2016-10-22 09:31:27 +02:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* UserEventHandler.php
|
2020-01-28 08:45:38 +01:00
|
|
|
* Copyright (c) 2019 james@firefly-iii.org
|
2016-10-22 09:31:27 +02:00
|
|
|
*
|
2019-10-02 06:37:26 +02:00
|
|
|
* This file is part of Firefly III (https://github.com/firefly-iii).
|
2016-10-22 09:31:27 +02:00
|
|
|
*
|
2019-10-02 06:37:26 +02:00
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
|
* License, or (at your option) any later version.
|
2017-10-21 08:40:00 +02:00
|
|
|
*
|
2019-10-02 06:37:26 +02:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
2017-10-21 08:40:00 +02:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2019-10-02 06:37:26 +02:00
|
|
|
* GNU Affero General Public License for more details.
|
2017-10-21 08:40:00 +02:00
|
|
|
*
|
2019-10-02 06:37:26 +02:00
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2016-10-22 09:31:27 +02:00
|
|
|
*/
|
2018-07-07 07:48:10 +02:00
|
|
|
/** @noinspection NullPointerExceptionInspection */
|
2017-04-09 07:44:22 +02:00
|
|
|
declare(strict_types=1);
|
2016-10-22 09:31:27 +02:00
|
|
|
|
|
|
|
|
namespace FireflyIII\Handlers\Events;
|
|
|
|
|
|
2020-08-28 21:58:03 +02:00
|
|
|
use Carbon\Carbon;
|
2018-04-02 14:42:07 +02:00
|
|
|
use Exception;
|
2020-08-28 21:58:03 +02:00
|
|
|
use FireflyIII\Events\DetectedNewIPAddress;
|
2016-10-22 09:31:27 +02:00
|
|
|
use FireflyIII\Events\RegisteredUser;
|
2016-11-22 21:21:11 +01:00
|
|
|
use FireflyIII\Events\RequestedNewPassword;
|
2017-09-26 08:52:16 +02:00
|
|
|
use FireflyIII\Events\UserChangedEmail;
|
|
|
|
|
use FireflyIII\Mail\ConfirmEmailChangeMail;
|
2020-08-28 21:58:03 +02:00
|
|
|
use FireflyIII\Mail\NewIPAddressWarningMail;
|
2017-04-27 08:03:15 +02:00
|
|
|
use FireflyIII\Mail\RegisteredUser as RegisteredUserMail;
|
2017-04-27 08:26:58 +02:00
|
|
|
use FireflyIII\Mail\RequestedNewPassword as RequestedNewPasswordMail;
|
2017-09-26 08:52:16 +02:00
|
|
|
use FireflyIII\Mail\UndoEmailChangeMail;
|
2016-10-22 09:31:27 +02:00
|
|
|
use FireflyIII\Repositories\User\UserRepositoryInterface;
|
2017-12-05 20:50:04 +01:00
|
|
|
use FireflyIII\User;
|
|
|
|
|
use Illuminate\Auth\Events\Login;
|
2016-10-22 09:31:27 +02:00
|
|
|
use Log;
|
|
|
|
|
use Mail;
|
|
|
|
|
|
|
|
|
|
/**
|
2017-11-15 12:25:49 +01:00
|
|
|
* Class UserEventHandler.
|
2016-10-22 09:31:27 +02:00
|
|
|
*
|
|
|
|
|
* This class responds to any events that have anything to do with the User object.
|
|
|
|
|
*
|
|
|
|
|
* The method name reflects what is being done. This is in the present tense.
|
|
|
|
|
*/
|
|
|
|
|
class UserEventHandler
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* This method will bestow upon a user the "owner" role if he is the first user in the system.
|
|
|
|
|
*
|
|
|
|
|
* @param RegisteredUser $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function attachUserRole(RegisteredUser $event): bool
|
|
|
|
|
{
|
|
|
|
|
/** @var UserRepositoryInterface $repository */
|
|
|
|
|
$repository = app(UserRepositoryInterface::class);
|
|
|
|
|
|
|
|
|
|
// first user ever?
|
2017-11-15 12:25:49 +01:00
|
|
|
if (1 === $repository->count()) {
|
2018-08-28 21:48:10 +02:00
|
|
|
Log::debug('User count is one, attach role.');
|
2016-10-22 09:31:27 +02:00
|
|
|
$repository->attachRole($event->user, 'owner');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-05 20:50:04 +01:00
|
|
|
/**
|
2018-07-07 07:48:10 +02:00
|
|
|
* Fires to see if a user is admin.
