| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  | /** | 
					
						
							|  |  |  |  * AuthController.php | 
					
						
							|  |  |  |  * Copyright (C) 2016 thegrumpydictator@gmail.com | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This software may be modified and distributed under the terms | 
					
						
							|  |  |  |  * of the MIT license.  See the LICENSE file for details. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-02-05 12:08:25 +01:00
										 |  |  | declare(strict_types = 1); | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | namespace FireflyIII\Http\Controllers\Auth; | 
					
						
							| 
									
										
										
										
											2015-02-06 04:39:52 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-11 21:19:40 +02:00
										 |  |  | use Auth; | 
					
						
							| 
									
										
										
										
											2016-09-01 18:31:39 +02:00
										 |  |  | use Config; | 
					
						
							| 
									
										
										
										
											2016-03-28 19:50:24 +02:00
										 |  |  | use FireflyIII\Events\UserRegistration; | 
					
						
							| 
									
										
										
										
											2016-02-17 15:52:46 +01:00
										 |  |  | use FireflyIII\Exceptions\FireflyException; | 
					
						
							| 
									
										
										
										
											2015-02-06 04:52:16 +01:00
										 |  |  | use FireflyIII\Http\Controllers\Controller; | 
					
						
							| 
									
										
										
										
											2016-07-24 18:51:39 +02:00
										 |  |  | use FireflyIII\Support\Facades\FireflyConfig; | 
					
						
							| 
									
										
										
										
											2015-05-27 07:27:05 +02:00
										 |  |  | use FireflyIII\User; | 
					
						
							| 
									
										
										
										
											2015-02-06 04:39:52 +01:00
										 |  |  | use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers; | 
					
						
							| 
									
										
										
										
											2015-07-14 22:48:34 +02:00
										 |  |  | use Illuminate\Foundation\Auth\ThrottlesLogins; | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  | use Illuminate\Http\Request; | 
					
						
							| 
									
										
										
										
											2015-03-29 07:43:20 +02:00
										 |  |  | use Illuminate\Mail\Message; | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  | use Illuminate\Support\Facades\Lang; | 
					
						
							| 
									
										
										
										
											2015-12-18 07:31:36 +01:00
										 |  |  | use Log; | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  | use Mail; | 
					
						
							|  |  |  | use Session; | 
					
						
							| 
									
										
										
										
											2016-03-18 20:29:51 +01:00
										 |  |  | use Swift_TransportException; | 
					
						
							| 
									
										
										
										
											2015-06-11 21:19:40 +02:00
										 |  |  | use Validator; | 
					
						
							| 
									
										
										
										
											2015-02-06 04:39:52 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-09 08:20:55 +01:00
										 |  |  | /** | 
					
						
							|  |  |  |  * Class AuthController | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @package FireflyIII\Http\Controllers\Auth | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2015-02-07 22:50:47 +01:00
										 |  |  | class AuthController extends Controller | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2015-07-14 22:48:34 +02:00
										 |  |  |     use AuthenticatesAndRegistersUsers, ThrottlesLogins; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-11-01 08:03:41 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  |      * Where to redirect users after login / registration. | 
					
						
							| 
									
										
										
										
											2015-11-01 08:03:41 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  |      * @var string | 
					
						
							| 
									
										
										
										
											2015-11-01 08:03:41 +01:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  |     protected $redirectTo = '/home'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Create a new authentication controller instance. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function __construct() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->middleware('guest', ['except' => 'logout']); | 
					
						
							| 
									
										
										
										
											2016-01-09 08:20:55 +01:00
										 |  |  |         parent::__construct(); | 
					
						
							| 
									
										
										
										
											2015-11-01 08:03:41 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Handle a registration request for the application. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  |      * @param  \Illuminate\Http\Request $request | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  |      * @return \Illuminate\Http\Response | 
					
						
							| 
									
										
										
										
											2016-02-17 21:14:32 +01:00
										 |  |  |      * @throws FireflyException | 
					
						
							|  |  |  |      * @throws \Illuminate\Foundation\Validation\ValidationException | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-03-28 19:50:24 +02:00
										 |  |  |     public function register(Request $request) | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-09-01 18:31:39 +02:00
										 |  |  |         // is allowed to?
 | 
					
						
							| 
									
										
										
										
											2016-09-01 19:01:08 +02:00
										 |  |  |         $singleUserMode    = FireflyConfig::get('single_user_mode', Config::get('firefly.configuration.single_user_mode'))->data; | 
					
						
							|  |  |  |         $userCount         = User::count(); | 
					
						
							|  |  |  |         if ($singleUserMode === true && $userCount > 0) { | 
					
						
							| 
									
										
										
										
											2016-09-01 18:31:39 +02:00
										 |  |  |             $message = 'Registration is currently not available.'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return view('error', compact('message')); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-11 21:19:40 +02:00
										 |  |  |         $validator = $this->validator($request->all()); | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if ($validator->fails()) { | 
					
						
							|  |  |  |             $this->throwValidationException( | 
					
						
							|  |  |  |                 $request, $validator | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2015-12-03 11:17:48 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-03-29 21:27:51 +02:00
										 |  |  |         $data             = $request->all(); | 
					
						
							| 
									
										
										
										
											2015-03-25 22:29:32 +01:00
										 |  |  |         $data['password'] = bcrypt($data['password']); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-03 11:17:48 +01:00
										 |  |  |         // is user email domain blocked?
 | 
					
						
							| 
									
										
										
										
											2015-12-18 07:31:36 +01:00
										 |  |  |         if ($this->isBlockedDomain($data['email'])) { | 
					
						
							| 
									
										
										
