firefly-iii/app/Http/Controllers/ProfileController.php

<?php
/**
 * ProfileController.php
 * Copyright (C) 2016 thegrumpydictator@gmail.com
 *
 * This software may be modified and distributed under the terms of the
 * Creative Commons Attribution-ShareAlike 4.0 International License.
 *
 * See the LICENSE file for details.
 */

declare(strict_types=1);

namespace FireflyIII\Http\Controllers;

use FireflyIII\Exceptions\ValidationException;
use FireflyIII\Http\Middleware\IsLimitedUser;
use FireflyIII\Http\Requests\DeleteAccountFormRequest;
use FireflyIII\Http\Requests\ProfileFormRequest;
use FireflyIII\Repositories\User\UserRepositoryInterface;
use FireflyIII\User;
use Hash;
use Log;
use Preferences;
use Session;
use View;

/**
 * Class ProfileController
 *
 * @package FireflyIII\Http\Controllers
 */
class ProfileController extends Controller
{
    /**
     * ProfileController constructor.
     */
    public function __construct()
    {
        parent::__construct();


        $this->middleware(
            function ($request, $next) {
                View::share('title', trans('firefly.profile'));
                View::share('mainTitleIcon', 'fa-user');

                return $next($request);
            }
        );
        $this->middleware(IsLimitedUser::class);

    }

    /**
     * @return View
     */
    public function changePassword()
    {
        $title        = auth()->user()->email;
        $subTitle     = strval(trans('firefly.change_your_password'));
        $subTitleIcon = 'fa-key';

        return view('profile.change-password', compact('title', 'subTitle', 'subTitleIcon'));
    }

    /**
     * @return View
     */
    public function deleteAccount()
    {
        $title        = auth()->user()->email;
        $subTitle     = strval(trans('firefly.delete_account'));
        $subTitleIcon = 'fa-trash';

        return view('profile.delete-account', compact('title', 'subTitle', 'subTitleIcon'));
    }

    /**
     * @return View
     *
     */
    public function index()
    {
        $subTitle = auth()->user()->email;
        $userId   = auth()->user()->id;

        // get access token or create one.
        $accessToken = Preferences::get('access_token', null);
        if (is_null($accessToken)) {
            $token       = auth()->user()->generateAccessToken();
            $accessToken = Preferences::set('access_token', $token);
        }

        return view('profile.index', compact('subTitle', 'userId', 'accessToken'));
    }

    /**
     * @param ProfileFormRequest      $request
     * @param UserRepositoryInterface $repository
     *
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
     */
    public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)
    {
        // the request has already validated both new passwords must be equal.
        $current = $request->get('current_password');
        $new     = $request->get('new_password');

        try {
            $this->validatePassword(auth()->user(), $current, $new);
        } catch (ValidationException $e) {
            Session::flash('error', $e->getMessage());

            return redirect(route('profile.change-password'));
        }

        $repository->changePassword(auth()->user(), $request->get('new_password'));
        Session::flash('success', strval(trans('firefly.password_changed')));

        return redirect(route('profile.index'));
    }

    /**
     * @param UserRepositoryInterface  $repository
     * @param DeleteAccountFormRequest $request
     *
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
     */
    public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request)
    {
        if (!Hash::check($request->get('password'), auth()->user()->password)) {
            Session::flash('error', strval(trans('firefly.invalid_password')));

            return redirect(route('profile.delete-account'));
        }
        $user = auth()->user();
        Log::info(sprintf('User #%d has opted to delete their account', auth()->user()->id));
        // make repository delete user:
        auth()->logout();
        Session::flush();
        $repository->destroy($user);

