| 
									
										
										
										
											2016-05-20 08:57:45 +02:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  | /** | 
					
						
							|  |  |  |  * ProfileController.php | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * Copyright (c) 2017 thegrumpydictator@gmail.com | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * This file is part of Firefly III. | 
					
						
							| 
									
										
										
										
											2016-10-05 06:52:15 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * Firefly III is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  |  * it under the terms of the GNU General Public License as published by | 
					
						
							|  |  |  |  * the Free Software Foundation, either version 3 of the License, or | 
					
						
							|  |  |  |  * (at your option) any later version. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Firefly III is distributed in the hope that it will be useful, | 
					
						
							|  |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							|  |  |  |  * GNU General Public License for more details. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * You should have received a copy of the GNU General Public License | 
					
						
							| 
									
										
										
										
											2017-12-17 14:41:58 +01:00
										 |  |  |  * along with Firefly III. If not, see <http://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2017-03-24 11:07:38 +01:00
										 |  |  | declare(strict_types=1); | 
					
						
							| 
									
										
										
										
											2016-05-20 08:57:45 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | namespace FireflyIII\Http\Controllers; | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | use Auth; | 
					
						
							| 
									
										
										
										
											2018-04-02 15:17:03 +02:00
										 |  |  | use DB; | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | use FireflyIII\Events\UserChangedEmail; | 
					
						
							|  |  |  | use FireflyIII\Exceptions\FireflyException; | 
					
						
							| 
									
										
										
										
											2017-01-05 10:06:46 +01:00
										 |  |  | use FireflyIII\Exceptions\ValidationException; | 
					
						
							| 
									
										
										
										
											2017-12-19 19:25:50 +01:00
										 |  |  | use FireflyIII\Http\Middleware\IsDemoUser; | 
					
						
							|  |  |  | use FireflyIII\Http\Middleware\IsSandStormUser; | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  | use FireflyIII\Http\Requests\DeleteAccountFormRequest; | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | use FireflyIII\Http\Requests\EmailFormRequest; | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | use FireflyIII\Http\Requests\ProfileFormRequest; | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  | use FireflyIII\Http\Requests\TokenFormRequest; | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | use FireflyIII\Models\Preference; | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  | use FireflyIII\Repositories\User\UserRepositoryInterface; | 
					
						
							| 
									
										
										
										
											2018-08-10 17:05:37 +02:00
										 |  |  | use FireflyIII\Support\Http\Controllers\CreateStuff; | 
					
						
							| 
									
										
										
										
											2018-08-09 17:46:14 +02:00
										 |  |  | use FireflyIII\Support\Http\Controllers\RequestInformation; | 
					
						
							| 
									
										
										
										
											2017-03-24 11:07:38 +01:00
										 |  |  | use FireflyIII\User; | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  | use Google2FA; | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | use Hash; | 
					
						
							| 
									
										
										
										
											2017-11-25 08:54:52 +01:00
										 |  |  | use Illuminate\Contracts\Auth\Guard; | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  | use Illuminate\Support\Collection; | 
					
						
							| 
									
										
										
										
											2018-04-02 15:17:03 +02:00
										 |  |  | use Laravel\Passport\ClientRepository; | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  | use Log; | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |  * Class ProfileController. | 
					
						
							| 
									
										
										
										
											2017-11-25 08:54:52 +01:00
										 |  |  |  * | 
					
						
							|  |  |  |  * @method Guard guard() | 
					
						
							| 
									
										
										
										
											2018-07-20 14:34:56 +02:00
										 |  |  |  * @SuppressWarnings(PHPMD.CouplingBetweenObjects) | 
					
						
							|  |  |  |  * @SuppressWarnings(PHPMD.TooManyPublicMethods) | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |  */ | 
					
						
							|  |  |  | class ProfileController extends Controller | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2018-08-10 17:05:37 +02:00
										 |  |  |     use RequestInformation, CreateStuff; | 
					
						
							| 
									
										
										
