mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-10-31 02:36:28 +00:00
New code for email address change in profile. See #857
This commit is contained in:
James Cole
@@ -14,6 +14,7 @@ declare(strict_types=1);
|
||||
namespace FireflyIII\Http\Controllers\Auth;
|
||||
|
||||
use FireflyConfig;
|
||||
use FireflyIII\Events\UserChangedEmail;
|
||||
use FireflyIII\Http\Controllers\Controller;
|
||||
use FireflyIII\User;
|
||||
use Illuminate\Cookie\CookieJar;
|
||||
|
||||
@@ -13,10 +13,15 @@ declare(strict_types=1);
|
||||
|
||||
namespace FireflyIII\Http\Controllers;
|
||||
|
||||
use Auth;
|
||||
use FireflyIII\Events\UserChangedEmail;
|
||||
use FireflyIII\Exceptions\FireflyException;
|
||||
use FireflyIII\Exceptions\ValidationException;
|
||||
use FireflyIII\Http\Middleware\IsLimitedUser;
|
||||
use FireflyIII\Http\Requests\DeleteAccountFormRequest;
|
||||
use FireflyIII\Http\Requests\EmailFormRequest;
|
||||
use FireflyIII\Http\Requests\ProfileFormRequest;
|
||||
use FireflyIII\Models\Preference;
|
||||
use FireflyIII\Repositories\User\UserRepositoryInterface;
|
||||
use FireflyIII\User;
|
||||
use Hash;
|
||||
@@ -48,10 +53,23 @@ class ProfileController extends Controller
|
||||
return $next($request);
|
||||
}
|
||||
);
|
||||
$this->middleware(IsLimitedUser::class);
|
||||
$this->middleware(IsLimitedUser::class)->except(['confirmEmailChange', 'undoEmailChange']);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @return View
|
||||
*/
|
||||
public function changeEmail()
|
||||
{
|
||||
$title = auth()->user()->email;
|
||||
$email = auth()->user()->email;
|
||||
$subTitle = strval(trans('firefly.change_your_email'));
|
||||
$subTitleIcon = 'fa-envelope';
|
||||
|
||||
return view('profile.change-email', compact('title', 'subTitle', 'subTitleIcon', 'email'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return View
|
||||
*/
|
||||
@@ -64,6 +82,37 @@ class ProfileController extends Controller
|
||||
return view('profile.change-password', compact('title', 'subTitle', 'subTitleIcon'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $token
|
||||
*
|
||||
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
||||
* @throws FireflyException
|
||||
*/
|
||||
public function confirmEmailChange(string $token)
|
||||
{
|
||||
// find preference with this token value.
|
||||
$set = Preferences::findByName('email_change_confirm_token');
|
||||
$user = null;
|
||||
/** @var Preference $preference */
|
||||
foreach ($set as $preference) {
|
||||
if ($preference->data === $token) {
|
||||
$user = $preference->user;
|
||||
}
|
||||
}
|
||||
// update user to clear blocked and blocked_code.
|
||||
if (is_null($user)) {
|
||||
throw new FireflyException('Invalid token.');
|
||||
}
|
||||
$user->blocked = 0;
|
||||
$user->blocked_code = '';
|
||||
$user->save();
|
||||
|
||||
// return to login.
|
||||
Session::flash('success', strval(trans('firefly.login_with_new_email')));
|
||||
|
||||
return redirect(route('login'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return View
|
||||
*/
|
||||
@@ -95,6 +144,49 @@ class ProfileController extends Controller
|
||||
return view('profile.index', compact('subTitle', 'userId', 'accessToken'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param EmailFormRequest $request
|
||||
* @param UserRepositoryInterface $repository
|
||||
*
|
||||
* @return $this|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
||||
*/
|
||||
public function postChangeEmail(EmailFormRequest $request, UserRepositoryInterface $repository)
|
||||
{
|
||||
/** @var User $user */
|
||||
$user = auth()->user();
|
||||
$newEmail = $request->string('email');
|
||||
$oldEmail = $user->email;
|
||||
if ($newEmail === $user->email) {
|
||||
Session::flash('error', strval(trans('firefly.email_not_changed')));
|
||||
|
||||
return redirect(route('profile.change-email'))->withInput();
|
||||
}
|
||||
$existing = $repository->findByEmail($newEmail);
|
||||
if (!is_null($existing)) {
|
||||
// force user logout.
