Compare commits
No commits in common. "db757de71c473b4e02438f696ae0195c4d96accc" and "366abf61b38df07a9508a6794d752e1d9171bfaa" have entirely different histories.
db757de71c
...
366abf61b3
@ -1,3 +0,0 @@
|
|||||||
ALTER TABLE `users`
|
|
||||||
ADD `username` varchar(100) DEFAULT NULL,
|
|
||||||
ADD UNIQUE `username` (`username`);
|
|
@ -1,5 +0,0 @@
|
|||||||
ALTER TABLE `users`
|
|
||||||
ADD `full_name` varchar(255) NOT NULL DEFAULT '',
|
|
||||||
ADD `nickname` varchar(255) NOT NULL DEFAULT '',
|
|
||||||
ADD `phone` varchar(255) NOT NULL DEFAULT '',
|
|
||||||
ADD `id_number` varchar(255) NOT NULL DEFAULT '';
|
|
@ -158,17 +158,12 @@ var RVR = {
|
|||||||
document.getElementById('cover').style.visibility = 'hidden';
|
document.getElementById('cover').style.visibility = 'hidden';
|
||||||
},
|
},
|
||||||
|
|
||||||
observeInput: function (form, observedInputs) {
|
observeInput: function (input, buttonToToggle) {
|
||||||
var anyChanged = false;
|
if (input.defaultValue !== input.value) {
|
||||||
|
buttonToToggle.disabled = false;
|
||||||
for (var i = 0; i < observedInputs.length; i++) {
|
} else {
|
||||||
var input = form.elements[observedInputs[i]];
|
buttonToToggle.disabled = true;
|
||||||
if (input.defaultValue !== input.value) {
|
|
||||||
anyChanged = true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
form.elements.submit.disabled = !anyChanged;
|
|
||||||
},
|
},
|
||||||
|
|
||||||
observeInputsInForm: function (form, observedInputs) {
|
observeInputsInForm: function (form, observedInputs) {
|
||||||
@ -179,12 +174,12 @@ var RVR = {
|
|||||||
case 'INPUT':
|
case 'INPUT':
|
||||||
case 'TEXTAREA':
|
case 'TEXTAREA':
|
||||||
input.oninput = function () {
|
input.oninput = function () {
|
||||||
RVR.observeInput(form, observedInputs);
|
RVR.observeInput(this, form.elements.submit);
|
||||||
};
|
};
|
||||||
break;
|
break;
|
||||||
case 'SELECT':
|
case 'SELECT':
|
||||||
input.onchange = function () {
|
input.onchange = function () {
|
||||||
RVR.observeInput(form, observedInputs);
|
RVR.observeInput(this, form.elements.submit);
|
||||||
};
|
};
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -21,11 +21,6 @@ class AddUserCommand extends Command
|
|||||||
|
|
||||||
public function execute(InputInterface $input, OutputInterface $output): int
|
public function execute(InputInterface $input, OutputInterface $output): int
|
||||||
{
|
{
|
||||||
if (!filter_var($input->getArgument('email'), FILTER_VALIDATE_EMAIL)) {
|
|
||||||
$output->writeln('<error>Please provide a valid email address.</error>');
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
$user = new User();
|
$user = new User();
|
||||||
$user->setEmail($input->getArgument('email'));
|
$user->setEmail($input->getArgument('email'));
|
||||||
$user->setPlainPassword($input->getArgument('password'));
|
$user->setPlainPassword($input->getArgument('password'));
|
||||||
|
@ -109,11 +109,11 @@ class LoginController
|
|||||||
return new JsonContent(['success' => true]);
|
return new JsonContent(['success' => true]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = $this->userRepository->getByEmailOrUsername($this->request->post('email'));
|
$user = $this->userRepository->getByEmail($this->request->post('email'));
|
||||||
if ($user === null || !$user->checkPassword($this->request->post('password'))) {
|
if ($user === null || !$user->checkPassword($this->request->post('password'))) {
|
||||||
return new JsonContent([
|
return new JsonContent([
|
||||||
'error' => [
|
'error' => [
|
||||||
'errorText' => 'No user found with the given email address / username or the given password is wrong. You can <a href="/password/requestReset?email=' .