										
											2018-08-09 19:44:36 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-09 08:20:55 +01:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * ProfileController constructor. | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-01-08 18:29:47 +01:00
										 |  |  |     public function __construct() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-01-08 20:40:48 +01:00
										 |  |  |         parent::__construct(); | 
					
						
							| 
									
										
										
										
											2016-10-20 19:10:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  |         $this->middleware( | 
					
						
							|  |  |  |             function ($request, $next) { | 
					
						
							| 
									
										
										
										
											2018-07-15 09:38:49 +02:00
										 |  |  |                 app('view')->share('title', (string)trans('firefly.profile')); | 
					
						
							| 
									
										
										
										
											2017-12-16 19:46:36 +01:00
										 |  |  |                 app('view')->share('mainTitleIcon', 'fa-user'); | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |                 return $next($request); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2017-12-19 19:25:50 +01:00
										 |  |  |         $this->middleware(IsDemoUser::class)->except(['index']); | 
					
						
							|  |  |  |         $this->middleware(IsSandStormUser::class)->except('index'); | 
					
						
							| 
									
										
										
										
											2016-01-08 18:29:47 +01:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Change your email address. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function changeEmail() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $title        = auth()->user()->email; | 
					
						
							|  |  |  |         $email        = auth()->user()->email; | 
					
						
							| 
									
										
										
										
											2018-04-02 15:10:40 +02:00
										 |  |  |         $subTitle     = (string)trans('firefly.change_your_email'); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |         $subTitleIcon = 'fa-envelope'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return view('profile.change-email', compact('title', 'subTitle', 'subTitleIcon', 'email')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Change your password. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function changePassword() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  |         $title        = auth()->user()->email; | 
					
						
							| 
									
										
										
										
											2018-04-02 15:10:40 +02:00
										 |  |  |         $subTitle     = (string)trans('firefly.change_your_password'); | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  |         $subTitleIcon = 'fa-key'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return view('profile.change-password', compact('title', 'subTitle', 'subTitleIcon')); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * View that generates a 2FA code for the user. | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function code() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $domain = $this->getDomain(); | 
					
						
							|  |  |  |         $secret = Google2FA::generateSecretKey(); | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('two-factor-secret', $secret); | 
					
						
							| 
									
										
										
										
											2018-06-23 17:59:37 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |         $image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret, 200); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-30 05:21:21 +02:00
										 |  |  |         return view('profile.code', compact('image', 'secret')); | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Screen to confirm email change. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |      * @param UserRepositoryInterface $repository | 
					
						
							|  |  |  |      * @param string                  $token | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      * | 
					
						
							|  |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							| 
									
										
										
										
											2017-12-22 18:32:43 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      * @throws FireflyException | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |     public function confirmEmailChange(UserRepositoryInterface $repository, string $token) | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |     { | 
					
						
							|  |  |  |         // find preference with this token value.
 | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         /** @var Collection $set */ | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         $set  = app('preferences')->findByName('email_change_confirm_token'); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |         $user = null; | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |         Log::debug(sprintf('Found %d preferences', $set->count())); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |         /** @var Preference $preference */ | 
					
						
							|  |  |  |         foreach ($set as $preference) { | 
					
						
							|  |  |  |             if ($preference->data === $token) { | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |                 Log::debug('Found user'); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |                 $user = $preference->user; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         // update user to clear blocked and blocked_code.
 | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |         if (null === $user) { | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |             Log::debug('Found no user'); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |             throw new FireflyException('Invalid token.'); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |         Log::debug('Will unblock user.'); | 
					
						
							|  |  |  |         $repository->unblockUser($user); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // return to login.
 | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.login_with_new_email')); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return redirect(route('login')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Delete your account view. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function deleteAccount() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  |         $title        = auth()->user()->email; | 
					
						
							| 
									
										
										