        Session::flash('gaEventCategory', 'user');
        Session::flash('gaEventAction', 'delete-account');


        return redirect(route('index'));
    }

    /**
     *
     */
    function regenerate()
    {
        $token = auth()->user()->generateAccessToken();
        Preferences::set('access_token', $token);
        Session::flash('success', strval(trans('firefly.token_regenerated')));

        return redirect(route('profile.index'));
    }

    /**
     * @param User   $user
     * @param string $current
     * @param string $new
     *
     * @return bool
     * @throws ValidationException
     */
    protected function validatePassword(User $user, string $current, string $new): bool
    {
        if (!Hash::check($current, $user->password)) {
            throw new ValidationException(strval(trans('firefly.invalid_current_password')));
        }

        if ($current === $new) {
            throw new ValidationException(strval(trans('firefly.should_change')));
        }

        return true;

    }


}
Declare strict types. 2016-05-20 01:57:45 -05:00			`<?php`
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 05:27:31 -05:00			`/**`
			`* ProfileController.php`
			`* Copyright (C) 2016 thegrumpydictator@gmail.com`
			`*`
Some code cleanup and copyright cleanup. [skip ci] 2016-10-04 23:52:15 -05:00			`* This software may be modified and distributed under the terms of the`
			`* Creative Commons Attribution-ShareAlike 4.0 International License.`
			`*`
			`* See the LICENSE file for details.`
Copyright notices. [skip ci] Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-05-20 05:27:31 -05:00			`*/`

Expanded test coverage. 2017-03-24 05:07:38 -05:00			`declare(strict_types=1);`
Declare strict types. 2016-05-20 01:57:45 -05:00
			`namespace FireflyIII\Http\Controllers;`
More code. 2015-02-25 14:19:06 -06:00
Various small optimisations [skip ci] 2017-01-05 03:06:46 -06:00			`use FireflyIII\Exceptions\ValidationException;`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`use FireflyIII\Http\Middleware\IsLimitedUser;`
Built a routine that will allow you to completely delete an account. 2015-04-22 00:54:56 -05:00			`use FireflyIII\Http\Requests\DeleteAccountFormRequest;`
More code. 2015-02-25 14:19:06 -06:00			`use FireflyIII\Http\Requests\ProfileFormRequest;`
Code for #456 2016-12-12 08:24:47 -06:00			`use FireflyIII\Repositories\User\UserRepositoryInterface;`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`use FireflyIII\User;`
More code. 2015-02-25 14:19:06 -06:00			`use Hash;`
Code for #456 2016-12-12 08:24:47 -06:00			`use Log;`
Implement access token for command line things. 2017-09-14 11:27:22 -05:00			`use Preferences;`
More code. 2015-02-25 14:19:06 -06:00			`use Session;`
Code cleanup. Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-08-26 02:30:52 -05:00			`use View;`
More code. 2015-02-25 14:19:06 -06:00
			`/**`
			`* Class ProfileController`
			`*`
			`* @package FireflyIII\Http\Controllers`
			`*/`
			`class ProfileController extends Controller`
			`{`
Did some code cleanup. Comments and headers mostly. 2016-01-09 01:20:55 -06:00			`/**`
			`* ProfileController constructor.`
			`*/`
Move authentication around. 2016-01-08 11:29:47 -06:00			`public function __construct()`
			`{`
Also call parent constructor. 2016-01-08 13:40:48 -06:00			`parent::__construct();`
This code fixes #349 2016-10-20 12:10:43 -05:00
Updates for translations. 2016-10-29 00:44:46 -05:00
			`$this->middleware(`
			`function ($request, $next) {`
			`View::share('title', trans('firefly.profile'));`
			`View::share('mainTitleIcon', 'fa-user');`

			`return $next($request);`
			`}`
			`);`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`$this->middleware(IsLimitedUser::class);`

Move authentication around. 2016-01-08 11:29:47 -06:00			`}`
More code. 2015-02-25 14:19:06 -06:00
			`/**`
Code cleanup. Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-08-26 02:30:52 -05:00			`* @return View`
More code. 2015-02-25 14:19:06 -06:00			`*/`
			`public function changePassword()`
			`{`
Updates for translations. 2016-10-29 00:44:46 -05:00			`$title = auth()->user()->email;`
			`$subTitle = strval(trans('firefly.change_your_password'));`
			`$subTitleIcon = 'fa-key';`

