/** * @param EditUser $command * @return User * @throws \Flarum\Core\Exception\PermissionDeniedException */ public function handle(EditUser $command) { $actor = $command->actor; $data = $command->data; $user = $this->users->findOrFail($command->userId, $actor); $canEdit = $actor->can('edit', $user); $isSelf = $actor->id === $user->id; $attributes = array_get($data, 'attributes', []); $relationships = array_get($data, 'relationships', []); if (isset($attributes['username'])) { $this->assertPermission($canEdit); $user->rename($attributes['username']); } if (isset($attributes['email'])) { if ($isSelf) { $user->requestEmailChange($attributes['email']); } else { $this->assertPermission($canEdit); $user->changeEmail($attributes['email']); } } if (isset($attributes['password'])) { $this->assertPermission($canEdit); $user->changePassword($attributes['password']); } if (isset($attributes['bio'])) { if (!$isSelf) { $this->assertPermission($canEdit); } $user->changeBio($attributes['bio']); } if (!empty($attributes['readTime'])) { $this->assertPermission($isSelf); $user->markAllAsRead(); } if (!empty($attributes['preferences'])) { $this->assertPermission($isSelf); foreach ($attributes['preferences'] as $k => $v) { $user->setPreference($k, $v); } } if (isset($relationships['groups']['data']) && is_array($relationships['groups']['data'])) { $this->assertPermission($canEdit); $newGroupIds = []; foreach ($relationships['groups']['data'] as $group) { if ($id = array_get($group, 'id')) { $newGroupIds[] = $id; } } $user->raise(new UserGroupsWereChanged($user, $user->groups()->get()->all())); $user->afterSave(function (User $user) use($newGroupIds) { $user->groups()->sync($newGroupIds); }); } $this->events->fire(new UserWillBeSaved($user, $actor, $data)); $this->validator->assertValid(array_merge($user->getDirty(), array_only($attributes, ['password', 'email']))); $user->save(); $this->dispatchEventsFor($user, $actor); return $user; }
/** * @param Request $request * @return RedirectResponse */ public function handle(Request $request) { $input = $request->getParsedBody(); $token = PasswordToken::findOrFail(array_get($input, 'passwordToken')); $password = array_get($input, 'password'); $confirmation = array_get($input, 'password_confirmation'); $this->validator->assertValid(compact('password')); if (!$password || $password !== $confirmation) { return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id])); } $token->user->changePassword($password); $token->user->save(); $token->delete(); $session = $request->getAttribute('session'); $this->authenticator->logIn($session, $token->user->id); return new RedirectResponse($this->url->toBase()); }
/** * @param RegisterUser $command * @throws PermissionDeniedException if signup is closed and the actor is * not an administrator. * @throws \Flarum\Core\Exception\InvalidConfirmationTokenException if an * email confirmation token is provided but is invalid. * @return User */ public function handle(RegisterUser $command) { $actor = $command->actor; $data = $command->data; if (!$this->settings->get('allow_sign_up')) { $this->assertAdmin($actor); } $username = array_get($data, 'attributes.username'); $email = array_get($data, 'attributes.email'); $password = array_get($data, 'attributes.password'); // If a valid authentication token was provided as an attribute, // then we won't require the user to choose a password. if (isset($data['attributes']['token'])) { $token = AuthToken::validOrFail($data['attributes']['token']); $password = $password ?: str_random(20); } $user = User::register($username, $email, $password); // If a valid authentication token was provided, then we will assign // the attributes associated with it to the user's account. If this // includes an email address, then we will activate the user's account // from the get-go. if (isset($token)) { foreach ($token->payload as $k => $v) { $user->{$k} = $v; } if (isset($token->payload['email'])) { $user->activate(); } } if ($actor->isAdmin() && array_get($data, 'attributes.isActivated')) { $user->activate(); } $this->events->fire(new UserWillBeSaved($user, $actor, $data)); $this->validator->assertValid(array_merge($user->getAttributes(), compact('password'))); if ($avatarUrl = array_get($data, 'attributes.avatarUrl')) { $validation = $this->validatorFactory->make(compact('avatarUrl'), ['avatarUrl' => 'url']); if ($validation->fails()) { throw new ValidationException($validation); } try { $this->saveAvatarFromUrl($user, $avatarUrl); } catch (Exception $e) { // } } $user->save(); if (isset($token)) { $token->delete(); } $this->dispatchEventsFor($user, $actor); return $user; }
/** * @param Request $request * @return RedirectResponse */ public function handle(Request $request) { $input = $request->getParsedBody(); $token = PasswordToken::findOrFail(array_get($input, 'passwordToken')); $password = array_get($input, 'password'); try { // todo: probably shouldn't use the user validator for this, // passwords should be validated separately $this->validator->assertValid(compact('password')); $validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']); if ($validator->fails()) { throw new ValidationException($validator); } } catch (ValidationException $e) { $request->getAttribute('session')->set('error', $e->errors()->first()); return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id])); } $token->user->changePassword($password); $token->user->save(); $token->delete(); $session = $request->getAttribute('session'); $this->authenticator->logIn($session, $token->user->id); return new RedirectResponse($this->url->toBase()); }