|
|
|
|
|
*
|
2017-12-05 20:50:04 +01:00
|
|
|
* @param Login $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function checkSingleUserIsAdmin(Login $event): bool
|
|
|
|
|
{
|
2018-01-21 18:06:57 +01:00
|
|
|
/** @var UserRepositoryInterface $repository */
|
|
|
|
|
$repository = app(UserRepositoryInterface::class);
|
2017-12-05 20:50:04 +01:00
|
|
|
|
2017-12-29 09:05:35 +01:00
|
|
|
/** @var User $user */
|
2017-12-05 20:50:04 +01:00
|
|
|
$user = $event->user;
|
2018-01-21 18:06:57 +01:00
|
|
|
$count = $repository->count();
|
2017-12-05 20:50:04 +01:00
|
|
|
|
2018-07-07 07:48:10 +02:00
|
|
|
// only act when there is 1 user in the system and he has no admin rights.
|
|
|
|
|
if (1 === $count && !$repository->hasRole($user, 'owner')) {
|
|
|
|
|
// user is the only user but does not have role "owner".
|
|
|
|
|
$role = $repository->getRole('owner');
|
|
|
|
|
if (null === $role) {
|
|
|
|
|
// create role, does not exist. Very strange situation so let's raise a big fuss about it.
|
|
|
|
|
$role = $repository->createRole('owner', 'Site Owner', 'User runs this instance of FF3');
|
|
|
|
|
Log::error('Could not find role "owner". This is weird.');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Log::info(sprintf('Gave user #%d role #%d ("%s")', $user->id, $role->id, $role->name));
|
|
|
|
|
// give user the role
|
|
|
|
|
$repository->attachRole($user, 'owner');
|
2017-12-05 20:50:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-12 21:41:58 +02:00
|
|
|
/**
|
2018-07-07 07:48:10 +02:00
|
|
|
* Set the demo user back to English.
|
|
|
|
|
*
|
2018-06-12 21:41:58 +02:00
|
|
|
* @param Login $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
2018-06-25 16:01:45 +02:00
|
|
|
public function demoUserBackToEnglish(Login $event): bool
|
2018-06-12 21:41:58 +02:00
|
|
|
{
|
|
|
|
|
/** @var UserRepositoryInterface $repository */
|
|
|
|
|
$repository = app(UserRepositoryInterface::class);
|
|
|
|
|
|
|
|
|
|
/** @var User $user */
|
|
|
|
|
$user = $event->user;
|
|
|
|
|
if ($repository->hasRole($user, 'demo')) {
|
|
|
|
|
// set user back to English.
|
|
|
|
|
app('preferences')->setForUser($user, 'language', 'en_US');
|
2020-05-18 21:17:59 +02:00
|
|
|
app('preferences')->setForUser($user, 'locale', 'equal');
|
2018-06-12 21:41:58 +02:00
|
|
|
app('preferences')->mark();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-28 21:58:03 +02:00
|
|
|
/**
|
|
|
|
|
* @param DetectedNewIPAddress $event
|
|
|
|
|
*/
|
|
|
|
|
public function notifyNewIPAddress(DetectedNewIPAddress $event): void
|
|
|
|
|
{
|
|
|
|
|
$user = $event->user;
|
|
|
|
|
$email = $user->email;
|
|
|
|
|
$ipAddress = $event->ipAddress;
|
2020-11-02 06:20:49 +01:00
|
|
|
|
2021-03-21 09:15:40 +01:00
|
|
|
if ($user->hasRole('demo')) {
|
2020-11-02 06:20:49 +01:00
|
|
|
return; // do not email demo user.
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-21 09:15:40 +01:00
|
|
|
$list = app('preferences')->getForUser($user, 'login_ip_history', [])->data;
|
2020-08-28 21:58:03 +02:00
|
|
|
|
2020-10-03 07:03:41 +02:00
|
|
|
// see if user has alternative email address:
|
|
|
|
|
$pref = app('preferences')->getForUser($user, 'remote_guard_alt_email', null);
|
|
|
|
|
if (null !== $pref) {
|
|
|
|
|
$email = $pref->data;
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-28 21:58:03 +02:00
|
|
|
/** @var array $entry */
|
|
|
|
|
foreach ($list as $index => $entry) {
|
|
|
|
|
if (false === $entry['notified']) {
|
|
|
|
|
try {
|
|
|
|
|
Mail::to($email)->send(new NewIPAddressWarningMail($ipAddress));
|
|
|
|
|
// @codeCoverageIgnoreStart
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
Log::error($e->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$list[$index]['notified'] = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
app('preferences')->setForUser($user, 'login_ip_history', $list);
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-26 08:52:16 +02:00
|
|
|
/**
|
2018-07-07 07:48:10 +02:00
|
|
|
* Send email to confirm email change.
