/**
* @param UploadAvatar $command
* @return \Flarum\Core\User
* @throws \Flarum\Core\Exception\PermissionDeniedException
*/
public function handle(UploadAvatar $command)
{
$actor = $command->actor;
$user = $this->users->findOrFail($command->userId);
if ($actor->id !== $user->id) {
$this->assertCan($actor, 'edit', $user);
}
$tmpFile = tempnam($this->app->storagePath() . '/tmp', 'avatar');
$command->file->moveTo($tmpFile);
$file = new UploadedFile($tmpFile, $command->file->getClientFilename(), $command->file->getClientMediaType(), $command->file->getSize(), $command->file->getError(), true);
$this->validator->assertValid(['avatar' => $file]);
$manager = new ImageManager();
$manager->make($tmpFile)->fit(100, 100)->save();
$this->events->fire(new AvatarWillBeSaved($user, $actor, $tmpFile));
$mount = new MountManager(['source' => new Filesystem(new Local(pathinfo($tmpFile, PATHINFO_DIRNAME))), 'target' => $this->uploadDir]);
if ($user->avatar_path && $mount->has($file = "target://{$user->avatar_path}")) {
$mount->delete($file);
}
$uploadName = Str::lower(Str::quickRandom()) . '.jpg';
$user->changeAvatarPath($uploadName);
$mount->move("source://" . pathinfo($tmpFile, PATHINFO_BASENAME), "target://{$uploadName}");
$user->save();
$this->dispatchEventsFor($user, $actor);
return $user;
}
/**
* @param EditUser $command
* @return User
* @throws \Flarum\Core\Exception\PermissionDeniedException
*/
public function handle(EditUser $command)
{
$actor = $command->actor;
$data = $command->data;
$user = $this->users->findOrFail($command->userId, $actor);
$canEdit = $actor->can('edit', $user);
$isSelf = $actor->id === $user->id;
$attributes = array_get($data, 'attributes', []);
$relationships = array_get($data, 'relationships', []);
if (isset($attributes['username'])) {
$this->assertPermission($canEdit);
$user->rename($attributes['username']);
}
if (isset($attributes['email'])) {
if ($isSelf) {
$user->requestEmailChange($attributes['email']);
} else {
$this->assertPermission($canEdit);
$user->changeEmail($attributes['email']);
}
}
if (isset($attributes['password'])) {
$this->assertPermission($canEdit);
$user->changePassword($attributes['password']);
}
if (isset($attributes['bio'])) {
if (!$isSelf) {
$this->assertPermission($canEdit);
}
$user->changeBio($attributes['bio']);
}
if (!empty($attributes['readTime'])) {
$this->assertPermission($isSelf);
$user->markAllAsRead();
}
if (!empty($attributes['preferences'])) {
$this->assertPermission($isSelf);
foreach ($attributes['preferences'] as $k => $v) {
$user->setPreference($k, $v);
}
}
if (isset($relationships['groups']['data']) && is_array($relationships['groups']['data'])) {
$this->assertPermission($canEdit);
$newGroupIds = [];
foreach ($relationships['groups']['data'] as $group) {
if ($id = array_get($group, 'id')) {
$newGroupIds[] = $id;
}
}
$user->raise(new UserGroupsWereChanged($user, $user->groups()->get()->all()));
$user->afterSave(function (User $user) use($newGroupIds) {
$user->groups()->sync($newGroupIds);
});
}
$this->events->fire(new UserWillBeSaved($user, $actor, $data));
$this->validator->assertValid(array_merge($user->getDirty(), array_only($attributes, ['password', 'email'])));
$user->save();
$this->dispatchEventsFor($user, $actor);
return $user;
}
/**
* @param UploadAvatar $command
* @return \Flarum\Core\User
* @throws \Flarum\Core\Exception\PermissionDeniedException
*/
public function handle(UploadAvatar $command)
{
$actor = $command->actor;
$user = $this->users->findOrFail($command->userId);
if ($actor->id !== $user->id) {
$this->assertCan($actor, 'edit', $user);
}
$tmpFile = tempnam($this->app->storagePath() . '/tmp', 'avatar');
$command->file->moveTo($tmpFile);
try {
$file = new UploadedFile($tmpFile, $command->file->getClientFilename(), $command->file->getClientMediaType(), $command->file->getSize(), $command->file->getError(), true);
$this->validator->assertValid(['avatar' => $file]);
$manager = new ImageManager();
// Explicitly tell Intervention to encode the image as JSON (instead of having to guess from the extension)
$encodedImage = $manager->make($tmpFile)->fit(100, 100)->encode('jpg', 100);
file_put_contents($tmpFile, $encodedImage);
$this->events->fire(new AvatarWillBeSaved($user, $actor, $tmpFile));
$mount = new MountManager(['source' => new Filesystem(new Local(pathinfo($tmpFile, PATHINFO_DIRNAME))), 'target' => $this->uploadDir]);
if ($user->avatar_path && $mount->has($file = "target://{$user->avatar_path}")) {
$mount->delete($file);
}
$uploadName = Str::lower(Str::quickRandom()) . '.jpg';
$user->changeAvatarPath($uploadName);
$mount->move('source://' . pathinfo($tmpFile, PATHINFO_BASENAME), "target://{$uploadName}");
$user->save();
$this->dispatchEventsFor($user, $actor);
return $user;
} catch (Exception $e) {
@unlink($tmpFile);
throw $e;
}
}
/**
* @param Request $request
* @return JsonResponse|EmptyResponse
*/
public function handle(Request $request)
{
$actor = $request->getAttribute('actor');
$Referer = $request->getHeader('Referer');
$params = array_only($request->getParsedBody(), ['identification', 'password']);
$response = $this->apiClient->send(TokenController::class, $actor, [], $params);
