firefly-iii/app/Validation/FireflyValidator.php

565 lines
16 KiB
PHP
Raw Normal View History

<?php
/**
* FireflyValidator.php
2017-10-21 01:40:00 -05:00
* Copyright (c) 2017 thegrumpydictator@gmail.com
*
2017-10-21 01:40:00 -05:00
* This file is part of Firefly III.
*
2017-10-21 01:40:00 -05:00
* Firefly III is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Firefly III is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
2017-12-17 07:44:05 -06:00
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
*/
2017-03-24 09:15:12 -05:00
declare(strict_types=1);
namespace FireflyIII\Validation;
2015-03-26 12:05:23 -05:00
use Config;
use Crypt;
use DB;
2015-03-30 13:08:27 -05:00
use FireflyIII\Models\Account;
2016-02-10 23:40:16 -06:00
use FireflyIII\Models\AccountMeta;
2015-03-26 12:05:23 -05:00
use FireflyIII\Models\AccountType;
2016-01-14 14:34:17 -06:00
use FireflyIII\Models\Budget;
2015-06-27 01:06:24 -05:00
use FireflyIII\Models\PiggyBank;
2016-01-15 02:25:32 -06:00
use FireflyIII\Models\TransactionType;
2016-01-14 14:34:17 -06:00
use FireflyIII\Repositories\Budget\BudgetRepositoryInterface;
2017-08-04 08:48:26 -05:00
use FireflyIII\Services\Password\Verifier;
2017-09-14 10:40:02 -05:00
use FireflyIII\TransactionRules\Triggers\TriggerInterface;
2015-06-05 05:18:20 -05:00
use FireflyIII\User;
2016-03-20 10:49:49 -05:00
use Google2FA;
2015-06-05 05:34:45 -05:00
use Illuminate\Contracts\Encryption\DecryptException;
2017-01-30 09:35:41 -06:00
use Illuminate\Contracts\Translation\Translator;
2015-02-11 00:35:10 -06:00
use Illuminate\Validation\Validator;
2015-02-11 00:35:10 -06:00
/**
2017-11-15 05:25:49 -06:00
* Class FireflyValidator.
2015-02-11 00:35:10 -06:00
*/
class FireflyValidator extends Validator
{
2015-05-01 11:44:49 -05:00
/**
2017-01-30 09:35:41 -06:00
* @param Translator $translator
* @param array $data
* @param array $rules
* @param array $messages
* @param array $customAttributes
2015-05-01 11:44:49 -05:00
*/
2017-01-30 09:35:41 -06:00
public function __construct(Translator $translator, array $data, array $rules, array $messages = [], array $customAttributes = [])
2015-05-01 11:44:49 -05:00
{
2015-05-17 03:10:58 -05:00
parent::__construct($translator, $data, $rules, $messages, $customAttributes);
2015-05-01 11:44:49 -05:00
}
2016-03-03 13:45:27 -06:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2016-03-03 13:45:27 -06:00
* @param $attribute
* @param $value
*
* @return bool
*/
2016-03-29 09:13:36 -05:00
public function validate2faCode($attribute, $value): bool
2016-03-03 13:45:27 -06:00
{
2017-11-15 05:25:49 -06:00
if (!is_string($value) || null === $value || 6 != strlen($value)) {
2016-03-03 13:45:27 -06:00
return false;
}
2016-03-03 13:45:27 -06:00
2017-03-25 07:41:17 -05:00
$secret = session('two-factor-secret');
return Google2FA::verifyKey($secret, $value);
2016-03-03 13:45:27 -06:00
}
2015-02-24 15:53:38 -06:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2015-02-24 15:53:38 -06:00
* @param $attribute
2016-01-20 08:23:36 -06:00
* @param $value
* @param $parameters
2015-02-24 15:53:38 -06:00
*
2016-01-14 14:34:17 -06:00
* @return bool
*/
2016-02-06 03:11:06 -06:00
public function validateBelongsToUser($attribute, $value, $parameters): bool
2016-01-14 14:34:17 -06:00
{
$field = $parameters[1] ?? 'id';
2016-01-15 02:25:32 -06:00
2017-11-15 05:25:49 -06:00
if (0 === intval($value)) {
return true;
}
2016-09-16 05:15:58 -05:00
$count = DB::table($parameters[0])->where('user_id', auth()->user()->id)->where($field, $value)->count();
2017-11-15 05:25:49 -06:00
if (1 === $count) {
2016-01-20 08:23:36 -06:00
return true;
}
2016-01-15 02:25:32 -06:00
2016-01-20 08:23:36 -06:00
return false;
}
2016-11-28 11:55:56 -06:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2016-11-28 11:55:56 -06:00
* @param $attribute
* @param $value