			`return view('profile.change-password', compact('title', 'subTitle', 'subTitleIcon'));`
More code. 2015-02-25 14:19:06 -06:00			`}`

Built a routine that will allow you to completely delete an account. 2015-04-22 00:54:56 -05:00			`/**`
Code cleanup. Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-08-26 02:30:52 -05:00			`* @return View`
Built a routine that will allow you to completely delete an account. 2015-04-22 00:54:56 -05:00			`*/`
			`public function deleteAccount()`
			`{`
Updates for translations. 2016-10-29 00:44:46 -05:00			`$title = auth()->user()->email;`
			`$subTitle = strval(trans('firefly.delete_account'));`
			`$subTitleIcon = 'fa-trash';`

			`return view('profile.delete-account', compact('title', 'subTitle', 'subTitleIcon'));`
Built a routine that will allow you to completely delete an account. 2015-04-22 00:54:56 -05:00			`}`

			`/**`
Code cleanup. Signed-off-by: James Cole <thegrumpydictator@gmail.com> 2016-08-26 02:30:52 -05:00			`* @return View`
Built a routine that will allow you to completely delete an account. 2015-04-22 00:54:56 -05:00			`*`
			`*/`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00			`public function index()`
Cleaning up. 2015-04-28 08:26:30 -05:00			`{`
This code fixes #349 2016-10-20 12:10:43 -05:00			`$subTitle = auth()->user()->email;`
			`$userId = auth()->user()->id;`

Implement access token for command line things. 2017-09-14 11:27:22 -05:00			`// get access token or create one.`
			`$accessToken = Preferences::get('access_token', null);`
			`if (is_null($accessToken)) {`
			`$token = auth()->user()->generateAccessToken();`
			`$accessToken = Preferences::set('access_token', $token);`
			`}`

			`return view('profile.index', compact('subTitle', 'userId', 'accessToken'));`
Built a routine that will allow you to completely delete an account. 2015-04-22 00:54:56 -05:00			`}`

More code. 2015-02-25 14:19:06 -06:00			`/**`
New tests. 2016-12-18 10:54:11 -06:00			`* @param ProfileFormRequest $request`
			`* @param UserRepositoryInterface $repository`
General cleanup. 2015-05-03 05:58:55 -05:00			`*`
New tests. 2016-12-18 10:54:11 -06:00			`* @return \Illuminate\Http\RedirectResponse\|\Illuminate\Routing\Redirector`
More code. 2015-02-25 14:19:06 -06:00			`*/`
New tests. 2016-12-18 10:54:11 -06:00			`public function postChangePassword(ProfileFormRequest $request, UserRepositoryInterface $repository)`
More code. 2015-02-25 14:19:06 -06:00			`{`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`// the request has already validated both new passwords must be equal.`
			`$current = $request->get('current_password');`
			`$new = $request->get('new_password');`
Various small optimisations [skip ci] 2017-01-05 03:06:46 -06:00
			`try {`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`$this->validatePassword(auth()->user(), $current, $new);`
Various small optimisations [skip ci] 2017-01-05 03:06:46 -06:00			`} catch (ValidationException $e) {`
			`Session::flash('error', $e->getMessage());`
More code. 2015-02-25 14:19:06 -06:00
Cleanup redirect code. 2015-07-06 09:27:21 -05:00			`return redirect(route('profile.change-password'));`
More code. 2015-02-25 14:19:06 -06:00			`}`

New tests. 2016-12-18 10:54:11 -06:00			`$repository->changePassword(auth()->user(), $request->get('new_password'));`
All new translations for #218 2016-03-20 05:38:01 -05:00			`Session::flash('success', strval(trans('firefly.password_changed')));`
More code. 2015-02-25 14:19:06 -06:00
Many new renamed routes that will break half of Firefly. 2016-12-05 14:58:23 -06:00			`return redirect(route('profile.index'));`
More code. 2015-02-25 14:19:06 -06:00			`}`