|
'errorText' => 'No user found with the given email address or the given password is wrong. You can <a href="/password/requestReset?email=' .
|
||||||
urlencode($this->request->post('email')) . '" title="Request password reset">request password reset</a>!'
|
urlencode($this->request->post('email')) . '" title="Request password reset">request password reset</a>!'
|
||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
@ -200,11 +200,11 @@ class LoginController
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = $this->userRepository->getByEmailOrUsername($this->request->post('email'));
|
$user = $this->userRepository->getByEmail($this->request->post('email'));
|
||||||
if ($user === null) {
|
if ($user === null) {
|
||||||
return new JsonContent([
|
return new JsonContent([
|
||||||
'error' => [
|
'error' => [
|
||||||
'errorText' => 'No user found with the given email address / username.'
|
'errorText' => 'No user found with the given email address.'
|
||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
@ -106,12 +106,7 @@ class OAuthLoginController
|
|||||||
'exp' => (int)$token->getExpiresDate()->format('U'),
|
'exp' => (int)$token->getExpiresDate()->format('U'),
|
||||||
'nonce' => $token->getNonce(),
|
'nonce' => $token->getNonce(),
|
||||||
'sub' => $user->getId(),
|
'sub' => $user->getId(),
|
||||||
'email' => $user->getEmail(),
|
'email' => $user->getEmail()
|
||||||
'username' => $user->getUsername(),
|
|
||||||
'full_name' => $user->getFullName(),
|
|
||||||
'nickname' => $user->getNickname(),
|
|
||||||
'phone' => $user->getPhone(),
|
|
||||||
'id_number' => $user->getIdNumber()
|
|
||||||
];
|
];
|
||||||
$privateKey = file_get_contents(ROOT . '/' . $_ENV['JWT_RSA_PRIVATE_KEY']);
|
$privateKey = file_get_contents(ROOT . '/' . $_ENV['JWT_RSA_PRIVATE_KEY']);
|
||||||
$jwt = JWT::encode($payload, $privateKey, 'RS256');
|
$jwt = JWT::encode($payload, $privateKey, 'RS256');
|
||||||
|
@ -13,7 +13,6 @@ use SokoWeb\Response\HtmlContent;
|
|||||||
use SokoWeb\Response\JsonContent;
|
use SokoWeb\Response\JsonContent;
|
||||||
use SokoWeb\Response\Redirect;
|
use SokoWeb\Response\Redirect;
|
||||||
use SokoWeb\Util\JwtParser;
|
use SokoWeb\Util\JwtParser;
|
||||||
use RVR\Repository\UserRepository;
|
|
||||||
|
|
||||||
class UserController implements ISecured
|
class UserController implements ISecured
|
||||||
{
|
{
|
||||||
@ -21,13 +20,10 @@ class UserController implements ISecured
|
|||||||
|
|
||||||
private PersistentDataManager $pdm;
|
private PersistentDataManager $pdm;
|
||||||
|
|
||||||
private UserRepository $userRepository;
|
|
||||||
|
|
||||||
public function __construct(IRequest $request)
|
public function __construct(IRequest $request)
|
||||||
{
|
{
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
$this->pdm = new PersistentDataManager();
|
$this->pdm = new PersistentDataManager();
|
||||||
$this->userRepository = new UserRepository();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authorize(): bool
|
public function authorize(): bool
|
||||||
@ -130,39 +126,8 @@ class UserController implements ISecured
|
|||||||
return new JsonContent(['error' => ['errorText' => $error]]);
|
return new JsonContent(['error' => ['errorText' => $error]]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$newEmail = $this->request->post('email');
|
if (strlen($this->request->post('password_new')) > 0) {
|
||||||
if ($newEmail !== $user->getEmail()) {
|
if (strlen($this->request->post('password_new')) < 6) {
|
||||||
if (!filter_var($newEmail, FILTER_VALIDATE_EMAIL)) {
|
|
||||||
return new JsonContent(['error' => ['errorText' => 'Please provide a valid email address.']]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($this->userRepository->getByEmail($newEmail) !== null) {
|
|
||||||
return new JsonContent(['error' => ['errorText' => 'The given email address belongs to another account.']]);
|
|
||||||
}
|
|
||||||
|
|
||||||
$user->setEmail($newEmail);
|
|
||||||
}
|
|
||||||
|
|
||||||
$newUsername = $this->request->post('username');
|
|
||||||
if ($newUsername !== $user->getUsername()) {