|
|
|
|
|
*
|
2017-09-26 08:52:16 +02:00
|
|
|
* @param UserChangedEmail $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function sendEmailChangeConfirmMail(UserChangedEmail $event): bool
|
|
|
|
|
{
|
|
|
|
|
$newEmail = $event->newEmail;
|
|
|
|
|
$oldEmail = $event->oldEmail;
|
|
|
|
|
$user = $event->user;
|
|
|
|
|
$ipAddress = $event->ipAddress;
|
2018-07-15 09:27:38 +02:00
|
|
|
$token = app('preferences')->getForUser($user, 'email_change_confirm_token', 'invalid');
|
2017-09-26 08:52:16 +02:00
|
|
|
$uri = route('profile.confirm-email-change', [$token->data]);
|
|
|
|
|
try {
|
|
|
|
|
Mail::to($newEmail)->send(new ConfirmEmailChangeMail($newEmail, $oldEmail, $uri, $ipAddress));
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreStart
|
2018-04-02 14:42:07 +02:00
|
|
|
} catch (Exception $e) {
|
2017-09-26 08:52:16 +02:00
|
|
|
Log::error($e->getMessage());
|
|
|
|
|
}
|
2019-02-13 17:38:41 +01:00
|
|
|
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreEnd
|
2017-09-26 08:52:16 +02:00
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2018-07-07 07:48:10 +02:00
|
|
|
* Send email to be able to undo email change.
|
|
|
|
|
*
|
2017-09-26 08:52:16 +02:00
|
|
|
* @param UserChangedEmail $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function sendEmailChangeUndoMail(UserChangedEmail $event): bool
|
|
|
|
|
{
|
|
|
|
|
$newEmail = $event->newEmail;
|
|
|
|
|
$oldEmail = $event->oldEmail;
|
|
|
|
|
$user = $event->user;
|
|
|
|
|
$ipAddress = $event->ipAddress;
|
2018-07-15 09:27:38 +02:00
|
|
|
$token = app('preferences')->getForUser($user, 'email_change_undo_token', 'invalid');
|
2021-03-21 09:15:40 +01:00
|
|
|
$hashed = hash('sha256', sprintf('%s%s', (string)config('app.key'), $oldEmail));
|
2020-08-28 21:58:03 +02:00
|
|
|
$uri = route('profile.undo-email-change', [$token->data, $hashed]);
|
2017-09-26 08:52:16 +02:00
|
|
|
try {
|
|
|
|
|
Mail::to($oldEmail)->send(new UndoEmailChangeMail($newEmail, $oldEmail, $uri, $ipAddress));
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreStart
|
2018-04-02 14:42:07 +02:00
|
|
|
} catch (Exception $e) {
|
2017-09-26 08:52:16 +02:00
|
|
|
Log::error($e->getMessage());
|
|
|
|
|
}
|
2019-02-13 17:38:41 +01:00
|
|
|
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreEnd
|
2017-09-26 08:52:16 +02:00
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-22 21:21:11 +01:00
|
|
|
/**
|
2018-07-07 07:48:10 +02:00
|
|
|
* Send a new password to the user.
|
|
|
|
|
*
|
2016-11-22 21:21:11 +01:00
|
|
|
* @param RequestedNewPassword $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function sendNewPassword(RequestedNewPassword $event): bool
|
|
|
|
|
{
|
|
|
|
|
$email = $event->user->email;
|
|
|
|
|
$ipAddress = $event->ipAddress;
|
|
|
|
|
$token = $event->token;
|
|
|
|
|
|
|
|
|
|
$url = route('password.reset', [$token]);
|
|
|
|
|
|
|
|
|
|
// send email.