										
											2018-04-02 15:10:40 +02:00
										 |  |  |         $subTitle     = (string)trans('firefly.delete_account'); | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  |         $subTitleIcon = 'fa-trash'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return view('profile.delete-account', compact('title', 'subTitle', 'subTitleIcon')); | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Delete 2FA routine. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function deleteCode() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         app('preferences')->delete('twoFactorAuthEnabled'); | 
					
						
							|  |  |  |         app('preferences')->delete('twoFactorAuthSecret'); | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.pref_two_factor_auth_disabled')); | 
					
						
							|  |  |  |         session()->flash('info', (string)trans('firefly.pref_two_factor_auth_remove_it')); | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return redirect(route('profile.index')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Enable 2FA screen. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-03-11 16:24:07 +01:00
										 |  |  |      * @param UserRepositoryInterface $repository | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function enable2FA(UserRepositoryInterface $repository) | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         /** @var User $user */ | 
					
						
							| 
									
										
										
										
											2018-07-13 15:50:42 +02:00
										 |  |  |         $user = auth()->user(); | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         if ($repository->hasRole($user, 'demo')) { | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |             return redirect(route('profile.index')); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-07-20 14:34:56 +02:00
										 |  |  |         $hasSecret = (null !== app('preferences')->get('twoFactorAuthSecret')); | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // if we don't have a valid secret yet, redirect to the code page to get one.
 | 
					
						
							| 
									
										
										
										
											2018-07-20 14:34:56 +02:00
										 |  |  |         if (!$hasSecret) { | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |             return redirect(route('profile.code')); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // If FF3 already has a secret, just set the two factor auth enabled to 1,
 | 
					
						
							|  |  |  |         // and let the user continue with the existing secret.
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         app('preferences')->set('twoFactorAuthEnabled', 1); | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return redirect(route('profile.index')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Index for profile. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  |     public function index() | 
					
						
							| 
									
										
										
										
											2015-04-28 15:26:30 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-04-02 15:17:03 +02:00
										 |  |  |         // check if client token thing exists (default one)
 | 
					
						
							| 
									
										
										
										
											2018-04-02 15:26:33 +02:00
										 |  |  |         $count = DB::table('oauth_clients') | 
					
						
							|  |  |  |                    ->where('personal_access_client', 1) | 
					
						
							|  |  |  |                    ->whereNull('user_id')->count(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->createOAuthKeys(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-08 07:59:58 +02:00
										 |  |  |         if (0 === $count) { | 
					
						
							| 
									
										
										
										
											2018-04-02 15:17:03 +02:00
										 |  |  |             /** @var ClientRepository $repository */ | 
					
						
							|  |  |  |             $repository = app(ClientRepository::class); | 
					
						
							|  |  |  |             $repository->createPersonalAccessClient(null, config('app.name') . ' Personal Access Client', 'http://localhost'); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |         $subTitle   = auth()->user()->email; | 
					
						
							|  |  |  |         $userId     = auth()->user()->id; | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         $enabled2FA = 1 === (int)app('preferences')->get('twoFactorAuthEnabled', 0)->data; | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         /** @var User $user */ | 
					
						
							|  |  |  |         $user = auth()->user(); | 
					
						
							| 
									
										
										
										
											2016-10-20 19:10:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-14 18:27:22 +02:00
										 |  |  |         // get access token or create one.
 | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         $accessToken = app('preferences')->get('access_token', null); | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |         if (null === $accessToken) { | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |             $token       = $user->generateAccessToken(); | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |             $accessToken = app('preferences')->set('access_token', $token); | 
					
						
							| 
									
										
										
										
											2017-09-14 18:27:22 +02:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-09 05:45:22 +01:00
										 |  |  |         return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA')); | 
					
						
							| 
									
										
										
										
											2015-04-22 07:54:56 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Submit the change email form. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      * @param EmailFormRequest        $request | 
					
						
							|  |  |  |      * @param UserRepositoryInterface $repository | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return $this|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         /** @var User $user */ | 
					
						
							|  |  |  |         $user     = auth()->user(); | 
					
						
							|  |  |  |         $newEmail = $request->string('email'); | 
					
						
							|  |  |  |         $oldEmail = $user->email; | 
					
						
							|  |  |  |         if ($newEmail === $user->email) { | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |             session()->flash('error', (string)trans('firefly.email_not_changed')); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |             return redirect(route('profile.change-email'))->withInput(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         $existing = $repository->findByEmail($newEmail); | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |         if (null !== $existing) { | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |             // force user logout.
 | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |             Auth::guard()->logout(); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |             $request->session()->invalidate(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |             session()->flash('success', (string)trans('firefly.email_changed')); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |             return redirect(route('index')); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // now actually update user:
 | 
					
