/**
  * @Request({"user": "******"}, csrf=true)
  */
 public function saveAction($data)
 {
     $user = App::user();
     if (!$user->isAuthenticated()) {
         App::abort(404);
     }
     try {
         $user = User::find($user->id);
         if ($password = @$data['password_new']) {
             if (!App::auth()->getUserProvider()->validateCredentials($user, ['password' => @$data['password_old']])) {
                 throw new Exception(__('Invalid Password.'));
             }
             if (trim($password) != $password || strlen($password) < 3) {
                 throw new Exception(__('Invalid Password.'));
             }
             $user->password = App::get('auth.password')->hash($password);
         }
         if (@$data['email'] != $user->email) {
             $user->set('verified', false);
         }
         $user->name = @$data['name'];
         $user->email = @$data['email'];
         $user->validate();
         $user->save();
         return ['message' => 'success'];
     } catch (Exception $e) {
         App::abort(400, $e->getMessage());
     }
 }
Beispiel #2
0
 /**
  * @Route(methods="POST", defaults={"_maintenance" = true})
  * @Request({"credentials": "array", "remember_me": "boolean", "redirect": "string"})
  */
 public function authenticateAction($credentials, $remember = false, $redirect = '')
 {
     try {
         if (!App::csrf()->validate()) {
             throw new CsrfException(__('Invalid token. Please try again.'));
         }
         App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
         if (($event = App::auth()->login($user, $remember)) && $event->hasResponse()) {
             return $event->getResponse();
         }
         if (App::request()->isXmlHttpRequest()) {
             return App::response()->json(['csrf' => App::csrf()->generate()]);
         } else {
             return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', $redirect));
         }
     } catch (CsrfException $e) {
         if (App::request()->isXmlHttpRequest()) {
             return App::response()->json(['csrf' => App::csrf()->generate()], 401);
         }
         $error = $e->getMessage();
     } catch (BadCredentialsException $e) {
         $error = __('Invalid username or password.');
     } catch (AuthException $e) {
         $error = $e->getMessage();
     }
     if (App::request()->isXmlHttpRequest()) {
         App::abort(401, $error);
     } else {
         App::message()->error($error);
         return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', App::url()->previous()));
     }
 }
Beispiel #3
0
 /**
  * @Route(methods="POST", defaults={"_maintenance" = true})
  * @Request({"credentials": "array", "_remember_me": "boolean"})
  */
 public function authenticateAction($credentials, $remember = false)
 {
     $isXml = App::request()->isXmlHttpRequest();
     try {
         if (!App::csrf()->validate()) {
             throw new AuthException(__('Invalid token. Please try again.'));
         }
         App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
         if (!$isXml) {
             return App::auth()->login($user, $remember);
         } else {
             App::auth()->setUser($user, $remember);
             return ['success' => true];
         }
     } catch (BadCredentialsException $e) {
         $error = __('Invalid username or password.');
     } catch (AuthException $e) {
         $error = $e->getMessage();
     }
     if (!$isXml) {
         App::message()->error($error);
         return App::redirect(App::url()->previous());
     } else {
         App::abort(400, $error);
     }
 }
Beispiel #4
0
 /**
  * @Response("json")
  * @Request({"credentials": "array"})
  */
 public function logoutAction($credentials)
 {
     try {
         $user = App::auth()->getUserProvider()->findByUsername($credentials["username"]);
         App::auth()->logout($user);
         return ['success' => true, 'message' => "You are disconnected"];
     } catch (AuthException $e) {
         return ['success' => false, 'message' => "An error has occurred"];
     }
 }
 /**
  * @Access("userprofile: view profiles")
  * @Route("/{id}", methods="GET", name="id")
  * @Request({"id": "int"})
  */
 public function detailsAction($id)
 {
     if (!($user = App::auth()->getUserProvider()->find((int) $id)) or !($profileUser = ProfileUser::load($user))) {
         App::abort(404, __('User not found.'));
     }
     if ($breadcrumbs = App::module('bixie/breadcrumbs')) {
         $breadcrumbs->addUrl(['title' => $user->name, 'url' => '']);
     }
     return ['$view' => ['title' => __('User Profile'), 'name' => 'bixie/userprofile/profile-details.php'], '$data' => [], 'config' => App::module('bixie/userprofile')->config(), 'profileUser' => $profileUser, 'node' => App::node()];
 }
 /**
  * @Route(methods="POST", defaults={"_maintenance" = true})
  * @Request({"credentials": "array"})
  */
 public function authenticateAction($credentials)
 {
     try {
         if (!App::csrf()->validate()) {
             throw new AuthException(__('Invalid token. Please try again.'));
         }
         App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
         return App::auth()->login($user, App::request()->get(Auth::REMEMBER_ME_PARAM));
     } catch (BadCredentialsException $e) {
         App::message()->error(__('Invalid username or password.'));
     } catch (AuthException $e) {
         App::message()->error($e->getMessage());
     }
     return App::redirect(App::url()->previous());
 }
 /**
  * {@inheritdoc}
  */
 public function generate(array $parameters = [])
 {
     $id = $parameters['id'];
     $slug_key = App::module('bixie/userprofile')->config('slug_key', 'username');
     if (!isset($this->cacheEntries[$id])) {
         if (!($user = App::auth()->getUserProvider()->find((int) $id))) {
             throw new RouteNotFoundException('Userprofile not found!');
         }
         $this->addCache($user);
     }
     $meta = $this->cacheEntries[$id];
     $parameters['slug'] = $meta[$slug_key];
     unset($parameters['id']);
     return $parameters;
 }
 /**
  * Checks for the "system: access admin area" and redirects to login.
  */
 public function onRequest($event, $request)
 {
     if (App::auth()->getUser() or !in_array('system: access admin area', $request->attributes->get('_access', []))) {
         return;
     }
     $params = [];
     // redirect to default URL for POST requests and don't explicitly redirect the default URL
     if ('POST' !== $request->getMethod() && $request->attributes->get('_route') != '@system') {
         $params['redirect'] = App::url()->current(true);
     }
     $event->setResponse(App::response()->redirect('@system/login', $params));
 }
 /**
  * Logout blocked users.
  */
 public function onRequest()
 {
     if ($user = App::auth()->getUser() and $user->isBlocked()) {
         App::auth()->logout();
     }
 }