|
|
|
|
|
try {
|
2017-04-27 08:26:58 +02:00
|
|
|
Mail::to($email)->send(new RequestedNewPasswordMail($url, $ipAddress));
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreStart
|
2018-04-02 14:42:07 +02:00
|
|
|
} catch (Exception $e) {
|
2016-11-22 21:21:11 +01:00
|
|
|
Log::error($e->getMessage());
|
|
|
|
|
}
|
2019-02-13 17:38:41 +01:00
|
|
|
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreEnd
|
2017-06-05 11:12:50 +02:00
|
|
|
|
2016-11-22 21:21:11 +01:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-22 09:31:27 +02:00
|
|
|
/**
|
|
|
|
|
* This method will send the user a registration mail, welcoming him or her to Firefly III.
|
|
|
|
|
* This message is only sent when the configuration of Firefly III says so.
|
|
|
|
|
*
|
|
|
|
|
* @param RegisteredUser $event
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
2018-07-07 07:48:10 +02:00
|
|
|
public function sendRegistrationMail(RegisteredUser $event): bool
|
2016-10-22 09:31:27 +02:00
|
|
|
{
|
2018-12-15 07:59:02 +01:00
|
|
|
$sendMail = config('firefly.send_registration_mail');
|
2018-07-07 07:48:10 +02:00
|
|
|
if ($sendMail) {
|
|
|
|
|
// get the email address
|
|
|
|
|
$email = $event->user->email;
|
|
|
|
|
$uri = route('index');
|
|
|
|
|
$ipAddress = $event->ipAddress;
|
|
|
|
|
|
2020-10-03 07:03:41 +02:00
|
|
|
// see if user has alternative email address:
|
|
|
|
|
$pref = app('preferences')->getForUser($event->user, 'remote_guard_alt_email', null);
|
|
|
|
|
if (null !== $pref) {
|
|
|
|
|
$email = $pref->data;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-07 07:48:10 +02:00
|
|
|
// send email.
|
|
|
|
|
try {
|
|
|
|
|
Mail::to($email)->send(new RegisteredUserMail($uri, $ipAddress));
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreStart
|
2018-07-07 07:48:10 +02:00
|
|
|
} catch (Exception $e) {
|
|
|
|
|
Log::error($e->getMessage());
|
|
|
|
|
}
|
2018-08-24 21:14:17 +02:00
|
|
|
// @codeCoverageIgnoreEnd
|
2016-10-22 09:31:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2021-03-21 09:15:40 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param Login $event
|
|
|
|
|
*/
|
|
|
|
|
public function storeUserIPAddress(Login $event): void
|
|
|
|
|
{
|
|
|
|
|
/** @var User $user */
|
|
|
|
|
$user = $event->user;
|
|
|
|
|
/** @var array $preference */
|
|
|
|
|
$preference = app('preferences')->getForUser($user, 'login_ip_history', [])->data;
|
|
|
|
|
$inArray = false;
|
|
|
|
|
$ip = request()->ip();
|
|
|
|
|
Log::debug(sprintf('User logging in from IP address %s', $ip));
|
|
|
|
|
|
|
|
|
|
// update array if in array
|
|
|
|
|
foreach ($preference as $index => $row) {
|
|
|
|
|
if ($row['ip'] === $ip) {
|
|
|
|
|
Log::debug('Found IP in array, refresh time.');
|
|
|
|
|
$preference[$index]['time'] = now(config('app.timezone'))->format('Y-m-d H:i:s');
|
|
|
|
|
$inArray = true;
|
|
|
|
|
}
|
|
|
|
|
// clean up old entries (6 months)
|
|
|
|
|
$carbon = Carbon::createFromFormat('Y-m-d H:i:s', $preference[$index]['time']);
|
|
|
|
|
if ($carbon->diffInMonths(today()) > 6) {
|
|
|
|
|
Log::debug(sprintf('Entry for %s is very old, remove it.', $row['ip']));
|
|
|
|
|
unset($preference[$index]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// add to array if not the case:
|
|
|
|
|
if (false === $inArray) {
|
|
|
|
|
$preference[] = [
|
|
|
|
|
'ip' => $ip,
|
|
|
|
|
'time' => now(config('app.timezone'))->format('Y-m-d H:i:s'),
|
|
|
|
|
'notified' => false,
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
$preference = array_values($preference);
|
|
|
|
|
app('preferences')->setForUser($user, 'login_ip_history', $preference);
|
|
|
|
|
|
|
|
|
|
if (false === $inArray && true === config('firefly.warn_new_ip')) {
|
|
|
|
|
event(new DetectedNewIPAddress($user, $ip));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
2016-10-23 12:42:44 +02:00
|
|
|
}
|