*
* @return bool
*/
public function validateBic($attribute, $value): bool
{
$regex = '/^[a-z]{6}[0-9a-z]{2}([0-9a-z]{3})?\z/i';
$result = preg_match($regex, $value);
2017-11-15 05:25:49 -06:00
if (false === $result) {
2016-11-28 11:55:56 -06:00
return false;
}
2017-11-15 05:25:49 -06:00
if (0 === $result) {
2016-11-28 11:55:56 -06:00
return false;
}
return true;
}
2016-01-20 08:23:36 -06:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2016-01-20 08:23:36 -06:00
* @param $attribute
* @param $value
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
public function validateIban($attribute, $value): bool
2016-01-20 08:23:36 -06:00
{
2017-11-15 05:25:49 -06:00
if (!is_string($value) || null === $value || strlen($value) < 6) {
2016-01-20 08:23:36 -06:00
return false;
2016-01-14 14:34:17 -06:00
}
2016-01-20 08:23:36 -06:00
$value = strtoupper($value);
$search = [' ', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'];
$replace = ['', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '25', '26', '27', '28', '29', '30', '31',
2017-11-15 05:25:49 -06:00
'32', '33', '34', '35',];
2016-01-20 08:23:36 -06:00
// take
$first = substr($value, 0, 4);
$last = substr($value, 4);
$iban = $last . $first;
$iban = str_replace($search, $replace, $iban);
$checksum = bcmod($iban, '97');
2017-11-15 05:25:49 -06:00
return 1 === intval($checksum);
2016-01-14 14:34:17 -06:00
}
2017-01-04 10:25:28 -06:00
/**
* @param $attribute
* @param $value
* @param $parameters
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*
* @return bool
*/
public function validateMore($attribute, $value, $parameters): bool
{
$compare = $parameters[0] ?? '0';
2017-01-30 09:35:41 -06:00
2017-01-04 10:25:28 -06:00
return bccomp($value, $compare) > 0;
}
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
* @param $attribute
* @param $value
* @param $parameters
*
* @return bool
*/
public function validateMustExist($attribute, $value, $parameters): bool
{
$field = $parameters[1] ?? 'id';
2017-11-15 05:25:49 -06:00
if (0 === intval($value)) {
return true;
}
$count = DB::table($parameters[0])->where($field, $value)->count();
2017-11-15 05:25:49 -06:00
if (1 === $count) {
return true;
}
return false;
}
2016-01-14 14:34:17 -06:00
/**
* @param $attribute
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
public function validateRuleActionValue($attribute): bool
2016-01-14 14:34:17 -06:00
{
2016-01-15 02:25:32 -06:00
// get the index from a string like "rule-action-value.2".
$parts = explode('.', $attribute);
$index = $parts[count($parts) - 1];
2016-01-14 14:34:17 -06:00
// loop all rule-actions.
// check if rule-action-value matches the thing.
2016-01-15 02:25:32 -06:00
2016-01-14 14:34:17 -06:00
if (is_array($this->data['rule-action'])) {
$name = $this->data['rule-action'][$index] ?? 'invalid';
$value = $this->data['rule-action-value'][$index] ?? false;
2016-01-15 02:25:32 -06:00
switch ($name) {
default:
return true;
case 'set_budget':
/** @var BudgetRepositoryInterface $repository */
2016-05-02 13:49:19 -05:00
$repository = app(BudgetRepositoryInterface::class);
2016-01-15 02:25:32 -06:00
$budgets = $repository->getBudgets();
// count budgets, should have at least one
$count = $budgets->filter(
function (Budget $budget) use ($value) {
2017-07-15 09:41:07 -05:00
return $budget->name === $value;
2016-01-15 02:25:32 -06:00
}
)->count();
2017-11-15 05:25:49 -06:00
return 1 === $count;
2016-01-15 02:25:32 -06:00
case 'invalid':
return false;
2016-01-14 14:34:17 -06:00
}
}
return false;
}
/**
* @param $attribute
2016-01-02 09:31:14 -06:00
*
2015-02-24 15:53:38 -06:00
* @return bool
*/
2016-02-06 03:11:06 -06:00
public function validateRuleTriggerValue($attribute): bool
2016-01-02 09:57:31 -06:00
{
2016-01-20 08:23:36 -06:00
// get the index from a string like "rule-trigger-value.2".