if ($response->getStatusCode() === 200) {
$data = json_decode($response->getBody());
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $data->userId);
$token = AccessToken::find($data->token);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $token));
$response = FigResponseCookies::set($response, SetCookie::create("lastLoginName")->withValue($request->getParsedBody()['identification'])->withPath('/'));
$response = $this->rememberer->remember($response, $token);
} elseif ($response->getStatusCode() === 401) {
$responseNew = $this->apiClient->send(PingxxTokenController::class, $actor, [], $params);
if ($responseNew->getStatusCode() === 200) {
$data = json_decode($responseNew->getBody());
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $data->userId);
$token = AccessToken::find($data->token);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $token));
$responseNew = FigResponseCookies::set($responseNew, SetCookie::create("lastLoginName")->withValue($request->getParsedBody()['identification'])->withPath('/')->withDomain('dashboard.pingxx.com'));
$responseNew = $this->rememberer->remember($responseNew, $token);
return $responseNew;
} else {
return $response;
}
}
return $response;
}
/**
* @param DeleteUser $command
* @return \Flarum\Core\User
* @throws PermissionDeniedException
*/
public function handle(DeleteUser $command)
{
$actor = $command->actor;
$user = $this->users->findOrFail($command->userId, $actor);
$this->assertCan($actor, 'delete', $user);
$this->events->fire(new UserWillBeDeleted($user, $actor, $command->data));
$user->delete();
$this->dispatchEventsFor($user, $actor);
return $user;
}
/**
* {@inheritdoc}
*/
protected function data(ServerRequestInterface $request, Document $document)
{
$id = array_get($request->getQueryParams(), 'id');
if (!is_numeric($id)) {
$id = $this->users->getIdForUsername($id);
}
$actor = $request->getAttribute('actor');
if ($actor->id == $id) {
$this->serializer = 'Flarum\\Api\\Serializer\\CurrentUserSerializer';
}
return $this->users->findOrFail($id, $actor);
}
/**
* @param Request $request
* @return JsonResponse|EmptyResponse
*/
public function handle(Request $request)
{
$actor = $request->getAttribute('actor');
$params = array_only($request->getParsedBody(), ['identification', 'password']);
$response = $this->apiClient->send(TokenController::class, $actor, [], $params);
if ($response->getStatusCode() === 200) {
$data = json_decode($response->getBody());
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $data->userId);
$token = AccessToken::find($data->token);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $token));
$response = $this->rememberer->remember($response, $token);
}
return $response;
}
/**
* @param DeleteAvatar $command
* @return \Flarum\Core\User
* @throws PermissionDeniedException
*/
public function handle(DeleteAvatar $command)
{
$actor = $command->actor;
$user = $this->users->findOrFail($command->userId);
if ($actor->id !== $user->id) {
$this->assertCan($actor, 'edit', $user);
}
$avatarPath = $user->avatar_path;
$user->changeAvatarPath(null);
$this->events->fire(new AvatarWillBeDeleted($user, $actor));
$user->save();
if ($this->uploadDir->has($avatarPath)) {
$this->uploadDir->delete($avatarPath);
}
$this->dispatchEventsFor($user, $actor);
return $user;
}
/**
* @param Request $request
* @param array $routeParams
* @return JsonResponse|EmptyResponse
*/
public function handle(Request $request, array $routeParams = [])
{
$controller = 'Flarum\\Api\\Controller\\TokenController';
$actor = $request->getAttribute('actor');
$params = array_only($request->getParsedBody(), ['identification', 'password']);
$response = $this->apiClient->send($controller, $actor, [], $params);
if ($response->getStatusCode() === 200) {
$data = json_decode($response->getBody());
// Extend the token's expiry to 2 weeks so that we can set a
// remember cookie
AccessToken::where('id', $data->token)->update(['expires_at' => new DateTime('+2 weeks')]);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));
return $this->withRememberCookie($response, $data->token);
} else {
return $response;
}
}
/**
* @param Request $request
* @param array $routeParams
* @return JsonResponse|EmptyResponse
*/
public function handle(Request $request, array $routeParams = [])
{
$controller = 'Flarum\\Api\\Controller\\TokenController';
$actor = $request->getAttribute('actor');
$params = array_only($request->getParsedBody(), ['identification', 'password']);
$data = json_decode($this->apiClient->send($controller, $actor, [], $params)->getBody());
// TODO: The client needs to pass through exceptions(?) or the whole
// response so we can look at the response code. For now if there isn't
// any useful data we just assume it's a 401.
if (isset($data->userId)) {
// Extend the token's expiry to 2 weeks so that we can set a
// remember cookie
AccessToken::where('id', $data->token)->update(['expires_at' => new DateTime('+2 weeks')]);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));
return $this->withRememberCookie(new JsonResponse($data), $data->token);
} else {
return new EmptyResponse(401);
}
}