|
|
||||||
if (strlen($newUsername) > 0) {
|
|
||||||
if (filter_var($newUsername, FILTER_VALIDATE_EMAIL)) {
|
|
||||||
return new JsonContent(['error' => ['errorText' => 'Please select a username that is not a valid email address.']]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($this->userRepository->getByUsername($newUsername) !== null) {
|
|
||||||
return new JsonContent(['error' => ['errorText' => 'The given username is already taken.']]);
|
|
||||||
}
|
|
||||||
|
|
||||||
$user->setUsername($newUsername);
|
|
||||||
} else {
|
|
||||||
$user->setUsername(null);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$newPassword = $this->request->post('password_new');
|
|
||||||
if (strlen($newPassword) > 0) {
|
|
||||||
if (strlen($newPassword) < 6) {
|
|
||||||
return new JsonContent([
|
return new JsonContent([
|
||||||
'error' => [
|
'error' => [
|
||||||
'errorText' => 'The given new password is too short. Please choose a password that is at least 6 characters long!'
|
'errorText' => 'The given new password is too short. Please choose a password that is at least 6 characters long!'
|
||||||
@ -170,7 +135,7 @@ class UserController implements ISecured
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($newPassword !== $this->request->post('password_new_confirm')) {
|
if ($this->request->post('password_new') !== $this->request->post('password_new_confirm')) {
|
||||||
return new JsonContent([
|
return new JsonContent([
|
||||||
'error' => [
|
'error' => [
|
||||||
'errorText' => 'The given new passwords do not match.'
|
'errorText' => 'The given new passwords do not match.'
|
||||||
@ -178,13 +143,9 @@ class UserController implements ISecured
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->setPlainPassword($newPassword);
|
$user->setPlainPassword($this->request->post('password_new'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->setNickname($this->request->post('nickname'));
|
|
||||||
$user->setPhone($this->request->post('phone'));
|
|
||||||
$user->setIdNumber($this->request->post('id_number'));
|
|
||||||
|
|
||||||
$this->pdm->saveToDb($user);
|
$this->pdm->saveToDb($user);
|
||||||
|
|
||||||
$this->request->session()->delete('authenticated_with_google_until');
|
$this->request->session()->delete('authenticated_with_google_until');
|
||||||
|
@ -8,14 +8,12 @@ class User extends Model implements IUser
|
|||||||
{
|
{
|
||||||
protected static string $table = 'users';
|
protected static string $table = 'users';
|
||||||
|
|
||||||
protected static array $fields = ['email', 'username', 'password', 'type', 'google_sub', 'created', 'full_name', 'nickname', 'phone', 'id_number'];
|
protected static array $fields = ['email', 'password', 'type', 'google_sub', 'created'];
|
||||||
|
|
||||||
private static array $types = ['user', 'admin'];
|
private static array $types = ['user', 'admin'];
|
||||||
|
|
||||||
private string $email = '';
|
private string $email = '';
|
||||||
|
|
||||||
private ?string $username = null;
|
|
||||||
|
|
||||||
private ?string $password = null;
|
private ?string $password = null;
|
||||||
|
|
||||||
private string $type = 'user';
|
private string $type = 'user';
|
||||||
@ -24,24 +22,11 @@ class User extends Model implements IUser
|
|||||||
|
|
||||||
private DateTime $created;
|
private DateTime $created;
|
||||||
|
|
||||||
private string $fullName = '';
|
|
||||||
|
|
||||||
private string $nickname = '';
|
|
||||||
|
|
||||||
private string $phone = '';
|
|
||||||
|
|
||||||
private string $idNumber = '';
|
|
||||||
|
|
||||||
public function setEmail(string $email): void
|
public function setEmail(string $email): void
|
||||||
{
|
{
|
||||||
$this->email = $email;
|
$this->email = $email;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setUsername(?string $username): void
|
|
||||||
{
|
|
||||||
$this->username = $username;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setPassword(?string $hashedPassword): void
|
public function setPassword(?string $hashedPassword): void
|
||||||
{
|
{
|
||||||
$this->password = $hashedPassword;