$parts = explode('.', $attribute);
$index = $parts[count($parts) - 1];
2015-03-30 13:08:27 -05:00
2016-01-20 08:23:36 -06:00
// loop all rule-triggers.
// check if rule-value matches the thing.
if (is_array($this->data['rule-trigger'])) {
$name = $this->getRuleTriggerName($index);
$value = $this->getRuleTriggerValue($index);
2016-02-17 11:06:49 -06:00
// break on some easy checks:
2016-01-20 08:23:36 -06:00
switch ($name) {
case 'amount_less':
2016-02-17 11:06:49 -06:00
$result = is_numeric($value);
2017-11-15 05:25:49 -06:00
if (false === $result) {
2016-02-17 11:06:49 -06:00
return false;
}
break;
2016-01-20 08:23:36 -06:00
case 'transaction_type':
$count = TransactionType::where('type', $value)->count();
2017-11-15 05:25:49 -06:00
if (!(1 === $count)) {
2016-02-17 11:06:49 -06:00
return false;
}
break;
2016-01-20 08:23:36 -06:00
case 'invalid':
return false;
}
2016-02-17 11:06:49 -06:00
// still a special case where the trigger is
// triggered in such a way that it would trigger ANYTHING. We can check for such things
// with function willmatcheverything
// we know which class it is so dont bother checking that.
$classes = Config::get('firefly.rule-triggers');
/** @var TriggerInterface $class */
$class = $classes[$name];
return !($class::willMatchEverything($value));
2015-07-06 18:07:19 -05:00
}
2016-01-29 00:35:14 -06:00
return false;
2015-07-03 05:51:14 -05:00
}
2017-08-04 08:46:52 -05:00
/**
* @param $attribute
* @param $value
*
* @return bool
*/
2017-09-16 00:17:58 -05:00
public function validateSecurePassword($attribute, $value): bool
2017-08-04 08:46:52 -05:00
{
2017-08-08 09:30:21 -05:00
$verify = false;
if (isset($this->data['verify_password'])) {
2017-11-15 05:25:49 -06:00
$verify = 1 === intval($this->data['verify_password']);
2017-08-08 09:30:21 -05:00
}
if ($verify) {
/** @var Verifier $service */
$service = app(Verifier::class);
return $service->validPassword($value);
2017-08-04 08:46:52 -05:00
}
2017-08-04 08:48:26 -05:00
2017-08-08 09:30:21 -05:00
return true;
2017-08-04 08:46:52 -05:00
}
2015-07-03 05:51:14 -05:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2015-07-03 05:51:14 -05:00
* @param $attribute
* @param $value
2015-03-26 12:05:23 -05:00
* @param $parameters
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
public function validateUniqueAccountForUser($attribute, $value, $parameters): bool
2015-03-26 12:05:23 -05:00
{
2015-06-05 05:18:20 -05:00
// because a user does not have to be logged in (tests and what-not).
2016-09-16 05:07:45 -05:00
if (!auth()->check()) {
2015-06-05 05:18:20 -05:00
return $this->validateAccountAnonymously();
}
if (isset($this->data['what'])) {
return $this->validateByAccountTypeString($value, $parameters);
}
if (isset($this->data['account_type_id'])) {
return $this->validateByAccountTypeId($value, $parameters);
}
2015-06-29 00:22:51 -05:00
if (isset($this->data['id'])) {
return $this->validateByAccountId($value);
}
2015-06-05 05:34:45 -05:00
return false;
2015-06-05 05:18:20 -05:00
}
2016-02-12 10:34:42 -06:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2016-02-12 10:34:42 -06:00
* @param $attribute
* @param $value
* @param $parameters
*
* @return bool
*/
2016-02-10 23:40:16 -06:00
public function validateUniqueAccountNumberForUser($attribute, $value, $parameters): bool
{
$accountId = $this->data['id'] ?? 0;
2016-12-15 14:35:33 -06:00
$query = AccountMeta::leftJoin('accounts', 'accounts.id', '=', 'account_meta.account_id')
2016-09-16 05:15:58 -05:00
->where('accounts.user_id', auth()->user()->id)
2016-02-10 23:40:16 -06:00
->where('account_meta.name', 'accountNumber');
if (intval($accountId) > 0) {
// exclude current account from check.