										
											2016-01-27 18:31:44 +01:00
										 |  |  |             $validator->getMessageBag()->add('email', (string)trans('validation.invalid_domain')); | 
					
						
							| 
									
										
										
										
											2016-03-18 20:29:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |             $this->reportBlockedDomainRegistrationAttempt($data['email'], $request->ip()); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-03 11:17:48 +01:00
										 |  |  |             $this->throwValidationException( | 
					
						
							|  |  |  |                 $request, $validator | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-08 16:01:21 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-28 19:50:24 +02:00
										 |  |  |         $user = $this->create($request->all()); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // trigger user registration event:
 | 
					
						
							|  |  |  |         event(new UserRegistration($user, $request->ip())); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         Auth::login($user); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         Session::flash('success', strval(trans('firefly.registered'))); | 
					
						
							|  |  |  |         Session::flash('gaEventCategory', 'user'); | 
					
						
							|  |  |  |         Session::flash('gaEventAction', 'new-registration'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return redirect($this->redirectPath()); | 
					
						
							| 
									
										
										
										
											2015-03-03 09:29:02 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-19 18:10:07 +01:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Show the application registration form. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return \Illuminate\Http\Response | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function showRegistrationForm() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-04-29 11:34:48 +02:00
										 |  |  |         $showDemoWarning = env('SHOW_DEMO_WARNING', false); | 
					
						
							| 
									
										
										
										
											2016-01-19 18:10:07 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-01 18:31:39 +02:00
										 |  |  |         // is allowed to?
 | 
					
						
							| 
									
										
										
										
											2016-09-01 19:01:08 +02:00
										 |  |  |         $singleUserMode    = FireflyConfig::get('single_user_mode', Config::get('firefly.configuration.single_user_mode'))->data; | 
					
						
							|  |  |  |         $userCount         = User::count(); | 
					
						
							|  |  |  |         if ($singleUserMode === true && $userCount > 0) { | 
					
						
							| 
									
										
										
										
											2016-09-01 18:31:39 +02:00
										 |  |  |             $message = 'Registration is currently not available.'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return view('error', compact('message')); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-04-29 11:34:48 +02:00
										 |  |  |         return view('auth.register', compact('showDemoWarning')); | 
					
						
							| 
									
										
										
										
											2016-01-19 18:10:07 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Create a new user instance after a valid registration. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param  array $data | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return User | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function create(array $data) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return User::create( | 
					
						
							|  |  |  |             [ | 
					
						
							|  |  |  |                 'email'    => $data['email'], | 
					
						
							|  |  |  |                 'password' => bcrypt($data['password']), | 
					
						
							|  |  |  |             ] | 
					
						
							|  |  |  |         ); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-18 07:31:36 +01:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * @return array | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2015-12-18 16:38:50 +01:00
										 |  |  |     protected function getBlockedDomains() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-08-05 19:29:44 +02:00
										 |  |  |         return FireflyConfig::get('blocked-domains', [])->data; | 
					
						
							| 
									
										
										
										
											2015-12-18 07:31:36 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-28 07:55:09 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2016-02-05 09:25:15 +01:00
										 |  |  |      * @param string $email | 
					
						
							| 
									
										
										
										
											2015-12-28 07:55:09 +01:00
										 |  |  |      * | 
					
						
							|  |  |  |      * @return bool | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-02-05 09:25:15 +01:00
										 |  |  |     protected function isBlockedDomain(string $email) | 
					
						
							| 
									
										
										
										
											2015-12-18 07:31:36 +01:00
										 |  |  |     { | 
					
						
							|  |  |  |         $parts   = explode('@', $email); | 
					
						
							|  |  |  |         $blocked = $this->getBlockedDomains(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (isset($parts[1]) && in_array($parts[1], $blocked)) { | 
					
						
							|  |  |  |             return true; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2015-12-18 16:38:50 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-18 07:31:36 +01:00
										 |  |  |         return false; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-01-19 18:10:07 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-16 07:22:57 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-19 18:10:07 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Get a validator for an incoming registration request. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param  array $data | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return \Illuminate\Contracts\Validation\Validator | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function validator(array $data) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return Validator::make( | 
					
						
							|  |  |  |             $data, [ | 
					
						
							|  |  |  |                      'email'    => 'required|email|max:255|unique:users', | 
					
						
							|  |  |  |                      'password' => 'required|confirmed|min:6', | 
					
						
							|  |  |  |                  ] | 
					
						
							|  |  |  |         ); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-03-18 20:29:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Send a message home about a blocked domain and the address attempted to register. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param string $registrationMail | 
					
						
							|  |  |  |      * @param string $ipAddress | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     private function reportBlockedDomainRegistrationAttempt(string $registrationMail, string $ipAddress) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |             $email  = env('SITE_OWNER', false); | 
					
						
							|  |  |  |             $parts  = explode('@', $registrationMail); | 
					
						
							|  |  |  |             $domain = $parts[1]; | 
					
						
							|  |  |  |             $fields = [ | 
					
						
							|  |  |  |                 'email_address'  => $registrationMail, | 
					
						
							|  |  |  |                 'blocked_domain' => $domain, | 
					
						
							|  |  |  |                 'ip'             => $ipAddress, | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             Mail::send( | 
					
						
							|  |  |  |                 ['emails.blocked-registration-html', 'emails.blocked-registration'], $fields, function (Message $message) use ($email, $domain) { | 
					
						
							|  |  |  |                 $message->to($email, $email)->subject('Blocked a registration attempt with domain ' . $domain . '.'); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |         } catch (Swift_TransportException $e) { | 
					
						
							|  |  |  |             Log::error($e->getMessage()); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2015-02-06 04:39:52 +01:00
										 |  |  | } |