|
||||
$this->guard()->logout();
|
||||
$request->session()->invalidate();
|
||||
|
||||
Session::flash('success', strval(trans('firefly.email_changed')));
|
||||
|
||||
return redirect(route('index'));
|
||||
}
|
||||
|
||||
// now actually update user:
|
||||
$repository->changeEmail($user, $newEmail);
|
||||
|
||||
// call event.
|
||||
$ipAddress = $request->ip();
|
||||
event(new UserChangedEmail($user, $newEmail, $oldEmail, $ipAddress));
|
||||
|
||||
// force user logout.
|
||||
Auth::guard()->logout();
|
||||
$request->session()->invalidate();
|
||||
Session::flash('success', strval(trans('firefly.email_changed')));
|
||||
|
||||
return redirect(route('index'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ProfileFormRequest $request
|
||||
* @param UserRepositoryInterface $repository
|
||||
@@ -160,6 +252,53 @@ class ProfileController extends Controller
|
||||
return redirect(route('profile.index'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $token
|
||||
* @param string $hash
|
||||
*
|
||||
* @throws FireflyException
|
||||
*/
|
||||
public function undoEmailChange(string $token, string $hash)
|
||||
{
|
||||
// find preference with this token value.
|
||||
$set = Preferences::findByName('email_change_undo_token');
|
||||
$user = null;
|
||||
/** @var Preference $preference */
|
||||
foreach ($set as $preference) {
|
||||
if ($preference->data === $token) {
|
||||
$user = $preference->user;
|
||||
}
|
||||
}
|
||||
if (is_null($user)) {
|
||||
throw new FireflyException('Invalid token.');
|
||||
}
|
||||
|
||||
// found user.
|
||||
// which email address to return to?
|
||||
$set = Preferences::beginsWith($user, 'previous_email_');
|
||||
$match = null;
|
||||
foreach ($set as $entry) {
|
||||
$hashed = hash('sha256', $entry->data);
|
||||
if ($hashed === $hash) {
|
||||
$match = $entry->data;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (is_null($match)) {
|
||||
throw new FireflyException('Invalid token.');
|
||||
}
|
||||
// change user back
|
||||
$user->email = $match;
|
||||
$user->blocked = 0;
|
||||
$user->blocked_code = '';
|
||||
$user->save();
|
||||
|
||||
// return to login.
|
||||
Session::flash('success', strval(trans('firefly.login_with_old_email')));
|
||||
|
||||
return redirect(route('login'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param User $user
|
||||
* @param string $current
|
||||
|
||||
@@ -44,8 +44,13 @@ class Authenticate
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
if (intval(auth()->user()->blocked) === 1) {
|
||||
$message = strval(trans('firefly.block_account_logout'));
|
||||
if (auth()->user()->blocked_code === 'email_changed') {
|
||||
$message = strval(trans('firefly.email_changed_logout'));
|
||||
}
|
||||
|
||||
Session::flash('logoutMessage', $message);
|
||||
Auth::guard($guard)->logout();
|
||||
Session::flash('logoutMessage', trans('firefly.block_account_logout'));
|
||||
|
||||
return redirect()->guest('login');
|
||||
}
|
||||
|
||||
42
app/Http/Requests/EmailFormRequest.php
Normal file
42
app/Http/Requests/EmailFormRequest.php
Normal file
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
/**
|
||||
* EmailFormRequest.php
|
||||
* Copyright (c) 2017 thegrumpydictator@gmail.com
|
||||
* This software may be modified and distributed under the terms of the
|
||||
* Creative Commons Attribution-ShareAlike 4.0 International License.
|
||||
*
|
||||
* See the LICENSE file for details.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace FireflyIII\Http\Requests;
|
||||
|
||||
/**
|
||||
* Class EmailFormRequest
|
||||
*
|
||||
*
|
||||
* @package FireflyIII\Http\Requests
|
||||
*/
|
||||
class EmailFormRequest extends Request
|
||||
{
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
// Only allow logged in users
|
||||
return auth()->check();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
// fixed
|
||||
return [
|
||||
'email' => 'required|email',
|
||||
];
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user