/** * @param array $params * @throws Exception */ public function authenticate(array $params) { if (!isset($params['authtoken']) || empty($params['authtoken'])) { return new Response(Http::STATUS_FORBIDDEN, 'Invalid or empty authToken'); } $authToken = ApiAuthenticationService::instance()->getAuthToken($params['authtoken']); if (empty($authToken)) { return new Response(Http::STATUS_FORBIDDEN, 'Auth token not found'); } $user = UserService::instance()->getUserById($authToken['userId']); if (empty($user)) { return new Response(Http::STATUS_FORBIDDEN, 'User not found'); } $credentials = new SessionCredentials($user); $credentials->setAuthProvider('API'); $credentials->addRoles(UserRole::USER); $credentials->addFeatures(UserFeaturesService::instance()->getUserFeatures($authToken['userId'])); $credentials->addRoles(UserService::instance()->getUserRolesByUserId($authToken['userId'])); $subscription = SubscriptionsService::instance()->getUserActiveSubscription($authToken['userId']); if (!empty($subscription)) { $credentials->addRoles(UserRole::SUBSCRIBER); $credentials->addFeatures(UserFeature::SUBSCRIBER); if ($subscription['subscriptionTier'] == 2) { $credentials->addFeatures(UserFeature::SUBSCRIBERT2); } if ($subscription['subscriptionTier'] == 3) { $credentials->addFeatures(UserFeature::SUBSCRIBERT3); } } $response = new Response(Http::STATUS_OK, json_encode($credentials->getData())); $response->addHeader(Http::HEADER_CONTENTTYPE, MimeType::JSON); return $response; }
/** * @Route ("/admin/user/{id}/edit") * @Secure ({"ADMIN"}) * @HttpMethod ({"POST"}) * @Transactional * * @param array $params * @param ViewModel $model * @throws Exception * @return string */ public function adminUserEditProcess(array $params, ViewModel $model) { $model->title = 'User'; FilterParams::required($params, 'id'); $authService = AuthenticationService::instance(); $userService = UserService::instance(); $userFeatureService = UserFeaturesService::instance(); $user = $userService->getUserById($params['id']); if (empty($user)) { throw new Exception('User was not found'); } $username = isset($params['username']) && !empty($params['username']) ? $params['username'] : $user['username']; $email = isset($params['email']) && !empty($params['email']) ? $params['email'] : $user['email']; $country = isset($params['country']) && !empty($params['country']) ? $params['country'] : $user['country']; $allowGifting = isset($params['allowGifting']) ? $params['allowGifting'] : $user['allowGifting']; $authService->validateUsername($username, $user); $authService->validateEmail($email, $user); if (!empty($country)) { $countryArr = Country::getCountryByCode($country); if (empty($countryArr)) { throw new Exception('Invalid country'); } $country = $countryArr['alpha-2']; } // Data for update $userData = array('username' => $username, 'country' => $country, 'email' => $email, 'allowGifting' => $allowGifting); $userService->updateUser($user['userId'], $userData); $user = $userService->getUserById($params['id']); // Features if (!isset($params['features'])) { $params['features'] = array(); } // Roles if (!isset($params['roles'])) { $params['roles'] = array(); } $userFeatureService->setUserFeatures($user['userId'], $params['features']); $userService->setUserRoles($user['userId'], $params['roles']); $authService->flagUserForUpdate($user['userId']); Session::set('modelSuccess', 'User profile updated'); return 'redirect: /admin/user/' . $user['userId'] . '/edit'; }
/** * @Route ("/admin/user/{userId}/ban/{id}/edit") * @Secure ({"ADMIN"}) * @HttpMethod ({"GET"}) * * @param array $params */ public function editBan(array $params, ViewModel $model) { $model->title = 'Update Ban'; if (!isset($params['id']) || empty($params['id'])) { throw new Exception('id required'); } if (!isset($params['userId']) || empty($params['userId'])) { throw new Exception('userId required'); } $authenticationService = AuthenticationService::instance(); $userService = UserService::instance(); $userFeatureService = UserFeaturesService::instance(); $user = $userService->getUserById($params['userId']); if (empty($user)) { throw new Exception('User was not found'); } $model->user = $user; $model->ban = $userService->getBanById($params['id']); return 'admin/userban'; }
/** * @param array $user * @param string $authProvider * @return SessionCredentials */ public function getUserCredentials(array $user, $authProvider) { $credentials = new SessionCredentials($user); $credentials->setAuthProvider($authProvider); $credentials->addRoles(UserRole::USER); $credentials->addFeatures(UserFeaturesService::instance()->getUserFeatures($user['userId'])); $credentials->addRoles(UserService::instance()->getUserRolesByUserId($user['userId'])); $subscription = SubscriptionsService::instance()->getUserActiveSubscription($user['userId']); if (!empty($subscription) or $user['istwitchsubscriber']) { $credentials->addRoles(UserRole::SUBSCRIBER); $credentials->addFeatures(UserFeature::SUBSCRIBER); if ($user['istwitchsubscriber']) { $credentials->addFeatures(UserFeature::SUBSCRIBERT0); } } if (!empty($subscription)) { if ($subscription['subscriptionTier'] == 2) { $credentials->addFeatures(UserFeature::SUBSCRIBERT2); } if ($subscription['subscriptionTier'] == 3) { $credentials->addFeatures(UserFeature::SUBSCRIBERT3); } if ($subscription['subscriptionTier'] == 4) { $credentials->addFeatures(UserFeature::SUBSCRIBERT4); } } return $credentials; }