						
							|  |  |  |         $repository->changeEmail($user, $newEmail); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // call event.
 | 
					
						
							|  |  |  |         $ipAddress = $request->ip(); | 
					
						
							|  |  |  |         event(new UserChangedEmail($user, $newEmail, $oldEmail, $ipAddress)); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // force user logout.
 | 
					
						
							|  |  |  |         Auth::guard()->logout(); | 
					
						
							|  |  |  |         $request->session()->invalidate(); | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.email_changed')); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return redirect(route('index')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Submit change password form. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-12-18 17:54:11 +01:00
										 |  |  |      * @param ProfileFormRequest      $request | 
					
						
							|  |  |  |      * @param UserRepositoryInterface $repository | 
					
						
							| 
									
										
										
										
											2015-05-03 12:58:55 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-12-18 17:54:11 +01:00
										 |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-12-18 17:54:11 +01:00
										 |  |  |     public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository) | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-03-24 11:07:38 +01:00
										 |  |  |         // the request has already validated both new passwords must be equal.
 | 
					
						
							|  |  |  |         $current = $request->get('current_password'); | 
					
						
							|  |  |  |         $new     = $request->get('new_password'); | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         /** @var User $user */ | 
					
						
							| 
									
										
										
										
											2018-07-13 15:50:42 +02:00
										 |  |  |         $user = auth()->user(); | 
					
						
							| 
									
										
										
										
											2017-01-05 10:06:46 +01:00
										 |  |  |         try { | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |             $this->validatePassword($user, $current, $new); | 
					
						
							| 
									
										
										
										
											2017-01-05 10:06:46 +01:00
										 |  |  |         } catch (ValidationException $e) { | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |             session()->flash('error', $e->getMessage()); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-06 16:27:21 +02:00
										 |  |  |             return redirect(route('profile.change-password')); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         $repository->changePassword($user, $request->get('new_password')); | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.password_changed')); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-12-05 21:58:23 +01:00
										 |  |  |         return redirect(route('profile.index')); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |     /** @noinspection PhpUnusedParameterInspection */ | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Submit 2FA for the first time. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |      * @param TokenFormRequest $request | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							| 
									
										
										
										
											2018-07-20 14:34:56 +02:00
										 |  |  |      * | 
					
						
							|  |  |  |      * @SuppressWarnings(PHPMD.UnusedFormalParameter) | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function postCode(TokenFormRequest $request) | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         app('preferences')->set('twoFactorAuthEnabled', 1); | 
					
						
							|  |  |  |         app('preferences')->set('twoFactorAuthSecret', session()->get('two-factor-secret')); | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.saved_preferences')); | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |         app('preferences')->mark(); | 
					
						
							| 
									
										
										
										
											2018-08-06 19:14:30 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-10 22:38:20 +01:00
										 |  |  |         return redirect(route('profile.index')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Submit delete account. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  |      * @param UserRepositoryInterface  $repository | 
					
						
							| 
									
										
										
										
											2015-05-03 12:58:55 +02:00
										 |  |  |      * @param DeleteAccountFormRequest $request | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  |     public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request) | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-09-16 12:15:58 +02:00
										 |  |  |         if (!Hash::check($request->get('password'), auth()->user()->password)) { | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |             session()->flash('error', (string)trans('firefly.invalid_password')); | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-06 16:27:21 +02:00
										 |  |  |             return redirect(route('profile.delete-account')); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         /** @var User $user */ | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  |         $user = auth()->user(); | 
					
						
							|  |  |  |         Log::info(sprintf('User #%d has opted to delete their account', auth()->user()->id)); | 
					
						
							|  |  |  |         // make repository delete user:
 | 
					
						
							|  |  |  |         auth()->logout(); | 
					
						
							| 
									
										
										