Covered profile controller with tests. 2015-05-03 02:19:14 -05:00			`/**`
Code for #456 2016-12-12 08:24:47 -06:00			`* @param UserRepositoryInterface $repository`
General cleanup. 2015-05-03 05:58:55 -05:00			`* @param DeleteAccountFormRequest $request`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00			`*`
Code for #456 2016-12-12 08:24:47 -06:00			`* @return \Illuminate\Http\RedirectResponse\|\Illuminate\Routing\Redirector`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00			`*/`
Code for #456 2016-12-12 08:24:47 -06:00			`public function postDeleteAccount(UserRepositoryInterface $repository, DeleteAccountFormRequest $request)`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00			`{`
Code clean up 2016-09-16 05:15:58 -05:00			`if (!Hash::check($request->get('password'), auth()->user()->password)) {`
All new translations for #218 2016-03-20 05:38:01 -05:00			`Session::flash('error', strval(trans('firefly.invalid_password')));`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00
Cleanup redirect code. 2015-07-06 09:27:21 -05:00			`return redirect(route('profile.delete-account'));`
More code. 2015-02-25 14:19:06 -06:00			`}`
Code for #456 2016-12-12 08:24:47 -06:00			`$user = auth()->user();`
			`Log::info(sprintf('User #%d has opted to delete their account', auth()->user()->id));`
			`// make repository delete user:`
			`auth()->logout();`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00			`Session::flush();`
Code for #456 2016-12-12 08:24:47 -06:00			`$repository->destroy($user);`

Add some GA events. 2015-05-25 00:26:19 -05:00			`Session::flash('gaEventCategory', 'user');`
			`Session::flash('gaEventAction', 'delete-account');`
More code. 2015-02-25 14:19:06 -06:00
Lots of new translations. 2015-07-26 00:39:04 -05:00
Cleanup redirect code. 2015-07-06 09:27:21 -05:00			`return redirect(route('index'));`
More code. 2015-02-25 14:19:06 -06:00			`}`
Covered profile controller with tests. 2015-05-03 02:19:14 -05:00
Implement access token for command line things. 2017-09-14 11:27:22 -05:00			`/**`
			`*`
			`*/`
			`function regenerate()`
			`{`
			`$token = auth()->user()->generateAccessToken();`
			`Preferences::set('access_token', $token);`
			`Session::flash('success', strval(trans('firefly.token_regenerated')));`

			`return redirect(route('profile.index'));`
			`}`
Apparently this is changed in PHPStorm’s formatting templates so there you go [skip ci]. 2017-04-09 00:44:22 -05:00
Some code cleanup and reordering 2016-01-24 08:58:16 -06:00			`/**`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`* @param User $user`
			`* @param string $current`
Various small optimisations [skip ci] 2017-01-05 03:06:46 -06:00			`* @param string $new`
Some code cleanup and reordering 2016-01-24 08:58:16 -06:00			`*`
Various small optimisations [skip ci] 2017-01-05 03:06:46 -06:00			`* @return bool`
			`* @throws ValidationException`
Some code cleanup and reordering 2016-01-24 08:58:16 -06:00			`*/`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`protected function validatePassword(User $user, string $current, string $new): bool`
Some code cleanup and reordering 2016-01-24 08:58:16 -06:00			`{`
Apparently this is changed in PHPStorm’s formatting templates so there you go [skip ci]. 2017-04-09 00:44:22 -05:00			`if (!Hash::check($current, $user->password)) {`
Expanded test coverage. 2017-03-24 05:07:38 -05:00			`throw new ValidationException(strval(trans('firefly.invalid_current_password')));`
			`}`

			`if ($current === $new) {`
Various small optimisations [skip ci] 2017-01-05 03:06:46 -06:00			`throw new ValidationException(strval(trans('firefly.should_change')));`
Some code cleanup and reordering 2016-01-24 08:58:16 -06:00			`}`

			`return true;`

			`}`

Covered profile controller with tests. 2015-05-03 02:19:14 -05:00
More code. 2015-02-25 14:19:06 -06:00			`}`