/** * @Route ("/profile/update") * @HttpMethod ({"POST"}) * @Secure ({"USER"}) * @Transactional * * @param array $params * @param ViewModel $model * @throws Exception * @return string */ public function profileSave(array $params, ViewModel $model) { // Get user $userService = UserService::instance(); $userFeaturesService = UserFeaturesService::instance(); $subscriptionsService = SubscriptionsService::instance(); $authenticationService = AuthenticationService::instance(); $userId = Session::getCredentials()->getUserId(); $user = $userService->getUserById($userId); if (empty($user)) { throw new Exception('Invalid user'); } $username = isset($params['username']) && !empty($params['username']) ? $params['username'] : $user['username']; $email = isset($params['email']) && !empty($params['email']) ? $params['email'] : $user['email']; $country = isset($params['country']) && !empty($params['country']) ? $params['country'] : $user['country']; $allowGifting = isset($params['allowGifting']) ? $params['allowGifting'] : $user['allowGifting']; try { $authenticationService->validateUsername($username, $user); $authenticationService->validateEmail($email, $user); if (!empty($country)) { $countryArr = Country::getCountryByCode($country); if (empty($countryArr)) { throw new Exception('Invalid country'); } $country = $countryArr['alpha-2']; } } catch (Exception $e) { Session::set('modelError', $e->getMessage()); return 'redirect: /profile'; } // Date for update $userData = array('username' => $username, 'country' => $country, 'email' => $email, 'allowGifting' => $allowGifting); // Is the user changing their name? if (strcasecmp($username, $user['username']) !== 0) { $nameChangeCount = intval($user['nameChangedCount']); // have they hit their limit if ($nameChangeCount >= Config::$a['profile']['nameChangeLimit']) { throw new Exception('You have reached your name change limit'); } else { $userData['nameChangedDate'] = Date::getDateTime('NOW')->format('Y-m-d H:i:s'); $userData['nameChangedCount'] = $nameChangeCount + 1; } } // Update user $userService->updateUser($user['userId'], $userData); $authenticationService->flagUserForUpdate($user['userId']); Session::set('modelSuccess', 'Your profile has been updated'); return 'redirect: /profile'; }
/** * @Route ("/admin/user/{id}/edit") * @Secure ({"ADMIN"}) * @HttpMethod ({"POST"}) * * @param array $params * @param ViewModel $model * @return string * @throws Exception * @throws \Exception */ public function adminUserEditProcess(array $params, ViewModel $model) { $model->title = 'User'; FilterParams::required($params, 'id'); $authService = AuthenticationService::instance(); $userService = UserService::instance(); $userFeatureService = UserFeaturesService::instance(); $user = $userService->getUserById($params['id']); if (empty($user)) { throw new Exception('User was not found'); } $username = isset($params['username']) && !empty($params['username']) ? $params['username'] : $user['username']; $email = isset($params['email']) && !empty($params['email']) ? $params['email'] : $user['email']; $country = isset($params['country']) && !empty($params['country']) ? $params['country'] : $user['country']; $allowGifting = isset($params['allowGifting']) ? $params['allowGifting'] : $user['allowGifting']; $minecraftname = isset($params['minecraftname']) && !empty($params['minecraftname']) ? $params['minecraftname'] : $user['minecraftname']; $minecraftuuid = isset($params['minecraftuuid']) && !empty($params['minecraftuuid']) ? $params['minecraftuuid'] : $user['minecraftuuid']; $authService->validateEmail($email, $user); if (!empty($country)) { $countryArr = Country::getCountryByCode($country); if (empty($countryArr)) { throw new Exception('Invalid country'); } $country = $countryArr['alpha-2']; } $userData = array('username' => $username, 'country' => $country, 'email' => $email, 'minecraftname' => $minecraftname, 'minecraftuuid' => $minecraftuuid, 'allowGifting' => $allowGifting); $log = Application::instance()->getLogger(); $conn = Application::instance()->getConnection(); $conn->beginTransaction(); try { $userService->updateUser($user['userId'], $userData); $user = $userService->getUserById($params['id']); if (!isset($params['features'])) { $params['features'] = array(); } if (!isset($params['roles'])) { $params['roles'] = array(); } $userFeatureService->setUserFeatures($user['userId'], $params['features']); $userService->setUserRoles($user['userId'], $params['roles']); $authService->flagUserForUpdate($user['userId']); $conn->commit(); } catch (\Exception $e) { $log->critical("Error updating user", $user); $conn->rollBack(); throw $e; } Session::set('modelSuccess', 'User profile updated'); return 'redirect: /admin/user/' . $user['userId'] . '/edit'; }