/** * @Request({"user": "******"}, csrf=true) */ public function saveAction($data) { $user = App::user(); if (!$user->isAuthenticated()) { App::abort(404); } try { $user = User::find($user->id); if ($password = @$data['password_new']) { if (!App::auth()->getUserProvider()->validateCredentials($user, ['password' => @$data['password_old']])) { throw new Exception(__('Invalid Password.')); } if (trim($password) != $password || strlen($password) < 3) { throw new Exception(__('Invalid Password.')); } $user->password = App::get('auth.password')->hash($password); } if (@$data['email'] != $user->email) { $user->set('verified', false); } $user->name = @$data['name']; $user->email = @$data['email']; $user->validate(); $user->save(); return ['message' => 'success']; } catch (Exception $e) { App::abort(400, $e->getMessage()); } }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array", "remember_me": "boolean", "redirect": "string"}) */ public function authenticateAction($credentials, $remember = false, $redirect = '') { try { if (!App::csrf()->validate()) { throw new CsrfException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); if (($event = App::auth()->login($user, $remember)) && $event->hasResponse()) { return $event->getResponse(); } if (App::request()->isXmlHttpRequest()) { return App::response()->json(['csrf' => App::csrf()->generate()]); } else { return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', $redirect)); } } catch (CsrfException $e) { if (App::request()->isXmlHttpRequest()) { return App::response()->json(['csrf' => App::csrf()->generate()], 401); } $error = $e->getMessage(); } catch (BadCredentialsException $e) { $error = __('Invalid username or password.'); } catch (AuthException $e) { $error = $e->getMessage(); } if (App::request()->isXmlHttpRequest()) { App::abort(401, $error); } else { App::message()->error($error); return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', App::url()->previous())); } }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array", "_remember_me": "boolean"}) */ public function authenticateAction($credentials, $remember = false) { $isXml = App::request()->isXmlHttpRequest(); try { if (!App::csrf()->validate()) { throw new AuthException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); if (!$isXml) { return App::auth()->login($user, $remember); } else { App::auth()->setUser($user, $remember); return ['success' => true]; } } catch (BadCredentialsException $e) { $error = __('Invalid username or password.'); } catch (AuthException $e) { $error = $e->getMessage(); } if (!$isXml) { App::message()->error($error); return App::redirect(App::url()->previous()); } else { App::abort(400, $error); } }
/** * @Response("json") * @Request({"credentials": "array"}) */ public function logoutAction($credentials) { try { $user = App::auth()->getUserProvider()->findByUsername($credentials["username"]); App::auth()->logout($user); return ['success' => true, 'message' => "You are disconnected"]; } catch (AuthException $e) { return ['success' => false, 'message' => "An error has occurred"]; } }
/** * @Access("userprofile: view profiles") * @Route("/{id}", methods="GET", name="id") * @Request({"id": "int"}) */ public function detailsAction($id) { if (!($user = App::auth()->getUserProvider()->find((int) $id)) or !($profileUser = ProfileUser::load($user))) { App::abort(404, __('User not found.')); } if ($breadcrumbs = App::module('bixie/breadcrumbs')) { $breadcrumbs->addUrl(['title' => $user->name, 'url' => '']); } return ['$view' => ['title' => __('User Profile'), 'name' => 'bixie/userprofile/profile-details.php'], '$data' => [], 'config' => App::module('bixie/userprofile')->config(), 'profileUser' => $profileUser, 'node' => App::node()]; }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array"}) */ public function authenticateAction($credentials) { try { if (!App::csrf()->validate()) { throw new AuthException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); return App::auth()->login($user, App::request()->get(Auth::REMEMBER_ME_PARAM)); } catch (BadCredentialsException $e) { App::message()->error(__('Invalid username or password.')); } catch (AuthException $e) { App::message()->error($e->getMessage()); } return App::redirect(App::url()->previous()); }
/** * {@inheritdoc} */ public function generate(array $parameters = []) { $id = $parameters['id']; $slug_key = App::module('bixie/userprofile')->config('slug_key', 'username'); if (!isset($this->cacheEntries[$id])) { if (!($user = App::auth()->getUserProvider()->find((int) $id))) { throw new RouteNotFoundException('Userprofile not found!'); } $this->addCache($user); } $meta = $this->cacheEntries[$id]; $parameters['slug'] = $meta[$slug_key]; unset($parameters['id']); return $parameters; }
/** * Checks for the "system: access admin area" and redirects to login. */ public function onRequest($event, $request) { if (App::auth()->getUser() or !in_array('system: access admin area', $request->attributes->get('_access', []))) { return; } $params = []; // redirect to default URL for POST requests and don't explicitly redirect the default URL if ('POST' !== $request->getMethod() && $request->attributes->get('_route') != '@system') { $params['redirect'] = App::url()->current(true); } $event->setResponse(App::response()->redirect('@system/login', $params)); }
/** * Logout blocked users. */ public function onRequest() { if ($user = App::auth()->getUser() and $user->isBlocked()) { App::auth()->logout(); } }