/** * Generate a key to be stored in a cookie so users who are not logged in * can edit / delete the image. * * @param PasswordHasher $passwordHasher * * @return string */ public function generateKey(PasswordHasher $passwordHasher) { $key = $passwordHasher->generateKey(); $this->sessionKey = $key; //$passwordHasher->generateHash($key); return $key; }
/** * @api {post} /sessions Start a Session (Login) * @apiGroup User Sessions * @apiDescription Validates login credentials and returns a new session if valid. * @apiParam {string} username Username to login as. * @apiParam {string} password The user's password. * * @param PasswordHasher $passwordHasher * * @throws HttpException * @return \Response */ public function store(PasswordHasher $passwordHasher) { $this->validate($this->request, ['username' => 'required', 'password' => 'required']); $username = $this->request->input('username'); $password = $this->request->input('password'); /** @var User $user */ $user = User::whereUsername($username)->first(); if (!$user) { throw new InputException(404, ['username' => ["Couldn't find a user with that username."]]); } if ($passwordHasher->verify($password, $user, 'password')) { $this->auth->setUser($user); // Start a new session $session = new UserSession(['userId' => $user->userId, 'ip' => $this->request->getClientIp()]); $sessionKey = $session->generateKey($passwordHasher); $session->save(); return $this->response(['session' => $session, 'sessionKey' => $sessionKey, 'success' => true]); } else { throw new InputException(401, ['password' => ["That password is not correct."]]); } }
/** * @api {put} /albums/{albumId} Update Album Info * @apiGroup Albums * @apiDescription Update the stored metadata for an album. * @apiParam {string} [title] New title of the album. * @apiParam {boolean=0,1} [anonymous=0] Hide the name of the album owner? * @apiParam {string=""} [password] Password that will be needed to view the album and any images in it. * Give a blank value to clear. * <br/>**If an image is in an album the anonymous setting and password for the album apply instead of * the images own settings.** * @apiUse RequiresAuthentication * @apiUse AlbumSuccessResponse * * @param Album $album * @param PasswordHasher $passwordHasher * * @return Response */ public function update(Album $album, PasswordHasher $passwordHasher) { $user = $this->requireAuthentication($album->userId); $this->validate($this->request, ['title' => 'string|max:100|unique:albums,title,' . $album->albumId . ',albumId,userId,' . $user->userId, 'anonymous' => 'boolean', 'password' => '']); if ($title = $this->request->input('name')) { $album->title = $title; } if ($this->request->exists('anonymous')) { $album->anonymous = (bool) $this->request->input('anonymous'); } if ($this->request->exists('password')) { if ($password = $this->request->input('password')) { $album->password = $passwordHasher->generateHash($password); } else { $album->password = null; } } if ($album->save()) { return $this->response(['album' => $album->fresh(), 'success' => true]); } throw new HttpException(500, "Unable to update album."); }
/** * @api {put} /images/{imageId} Update Image Info * @apiGroup Images * @apiDescription Update the stored metadata for an image. * @apiParam {string} [title] Title for the image. Give a blank value to clear. * @apiParam {boolean=0,1} [anonymous=0] Hide the name of the uploader? (Requires authentication) * @apiParam {string=""} [password] Password that will be needed to view the image. Give a blank value to clear. * (Requires authentication) * @apiParam {int} [albumId] An album that the image should be moved to. Give a blank value to remove from album. * (Requires authentication) * @apiUse RequiresEditableImage * @apiUse ImageSuccessResponse * * @param Image $image * @param PasswordHasher $passwordHasher * * @return Response */ public function update(Image $image, PasswordHasher $passwordHasher) { $this->requireEditableImage($image); $this->validate($this->request, ['title' => 'max:10', 'anonymous' => 'boolean', 'password' => '', 'sessionKey' => 'required_with:anonymous,password,albumId']); if ($this->request->exists('albumId')) { if ($albumId = $this->request->input('albumId')) { $this->validate($this->request, ['albumId' => 'exists:albums,albumId,userId,' . $this->user->getId()]); $image->albumId = $albumId; } else { $image->albumId = null; } } if ($this->request->exists('title')) { $image->title = $this->request->input('title'); } if ($this->request->exists('anonymous')) { $image->anonymous = (bool) $this->request->input('anonymous'); } if ($this->request->exists('password')) { if ($password = $this->request->input('password')) { $image->password = $passwordHasher->generateHash($password); } else { $image->password = null; } } $success = $image->isDirty() ? $image->save() : false; return $this->response(['success' => $success, 'image' => $image->fresh()]); }
/** * @api {put} /users/{username} Update User Info * @apiGroup Users * @apiDescription Update a user's account information. * @apiParam {string} sessionKey A session key belonging to this user. * @apiParam {string} [username] A new username for the user. * @apiParam {string} [email] A new email address for the user. * @apiParam {string} [password] A new password for the user. Minimum 3 characters. * @apiParam {boolean=0,1} [defaultAnonymous=0] Display the username on images uploaded by this user? * @apiParam {string} [defaultPassword] A password that will be required to view newly uploaded images. * (Can be changed per image after uploading, see "Update Image Info"). * @apiUse UserSuccessResponse * * @param User $user * @param PasswordHasher $passwordHasher * * @return Response */ public function update(User $user, PasswordHasher $passwordHasher) { $this->requireAuthentication($user->userId); $validationRules = ['username' => 'unique:users,username,' . $user->userId . ',userId', 'email' => 'unique:users,email,' . $user->userId . ',userId', 'password' => 'min:3', 'defaultAnonymous' => 'boolean', 'defaultPassword' => 'string']; $this->validate($this->request, $validationRules); if ($this->request->has('username')) { $user->username = $this->request->input('username'); } if ($this->request->has('email')) { $user->email = $this->request->input('email'); } if ($this->request->has('password')) { $user->password = $passwordHasher->generateHash($this->request->input('password')); } if ($this->request->has('defaultAnonymous')) { $user->defaultAnonymous = (bool) $this->request->input('defaultAnonymous'); } if ($this->request->exists('defaultPassword')) { if ($password = $this->request->input('defaultPassword')) { $user->defaultPassword = $passwordHasher->generateHash($password); } else { $user->defaultPassword = null; } } $success = $user->isDirty() ? $user->save() : false; return $this->response(['success' => $success, 'user' => $user->fresh()]); }