/**
* @param EditUser $command
* @return User
* @throws \Flarum\Core\Exception\PermissionDeniedException
*/
public function handle(EditUser $command)
{
$actor = $command->actor;
$data = $command->data;
$user = $this->users->findOrFail($command->userId, $actor);
$canEdit = $actor->can('edit', $user);
$isSelf = $actor->id === $user->id;
$attributes = array_get($data, 'attributes', []);
$relationships = array_get($data, 'relationships', []);
if (isset($attributes['username'])) {
$this->assertPermission($canEdit);
$user->rename($attributes['username']);
}
if (isset($attributes['email'])) {
if ($isSelf) {
$user->requestEmailChange($attributes['email']);
} else {
$this->assertPermission($canEdit);
$user->changeEmail($attributes['email']);
}
}
if (isset($attributes['password'])) {
$this->assertPermission($canEdit);
$user->changePassword($attributes['password']);
}
if (isset($attributes['bio'])) {
if (!$isSelf) {
$this->assertPermission($canEdit);
}
$user->changeBio($attributes['bio']);
}
if (!empty($attributes['readTime'])) {
$this->assertPermission($isSelf);
$user->markAllAsRead();
}
if (!empty($attributes['preferences'])) {
$this->assertPermission($isSelf);
foreach ($attributes['preferences'] as $k => $v) {
$user->setPreference($k, $v);
}
}
if (isset($relationships['groups']['data']) && is_array($relationships['groups']['data'])) {
$this->assertPermission($canEdit);
$newGroupIds = [];
foreach ($relationships['groups']['data'] as $group) {
if ($id = array_get($group, 'id')) {
$newGroupIds[] = $id;
}
}
$user->raise(new UserGroupsWereChanged($user, $user->groups()->get()->all()));
$user->afterSave(function (User $user) use($newGroupIds) {
$user->groups()->sync($newGroupIds);
});
}
$this->events->fire(new UserWillBeSaved($user, $actor, $data));
$this->validator->assertValid(array_merge($user->getDirty(), array_only($attributes, ['password', 'email'])));
$user->save();
$this->dispatchEventsFor($user, $actor);
return $user;
}
/**
* @param Request $request
* @return RedirectResponse
*/
public function handle(Request $request)
{
$input = $request->getParsedBody();
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
$password = array_get($input, 'password');
$confirmation = array_get($input, 'password_confirmation');
$this->validator->assertValid(compact('password'));
if (!$password || $password !== $confirmation) {
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
}
$token->user->changePassword($password);
$token->user->save();
$token->delete();
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $token->user->id);
return new RedirectResponse($this->url->toBase());
}
/**
* @param RegisterUser $command
* @throws PermissionDeniedException if signup is closed and the actor is
* not an administrator.
* @throws \Flarum\Core\Exception\InvalidConfirmationTokenException if an
* email confirmation token is provided but is invalid.
* @return User
*/
public function handle(RegisterUser $command)
{
$actor = $command->actor;
$data = $command->data;
if (!$this->settings->get('allow_sign_up')) {
$this->assertAdmin($actor);
}
$username = array_get($data, 'attributes.username');
$email = array_get($data, 'attributes.email');
$password = array_get($data, 'attributes.password');
// If a valid authentication token was provided as an attribute,
// then we won't require the user to choose a password.
if (isset($data['attributes']['token'])) {
$token = AuthToken::validOrFail($data['attributes']['token']);
$password = $password ?: str_random(20);
}
$user = User::register($username, $email, $password);
// If a valid authentication token was provided, then we will assign
// the attributes associated with it to the user's account. If this
// includes an email address, then we will activate the user's account
// from the get-go.
if (isset($token)) {
foreach ($token->payload as $k => $v) {
$user->{$k} = $v;
}
if (isset($token->payload['email'])) {
$user->activate();
}
}
if ($actor->isAdmin() && array_get($data, 'attributes.isActivated')) {
$user->activate();
}
$this->events->fire(new UserWillBeSaved($user, $actor, $data));
$this->validator->assertValid(array_merge($user->getAttributes(), compact('password')));
if ($avatarUrl = array_get($data, 'attributes.avatarUrl')) {
$validation = $this->validatorFactory->make(compact('avatarUrl'), ['avatarUrl' => 'url']);
if ($validation->fails()) {
throw new ValidationException($validation);
}
try {
$this->saveAvatarFromUrl($user, $avatarUrl);
} catch (Exception $e) {
//
}
}
$user->save();
if (isset($token)) {
$token->delete();
}
$this->dispatchEventsFor($user, $actor);
return $user;
}
/**
* @param Request $request
* @return RedirectResponse
*/
public function handle(Request $request)
{
$input = $request->getParsedBody();
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
$password = array_get($input, 'password');
try {
// todo: probably shouldn't use the user validator for this,
// passwords should be validated separately
$this->validator->assertValid(compact('password'));
$validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
if ($validator->fails()) {
throw new ValidationException($validator);
}
} catch (ValidationException $e) {
$request->getAttribute('session')->set('error', $e->errors()->first());
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
}
$token->user->changePassword($password);
$token->user->save();
$token->delete();
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $token->user->id);
return new RedirectResponse($this->url->toBase());
}