|
$this->password = $hashedPassword;
|
||||||
@ -74,36 +59,11 @@ class User extends Model implements IUser
|
|||||||
$this->created = new DateTime($created);
|
$this->created = new DateTime($created);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setFullName(string $fullName): void
|
|
||||||
{
|
|
||||||
$this->fullName = $fullName;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setNickname(string $nickname): void
|
|
||||||
{
|
|
||||||
$this->nickname = $nickname;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setPhone(string $phone): void
|
|
||||||
{
|
|
||||||
$this->phone = $phone;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setIdNumber(string $idNumber): void
|
|
||||||
{
|
|
||||||
$this->idNumber = $idNumber;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getEmail(): string
|
public function getEmail(): string
|
||||||
{
|
{
|
||||||
return $this->email;
|
return $this->email;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getUsername(): ?string
|
|
||||||
{
|
|
||||||
return $this->username;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getPassword(): ?string
|
public function getPassword(): ?string
|
||||||
{
|
{
|
||||||
return $this->password;
|
return $this->password;
|
||||||
@ -129,26 +89,6 @@ class User extends Model implements IUser
|
|||||||
return $this->created->format('Y-m-d H:i:s');
|
return $this->created->format('Y-m-d H:i:s');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getFullName(): string
|
|
||||||
{
|
|
||||||
return $this->fullName;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getNickname(): string
|
|
||||||
{
|
|
||||||
return $this->nickname;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getPhone(): string
|
|
||||||
{
|
|
||||||
return $this->phone;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getIdNumber(): string
|
|
||||||
{
|
|
||||||
return $this->idNumber;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function hasPermission(int $permission): bool
|
public function hasPermission(int $permission): bool
|
||||||
{
|
{
|
||||||
switch ($permission) {
|
switch ($permission) {
|
||||||
@ -168,7 +108,7 @@ class User extends Model implements IUser
|
|||||||
|
|
||||||
public function getDisplayName(): string
|
public function getDisplayName(): string
|
||||||
{
|
{
|
||||||
return $this->nickname ?: $this->fullName;
|
return $this->email;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function checkPassword(string $password): bool
|
public function checkPassword(string $password): bool
|
||||||
|
@ -27,23 +27,6 @@ class UserRepository implements IUserRepository
|
|||||||
return $this->pdm->selectFromDb($select, User::class);
|
return $this->pdm->selectFromDb($select, User::class);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getByUsername(string $username): ?User
|
|
||||||
{
|
|
||||||
$select = new Select(\Container::$dbConnection);
|
|
||||||
$select->where('username', '=', $username);
|
|
||||||
|
|
||||||
return $this->pdm->selectFromDb($select, User::class);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getByEmailOrUsername(string $emailOrUsername): ?User
|
|
||||||
{
|
|
||||||
if (filter_var($emailOrUsername, FILTER_VALIDATE_EMAIL)) {
|
|
||||||
return $this->getByEmail($emailOrUsername);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $this->getByUsername($emailOrUsername);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getByGoogleSub(string $sub): ?User
|
public function getByGoogleSub(string $sub): ?User
|
||||||
{
|
{
|
||||||
$select = new Select(\Container::$dbConnection);
|
$select = new Select(\Container::$dbConnection);
|
||||||
|
@ -5,11 +5,11 @@
|
|||||||
@section(main)
|
@section(main)
|
||||||
<h2>Account</h2>
|
<h2>Account</h2>
|
||||||
<div class="box">
|
<div class="box">
|
||||||
<form id="accountForm" action="/account" method="post" data-reload-on-success="true" data-observe-inputs="email,username,password_new,password_new_confirm,nickname,phone,id_number">
|
<form id="accountForm" action="/account" method="post" data-observe-inputs="password_new,password_new_confirm">