$query->where('account_meta.account_id', '!=', intval($accountId));
}
$set = $query->get(['account_meta.*']);
/** @var AccountMeta $entry */
foreach ($set as $entry) {
2017-07-15 09:41:07 -05:00
if ($entry->data === $value) {
2016-02-10 23:40:16 -06:00
return false;
}
}
return true;
}
2015-06-05 05:48:58 -05:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2016-01-20 08:23:36 -06:00
* Validate an object and its unicity. Checks for encryption / encrypted values as well.
*
* parameter 0: the table
* parameter 1: the field
* parameter 2: an id to ignore (when editing)
*
* @param $attribute
2015-06-05 05:48:58 -05:00
* @param $value
2016-01-20 08:23:36 -06:00
* @param $parameters
2015-06-05 05:48:58 -05:00
*
2016-01-20 08:23:36 -06:00
* @return bool
2015-06-05 05:48:58 -05:00
*/
2016-02-06 03:11:06 -06:00
public function validateUniqueObjectForUser($attribute, $value, $parameters): bool
2015-06-05 05:48:58 -05:00
{
2016-01-20 08:23:36 -06:00
$value = $this->tryDecrypt($value);
// exclude?
$table = $parameters[0];
$field = $parameters[1];
$exclude = $parameters[2] ?? 0;
2016-01-20 08:23:36 -06:00
// get entries from table
$set = DB::table($table)->where('user_id', auth()->user()->id)->whereNull('deleted_at')
2016-01-20 08:23:36 -06:00
->where('id', '!=', $exclude)->get([$field]);
foreach ($set as $entry) {
$fieldValue = $this->tryDecrypt($entry->$field);
if ($fieldValue === $value) {
return false;
}
2015-06-05 05:48:58 -05:00
}
2016-01-20 08:23:36 -06:00
return true;
2015-06-05 05:48:58 -05:00
}
2015-06-05 05:18:20 -05:00
/**
2017-01-02 08:22:30 -06:00
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
2017-11-15 05:25:49 -06:00
*
2016-01-20 08:23:36 -06:00
* @param $attribute
2015-06-05 05:18:20 -05:00
* @param $value
* @param $parameters
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
public function validateUniquePiggyBankForUser($attribute, $value, $parameters): bool
2015-06-05 05:18:20 -05:00
{
2016-02-06 03:11:06 -06:00
$exclude = $parameters[0] ?? null;
2016-01-20 08:23:36 -06:00
$query = DB::table('piggy_banks')->whereNull('piggy_banks.deleted_at')
2016-09-16 05:15:58 -05:00
->leftJoin('accounts', 'accounts.id', '=', 'piggy_banks.account_id')->where('accounts.user_id', auth()->user()->id);
2017-11-15 05:25:49 -06:00
if (null !== $exclude) {
2016-01-20 08:23:36 -06:00
$query->where('piggy_banks.id', '!=', $exclude);
}
$set = $query->get(['piggy_banks.*']);
2015-06-05 05:18:20 -05:00
2016-01-20 08:23:36 -06:00
/** @var PiggyBank $entry */
2015-06-05 05:18:20 -05:00
foreach ($set as $entry) {
2016-01-20 08:23:36 -06:00
$fieldValue = $this->tryDecrypt($entry->name);
2017-07-15 09:41:07 -05:00
if ($fieldValue === $value) {
2015-06-05 05:18:20 -05:00
return false;
}
}
return true;
}
2016-02-06 03:11:06 -06:00
/**
* @param int $index
*
* @return string
*/
private function getRuleTriggerName($index): string
{
return $this->data['rule-trigger'][$index] ?? 'invalid';
}
/**
* @param int $index
*
* @return string
*/
private function getRuleTriggerValue($index): string
{
return $this->data['rule-trigger-value'][$index] ?? '';
}
2015-06-05 05:18:20 -05:00
/**
* @param $value
*
2016-01-20 08:23:36 -06:00
* @return mixed
*/
2016-02-06 03:11:06 -06:00
private function tryDecrypt($value)
2016-01-20 08:23:36 -06:00
{
try {
$value = Crypt::decrypt($value);
} catch (DecryptException $e) {
// do not care.