										
											2018-04-22 17:12:22 +02:00
										 |  |  |         session()->flush(); | 
					
						
							| 
									
										
										
										
											2016-12-12 15:24:47 +01:00
										 |  |  |         $repository->destroy($user); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-06 16:27:21 +02:00
										 |  |  |         return redirect(route('index')); | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2015-05-03 09:19:14 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-14 18:27:22 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Regenerate access token. | 
					
						
							| 
									
										
										
										
											2018-08-06 19:14:30 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							| 
									
										
										
										
											2017-09-14 18:27:22 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2017-11-15 10:52:29 +01:00
										 |  |  |     public function regenerate() | 
					
						
							| 
									
										
										
										
											2017-09-14 18:27:22 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         /** @var User $user */ | 
					
						
							| 
									
										
										
										
											2018-07-13 15:50:42 +02:00
										 |  |  |         $user  = auth()->user(); | 
					
						
							| 
									
										
										
										
											2018-07-09 19:24:08 +02:00
										 |  |  |         $token = $user->generateAccessToken(); | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         app('preferences')->set('access_token', $token); | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.token_regenerated')); | 
					
						
							| 
									
										
										
										
											2017-09-14 18:27:22 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return redirect(route('profile.index')); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-04-09 07:44:22 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Undo change of user email address. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-12-17 14:30:53 +01:00
										 |  |  |      * @param UserRepositoryInterface $repository | 
					
						
							|  |  |  |      * @param string                  $token | 
					
						
							|  |  |  |      * @param string                  $hash | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-11-18 05:46:19 +01:00
										 |  |  |      * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector | 
					
						
							| 
									
										
										
										
											2017-11-18 16:30:45 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      * @throws FireflyException | 
					
						
							| 
									
										
										
										
											2018-07-20 14:34:56 +02:00
										 |  |  |      * | 
					
						
							|  |  |  |      * @SuppressWarnings(PHPMD.CyclomaticComplexity) | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |     public function undoEmailChange(UserRepositoryInterface $repository, string $token, string $hash) | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |     { | 
					
						
							|  |  |  |         // find preference with this token value.
 | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         $set  = app('preferences')->findByName('email_change_undo_token'); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |         $user = null; | 
					
						
							|  |  |  |         /** @var Preference $preference */ | 
					
						
							|  |  |  |         foreach ($set as $preference) { | 
					
						
							|  |  |  |             if ($preference->data === $token) { | 
					
						
							|  |  |  |                 $user = $preference->user; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |         if (null === $user) { | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |             throw new FireflyException('Invalid token.'); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-20 14:34:56 +02:00
										 |  |  |         // found user.which email address to return to?
 | 
					
						
							| 
									
										
										
										
											2018-07-14 16:08:34 +02:00
										 |  |  |         $set = app('preferences')->beginsWith($user, 'previous_email_'); | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |         /** @var string $match */ | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |         $match = null; | 
					
						
							|  |  |  |         foreach ($set as $entry) { | 
					
						
							|  |  |  |             $hashed = hash('sha256', $entry->data); | 
					
						
							|  |  |  |             if ($hashed === $hash) { | 
					
						
							|  |  |  |                 $match = $entry->data; | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |         if (null === $match) { | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  |             throw new FireflyException('Invalid token.'); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         // change user back
 | 
					
						
							| 
									
										
										
										
											2017-12-17 14:06:14 +01:00
										 |  |  |         // now actually update user:
 | 
					
						
							|  |  |  |         $repository->changeEmail($user, $match); | 
					
						
							|  |  |  |         $repository->unblockUser($user); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // return to login.
 | 
					
						
							| 
									
										
										
										
											2018-04-22 17:10:11 +02:00
										 |  |  |         session()->flash('success', (string)trans('firefly.login_with_old_email')); | 
					
						
							| 
									
										
										
										
											2017-09-26 08:52:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return redirect(route('login')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-02 15:26:33 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-02-25 21:19:06 +01:00
										 |  |  | } |