199 lines
6.5 KiB
PHP
199 lines
6.5 KiB
PHP
<?php
|
|
|
|
namespace App\Controller;
|
|
|
|
use App\Controller\ControllerBase,
|
|
App\Form\UserSettings as UserSettingsForm,
|
|
App\Model\Data\ActivityLog,
|
|
App\Model\Data\PasswordLink,
|
|
App\Model\Data\User,
|
|
SendGrid\Mail\Mail as SendGridMail;
|
|
|
|
class UserController extends ControllerBase
|
|
{
|
|
public function initialize()
|
|
{
|
|
// We need event manager here from DI.
|
|
$eventManager = $this->di->get('eventsManager');
|
|
$this->setEventsManager($eventManager);
|
|
}
|
|
|
|
public function settingsAction()
|
|
{
|
|
$user = $this->_getAuth()->getUser();
|
|
|
|
$form = new UserSettingsForm($user);
|
|
|
|
if ($this->request->isPost()) {
|
|
$data = $this->request->getPost();
|
|
|
|
if ($form->isValid($data)) {
|
|
|
|
$new_pw = $form->getValue('passwordNew');
|
|
if (strlen($new_pw) > 0) {
|
|
|
|
$hash = password_hash($new_pw, PASSWORD_BCRYPT);
|
|
|
|
// User had a password before. just update.
|
|
if (strlen($user->getPassword()) > 0) {
|
|
$user->setPassword($hash);
|
|
}
|
|
// Else we create a password link and email.
|
|
else {
|
|
$link = new PasswordLink();
|
|
$link->setUserId($user->getId())
|
|
->setPassword($hash)
|
|
->save();
|
|
|
|
$tpl = $this->di->get('template');
|
|
$body = $tpl->render('mail/password_activation', [
|
|
'link' => $link->getPublicId()
|
|
]);
|
|
|
|
$mail = new SendGridMail();
|
|
$mail->setFrom('noreply@shufflingpixels.com');
|
|
$mail->setSubject('Httpcb password activation');
|
|
$mail->addTo($user->getEmail());
|
|
$mail->addContent('text/html', $body);
|
|
|
|
$sendgrid = $this->di->get('sendgrid');
|
|
$sendgrid->send($mail);
|
|
|
|
$msg = "For security reasons. Before a password can be created "
|
|
. "a email has been sent to <strong>{$user->getEmail()}</strong> with "
|
|
. "a activation link.";
|
|
|
|
$this->flash->notice($msg);
|
|
}
|
|
}
|
|
|
|
$user->save();
|
|
$form->initialize();
|
|
|
|
$this->flash->message('success', 'Settings saved!');
|
|
} else {
|
|
$this->flash->message('error', 'Could not save settings');
|
|
}
|
|
}
|
|
|
|
$this->view->user = $user;
|
|
$this->view->form = $form;
|
|
}
|
|
|
|
public function deleteAction()
|
|
{
|
|
$user = $this->_getAuth()->getUser();
|
|
|
|
if ($this->request->isPost()) {
|
|
$data = $this->request->getPost();
|
|
}
|
|
|
|
// Delete acc.
|
|
if (isset($data['deleteAcc'])) {
|
|
|
|
if (strlen($user->getPassword()) > 0) {
|
|
if (!isset($data['currentpw']) || !$this->security->checkHash($data['currentpw'], $user->getPassword())) {
|
|
$this->flash->error('The password was not correct. Refusing to delete account.');
|
|
$this->response->redirect('/settings');
|
|
return;
|
|
}
|
|
}
|
|
|
|
$user->setStatus(User::STATUS_DELETED);
|
|
$user->save();
|
|
|
|
// Logout the user.
|
|
$this->auth->clearIdentity();
|
|
|
|
$this->flash->success('The account was successfully removed.');
|
|
}
|
|
|
|
$this->response->redirect('/settings');
|
|
}
|
|
|
|
/**
|
|
* Activate a password.
|
|
*
|
|
* @param $id
|
|
*/
|
|
public function activationLinkAction($id)
|
|
{
|
|
$link = PasswordLink::findFirst(['public_id = ?0', 'bind' => [ $id ]]);
|
|
|
|
if ($link) {
|
|
if ($link->isValid()) {
|
|
|
|
// Save the password.
|
|
$link->getUser()
|
|
->setPassword($link->getPassword())
|
|
->save();
|
|
|
|
$this->flash->success('Your password has been activated.');
|
|
} else {
|
|
$this->flash->error('This link has expired or has already been used.');
|
|
}
|
|
|
|
// Make sure the link is deleted.
|
|
$link->delete();
|
|
} else {
|
|
$this->flash->error('This does not seem to be an active link');
|
|
}
|
|
}
|
|
|
|
public function activityAction($page = 1)
|
|
{
|
|
$user = $this->_getAuth()->getUser();
|
|
|
|
$paginator = ActivityLog::getPaginationList($user->getId(), $page);
|
|
|
|
$this->view->page = $paginator->getPaginate();
|
|
$this->view->pagination_url = '/user/activity/';
|
|
}
|
|
|
|
public function oauthDisconnectAction($provider, $last_unlink_confirmed = false)
|
|
{
|
|
$user = $this->_getAuth()->getUser();
|
|
|
|
// Check if we are unlinking the last provider
|
|
if (count($user->getSocialLinks()) <= 1) {
|
|
|
|
// If user does not have a password, we wont allow it.
|
|
if (strlen($user->getPassword()) < 1) {
|
|
$msg = 'Unlinking your last OAuth provider cannot be done '
|
|
. 'if you don\'t have a password as it would be impossible for you to log in.';
|
|
|
|
$this->flash->message('error', $msg);
|
|
$this->response->redirect('/settings');
|
|
return;
|
|
}
|
|
|
|
// Give a warning to the user about password as the only login option.
|
|
if ($last_unlink_confirmed == false) {
|
|
|
|
$url = $this->url->get([
|
|
'for' => 'oauth-disconnect-confirm',
|
|
'provider' => $provider,
|
|
'confirm' => 'confirm',
|
|
]);
|
|
|
|
$msg = '<p>You are about to unlink the last OAuth provider.'
|
|
. ' Your <strong>only</strong> login option will be <strong>password</strong> if you do this.</p>'
|
|
. '<p>Are you sure? <a class="alert-link" href="' . $url .'">Yes</a></p>';
|
|
|
|
$this->flash->message('warning', $msg);
|
|
$this->response->redirect('/settings');
|
|
return;
|
|
}
|
|
}
|
|
|
|
$provider = ucfirst($provider);
|
|
$user->{'set' . $provider . 'Id'}(null);
|
|
$user->save();
|
|
|
|
$this->getEventsManager()->fire('user:onOAuthDisconnect', $user, $provider);
|
|
|
|
$this->flash->message('success', "<p><strong>{$provider}</strong> was disconnected</p>");
|
|
|
|
$this->response->redirect('/settings');
|
|
}
|
|
}
|