on-success="<?= $redirectUrl ?>"> <form id="loginForm" action="/login" method="post" data-redirect-on-success="<?= $redirectUrl ?>">
<input type="email" class="text big fullWidth" name="email" placeholder="Email address" required autofocus> <input type="text" class="text big fullWidth" name="email" placeholder="Email address / Username" required autofocus>
<input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6"> <input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
<p id="loginFormError" class="formError justify marginTop"></p> <p id="loginFormError" class="formError justify marginTop"></p>
<div class="right marginTop"> <div class="right marginTop">