}
return $value;
}
/**
2015-06-05 05:18:20 -05:00
* @return bool
*/
2016-02-06 03:11:06 -06:00
private function validateAccountAnonymously(): bool
2015-06-05 05:18:20 -05:00
{
2016-01-20 08:23:36 -06:00
if (!isset($this->data['user_id'])) {
return false;
}
2015-06-05 05:18:20 -05:00
2016-01-20 08:23:36 -06:00
$user = User::find($this->data['user_id']);
$type = AccountType::find($this->data['account_type_id'])->first();
$value = $this->tryDecrypt($this->data['name']);
$set = $user->accounts()->where('account_type_id', $type->id)->get();
2015-03-30 13:08:27 -05:00
/** @var Account $entry */
foreach ($set as $entry) {
2017-07-15 09:41:07 -05:00
if ($entry->name === $value) {
2015-03-30 13:08:27 -05:00
return false;
}
2015-03-26 12:05:23 -05:00
}
2015-03-30 13:08:27 -05:00
return true;
2015-03-26 12:05:23 -05:00
}
/**
* @param $value
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
private function validateByAccountId($value): bool
{
/** @var Account $existingAccount */
$existingAccount = Account::find($this->data['id']);
$type = $existingAccount->accountType;
$ignore = $existingAccount->id;
$value = $this->tryDecrypt($value);
2016-09-16 05:15:58 -05:00
$set = auth()->user()->accounts()->where('account_type_id', $type->id)->where('id', '!=', $ignore)->get();
/** @var Account $entry */
foreach ($set as $entry) {
2017-07-15 09:41:07 -05:00
if ($entry->name === $value) {
return false;
}
}
return true;
}
2015-02-11 00:35:10 -06:00
/**
2015-03-31 07:16:25 -05:00
* @param $value
* @param $parameters
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
private function validateByAccountTypeId($value, $parameters): bool
2015-03-31 07:16:25 -05:00
{
2016-01-20 08:23:36 -06:00
$type = AccountType::find($this->data['account_type_id'])->first();
$ignore = $parameters[0] ?? 0;
2016-01-20 08:23:36 -06:00
$value = $this->tryDecrypt($value);
2015-03-31 07:16:25 -05:00
2016-09-16 05:15:58 -05:00
$set = auth()->user()->accounts()->where('account_type_id', $type->id)->where('id', '!=', $ignore)->get();
2016-01-20 08:23:36 -06:00
/** @var Account $entry */
2015-03-31 07:16:25 -05:00
foreach ($set as $entry) {
2017-07-15 09:41:07 -05:00
if ($entry->name === $value) {
2015-03-31 07:16:25 -05:00
return false;
}
}
return true;
}
2015-03-27 14:20:52 -05:00
/**
* @param $value
* @param $parameters
*
* @return bool
*/
2016-02-06 03:11:06 -06:00
private function validateByAccountTypeString($value, $parameters): bool
2015-03-27 14:20:52 -05:00
{
2016-01-20 08:23:36 -06:00
$search = Config::get('firefly.accountTypeByIdentifier.' . $this->data['what']);
$type = AccountType::whereType($search)->first();
$ignore = $parameters[0] ?? 0;
2015-03-31 07:16:25 -05:00
2016-09-16 05:15:58 -05:00
$set = auth()->user()->accounts()->where('account_type_id', $type->id)->where('id', '!=', $ignore)->get();
2016-01-20 08:23:36 -06:00
/** @var Account $entry */
2015-04-07 11:26:14 -05:00
foreach ($set as $entry) {
2017-07-15 09:41:07 -05:00
if ($entry->name === $value) {
2015-03-31 07:16:25 -05:00
return false;
}
2015-03-27 14:20:52 -05:00
}
2015-03-31 07:16:25 -05:00
return true;
2015-03-27 14:20:52 -05:00
}
}