/** * @return string * @throws \DreamFactory\Core\Exceptions\UnauthorizedException */ public static function refreshToken() { $token = Session::getSessionToken(); try { $newToken = \JWTAuth::refresh($token); $payload = \JWTAuth::getPayload($newToken); $userId = $payload->get('user_id'); $user = User::find($userId); $userInfo = $user->toArray(); ArrayUtils::set($userInfo, 'is_sys_admin', $user->is_sys_admin); Session::setSessionToken($newToken); Session::setUserInfo($userInfo); static::setTokenMap($payload, $newToken); } catch (TokenExpiredException $e) { $payloadArray = \JWTAuth::manager()->getJWTProvider()->decode($token); $forever = boolval(ArrayUtils::get($payloadArray, 'forever')); if ($forever) { $userId = ArrayUtils::get($payloadArray, 'user_id'); $user = User::find($userId); Session::setUserInfoWithJWT($user, $forever); } else { throw new UnauthorizedException($e->getMessage()); } } return Session::getSessionToken(); }
/** * @param Request $request * @param Closure $next * * @return array|mixed|string */ public function handle($request, Closure $next) { // Allow console requests through if (env('DF_IS_VALID_CONSOLE_REQUEST', false)) { return $next($request); } try { static::setExceptions(); if (static::isAccessAllowed()) { return $next($request); } elseif (static::isException($request)) { //API key and/or (non-admin) user logged in, but if access is still not allowed then check for exception case. return $next($request); } else { $apiKey = Session::getApiKey(); $token = Session::getSessionToken(); if (empty($apiKey) && empty($token)) { throw new BadRequestException('Bad request. No token or api key provided.'); } elseif (true === Session::get('token_expired')) { throw new UnauthorizedException(Session::get('token_expired_msg')); } elseif (!Session::isAuthenticated()) { throw new UnauthorizedException('Unauthorized.'); } else { throw new ForbiddenException('Access Forbidden.'); } } } catch (\Exception $e) { return ResponseFactory::getException($e, $request); } }
/** * Registers new user. * * @return array * @throws \DreamFactory\Core\Exceptions\BadRequestException * @throws \DreamFactory\Core\Exceptions\ForbiddenException */ protected function handlePOST() { $payload = $this->getPayloadData(); $login = $this->request->getParameterAsBool('login'); $registrar = new Registrar(); $password = ArrayUtils::get($payload, 'new_password', ArrayUtils::get($payload, 'password')); $data = ['first_name' => ArrayUtils::get($payload, 'first_name'), 'last_name' => ArrayUtils::get($payload, 'last_name'), 'name' => ArrayUtils::get($payload, 'name'), 'email' => ArrayUtils::get($payload, 'email'), 'phone' => ArrayUtils::get($payload, 'phone'), 'security_question' => ArrayUtils::get($payload, 'security_question'), 'security_answer' => ArrayUtils::get($payload, 'security_answer'), 'password' => $password, 'password_confirmation' => ArrayUtils::get($payload, 'password_confirmation', $password)]; if (empty($data['first_name'])) { list($username, $domain) = explode('@', $data['email']); $data['first_name'] = $username; } if (empty($data['last_name'])) { $names = explode('.', $data['first_name']); if (isset($names[1])) { $data['last_name'] = $names[1]; $data['first_name'] = $names[0]; } else { $data['last_name'] = $names[0]; } } if (empty($data['name'])) { $data['name'] = $data['first_name'] . ' ' . $data['last_name']; } ArrayUtils::removeNull($data); /** @var \Illuminate\Validation\Validator $validator */ $validator = $registrar->validator($data); if ($validator->fails()) { $messages = $validator->errors()->getMessages(); throw new BadRequestException('Validation failed', null, null, $messages); } else { $user = $registrar->create($data); if ($login) { if ($user->confirm_code !== 'y' && !is_null($user->confirm_code)) { return ['success' => true, 'confirmation_required' => true]; } else { Session::setUserInfoWithJWT($user); return ['success' => true, 'session_token' => Session::getSessionToken()]; } } else { return ['success' => true]; } } }
/** * Updates user profile. * * @return array * @throws NotFoundException * @throws \Exception */ protected function handlePOST() { $payload = $this->getPayloadData(); $data = ['first_name' => ArrayUtils::get($payload, 'first_name'), 'last_name' => ArrayUtils::get($payload, 'last_name'), 'name' => ArrayUtils::get($payload, 'name'), 'email' => ArrayUtils::get($payload, 'email'), 'phone' => ArrayUtils::get($payload, 'phone'), 'security_question' => ArrayUtils::get($payload, 'security_question'), 'security_answer' => ArrayUtils::get($payload, 'security_answer'), 'default_app_id' => ArrayUtils::get($payload, 'default_app_id')]; ArrayUtils::removeNull($data); $user = Session::user(); if (empty($user)) { throw new NotFoundException('No user session found.'); } $oldToken = Session::getSessionToken(); $email = $user->email; $user->update($data); if (!empty($oldToken) && $email !== ArrayUtils::get($data, 'email', $email)) { // Email change invalidates token. Need to create a new token. $forever = JWTUtilities::isForever($oldToken); Session::setUserInfoWithJWT($user, $forever); $newToken = Session::getSessionToken(); return ['success' => true, 'session_token' => $newToken]; } return ['success' => true]; }
/** * Changes password by security answer. * * @param $email * @param $answer * @param $newPassword * @param bool $login * * @return array * @throws BadRequestException * @throws InternalServerErrorException * @throws NotFoundException */ protected static function changePasswordBySecurityAnswer($email, $answer, $newPassword, $login = true) { if (empty($email)) { throw new BadRequestException("Missing required email for password reset confirmation."); } if (empty($newPassword)) { throw new BadRequestException("Missing new password for reset."); } if (empty($answer)) { throw new BadRequestException("Missing security answer."); } /** @var User $user */ $user = User::whereEmail($email)->first(); if (null === $user) { // bad code throw new NotFoundException("The supplied email and confirmation code were not found in the system."); } static::isAllowed($user); try { // validate answer $isValid = \Hash::check($answer, $user->security_answer); } catch (\Exception $ex) { throw new InternalServerErrorException("Error validating security answer.\n{$ex->getMessage()}"); } if (!$isValid) { throw new BadRequestException("The answer supplied does not match."); } try { $user->password = $newPassword; $user->save(); } catch (\Exception $ex) { throw new InternalServerErrorException("Error processing password change.\n{$ex->getMessage()}"); } if ($login) { static::userLogin($email, $newPassword); return ['success' => true, 'session_token' => Session::getSessionToken()]; } return ['success' => true]; }