|
||||||
<?php if ($user['password'] !== null && $user['google_sub'] !== null): ?>
|
<?php if ($user['password'] !== null && $user['google_sub'] !== null): ?>
|
||||||
<p class="justify small">Please confirm your identity with your password or with Google to modify your account.</p>
|
<p class="justify small">Please confirm your identity with your password or with Google to modify your account.</p>
|
||||||
<div class="inputWithButton">
|
<div class="inputWithButton">
|
||||||
<input type="password" class="text" name="password" placeholder="Current password" required minlength="6" autofocus><!--
|
<input type="password" class="text name="password" placeholder="Current password" required minlength="6" autofocus><!--
|
||||||
--><button id="authenticateWithGoogleButton" class="yellow" type="button">Google</button>
|
--><button id="authenticateWithGoogleButton" class="yellow" type="button">Google</button>
|
||||||
</div>
|
</div>
|
||||||
<?php elseif ($user['password'] !== null): ?>
|
<?php elseif ($user['password'] !== null): ?>
|
||||||
@ -23,15 +23,10 @@
|
|||||||
</div>
|
</div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<hr>
|
<hr>
|
||||||
<input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= $user['email'] ?>">
|
<?php /* TODO: disabled for the time being, email modification should be implemented */ ?>
|
||||||
<input type="text" class="text big fullWidth marginTop" name="username" placeholder="Username" value="<?= $user['username'] ?>">
|
<input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= $user['email'] ?>" disabled>
|
||||||
<input type="password" class="text big fullWidth marginTop" name="password_new" placeholder="New password" minlength="6">
|
<input type="password" class="text big fullWidth marginTop" name="password_new" placeholder="New password" minlength="6">
|
||||||
<input type="password" class="text big fullWidth marginTop" name="password_new_confirm" placeholder="New password confirmation" minlength="6">
|
<input type="password" class="text big fullWidth marginTop" name="password_new_confirm" placeholder="New password confirmation" minlength="6">
|
||||||
<hr>
|
|
||||||
<input type="text" class="text big fullWidth marginTop" name="full_name" placeholder="Full name" value="<?= $user['full_name'] ?>" disabled>
|
|
||||||
<input type="text" class="text big fullWidth marginTop" name="nickname" placeholder="Nickname" value="<?= $user['nickname'] ?>">
|
|
||||||
<input type="text" class="text big fullWidth marginTop" name="phone" placeholder="Phone" value="<?= $user['phone'] ?>">
|
|
||||||
<input type="text" class="text big fullWidth marginTop" name="id_number" placeholder="ID number" value="<?= $user['id_number'] ?>">
|
|
||||||
<p id="accountFormError" class="formError justify marginTop"></p>
|
<p id="accountFormError" class="formError justify marginTop"></p>
|
||||||
<div class="right marginTop">
|
<div class="right marginTop">
|
||||||
<button type="submit" name="submit" disabled>Save</button>
|
<button type="submit" name="submit" disabled>Save</button>
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
<h2>Login</h2>
|
<h2>Login</h2>
|
||||||
<div class="box">
|
<div class="box">
|
||||||
<form id="loginForm" action="/login" method="post" data-redirect-on-success="<?= $redirectUrl ?>">
|
<form id="loginForm" action="/login" method="post" data-redirect-on-success="<?= $redirectUrl ?>">
|
||||||
<input type="text" class="text big fullWidth" name="email" placeholder="Email address / Username" required autofocus>
|
<input type="email" class="text big fullWidth" name="email" placeholder="Email address" required autofocus>
|
||||||
<input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
|
<input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
|
||||||
<p id="loginFormError" class="formError justify marginTop"></p>
|
<p id="loginFormError" class="formError justify marginTop"></p>
|
||||||
<div class="right marginTop">
|
<div class="right marginTop">
|
||||||
|
Loading…
Reference in New Issue
Block a user