/**
* Generate a key to be stored in a cookie so users who are not logged in
* can edit / delete the image.
*
* @param PasswordHasher $passwordHasher
*
* @return string
*/
public function generateKey(PasswordHasher $passwordHasher)
{
$key = $passwordHasher->generateKey();
$this->sessionKey = $key;
//$passwordHasher->generateHash($key);
return $key;
}
/**
* @api {post} /sessions Start a Session (Login)
* @apiGroup User Sessions
* @apiDescription Validates login credentials and returns a new session if valid.
* @apiParam {string} username Username to login as.
* @apiParam {string} password The user's password.
*
* @param PasswordHasher $passwordHasher
*
* @throws HttpException
* @return \Response
*/
public function store(PasswordHasher $passwordHasher)
{
$this->validate($this->request, ['username' => 'required', 'password' => 'required']);
$username = $this->request->input('username');
$password = $this->request->input('password');
/** @var User $user */
$user = User::whereUsername($username)->first();
if (!$user) {
throw new InputException(404, ['username' => ["Couldn't find a user with that username."]]);
}
if ($passwordHasher->verify($password, $user, 'password')) {
$this->auth->setUser($user);
// Start a new session
$session = new UserSession(['userId' => $user->userId, 'ip' => $this->request->getClientIp()]);
$sessionKey = $session->generateKey($passwordHasher);
$session->save();
return $this->response(['session' => $session, 'sessionKey' => $sessionKey, 'success' => true]);
} else {
throw new InputException(401, ['password' => ["That password is not correct."]]);
}
}
/**
* @api {put} /albums/{albumId} Update Album Info
* @apiGroup Albums
* @apiDescription Update the stored metadata for an album.
* @apiParam {string} [title] New title of the album.
* @apiParam {boolean=0,1} [anonymous=0] Hide the name of the album owner?
* @apiParam {string=""} [password] Password that will be needed to view the album and any images in it.
* Give a blank value to clear.
* <br/>**If an image is in an album the anonymous setting and password for the album apply instead of
* the images own settings.**
* @apiUse RequiresAuthentication
* @apiUse AlbumSuccessResponse
*
* @param Album $album
* @param PasswordHasher $passwordHasher
*
* @return Response
*/
public function update(Album $album, PasswordHasher $passwordHasher)
{
$user = $this->requireAuthentication($album->userId);
$this->validate($this->request, ['title' => 'string|max:100|unique:albums,title,' . $album->albumId . ',albumId,userId,' . $user->userId, 'anonymous' => 'boolean', 'password' => '']);
if ($title = $this->request->input('name')) {
$album->title = $title;
}
if ($this->request->exists('anonymous')) {
$album->anonymous = (bool) $this->request->input('anonymous');
}
if ($this->request->exists('password')) {
if ($password = $this->request->input('password')) {
$album->password = $passwordHasher->generateHash($password);
} else {
$album->password = null;
}
}
if ($album->save()) {
return $this->response(['album' => $album->fresh(), 'success' => true]);
}
throw new HttpException(500, "Unable to update album.");
}
/**
* @api {put} /images/{imageId} Update Image Info
* @apiGroup Images
* @apiDescription Update the stored metadata for an image.
* @apiParam {string} [title] Title for the image. Give a blank value to clear.
* @apiParam {boolean=0,1} [anonymous=0] Hide the name of the uploader? (Requires authentication)
* @apiParam {string=""} [password] Password that will be needed to view the image. Give a blank value to clear.
* (Requires authentication)
* @apiParam {int} [albumId] An album that the image should be moved to. Give a blank value to remove from album.
* (Requires authentication)
* @apiUse RequiresEditableImage
* @apiUse ImageSuccessResponse
*
* @param Image $image
* @param PasswordHasher $passwordHasher
*
* @return Response
*/
public function update(Image $image, PasswordHasher $passwordHasher)
{
$this->requireEditableImage($image);
$this->validate($this->request, ['title' => 'max:10', 'anonymous' => 'boolean', 'password' => '', 'sessionKey' => 'required_with:anonymous,password,albumId']);
if ($this->request->exists('albumId')) {
if ($albumId = $this->request->input('albumId')) {
$this->validate($this->request, ['albumId' => 'exists:albums,albumId,userId,' . $this->user->getId()]);
$image->albumId = $albumId;
} else {
$image->albumId = null;
}
}
if ($this->request->exists('title')) {
$image->title = $this->request->input('title');
}
if ($this->request->exists('anonymous')) {
$image->anonymous = (bool) $this->request->input('anonymous');
}
if ($this->request->exists('password')) {
if ($password = $this->request->input('password')) {
$image->password = $passwordHasher->generateHash($password);
} else {
$image->password = null;
}
}
$success = $image->isDirty() ? $image->save() : false;
return $this->response(['success' => $success, 'image' => $image->fresh()]);
}
/**
* @api {put} /users/{username} Update User Info
* @apiGroup Users
* @apiDescription Update a user's account information.
* @apiParam {string} sessionKey A session key belonging to this user.
* @apiParam {string} [username] A new username for the user.
* @apiParam {string} [email] A new email address for the user.
* @apiParam {string} [password] A new password for the user. Minimum 3 characters.
* @apiParam {boolean=0,1} [defaultAnonymous=0] Display the username on images uploaded by this user?
* @apiParam {string} [defaultPassword] A password that will be required to view newly uploaded images.
* (Can be changed per image after uploading, see "Update Image Info").
* @apiUse UserSuccessResponse
*
* @param User $user
* @param PasswordHasher $passwordHasher
*
* @return Response
*/
public function update(User $user, PasswordHasher $passwordHasher)
{
$this->requireAuthentication($user->userId);
$validationRules = ['username' => 'unique:users,username,' . $user->userId . ',userId', 'email' => 'unique:users,email,' . $user->userId . ',userId', 'password' => 'min:3', 'defaultAnonymous' => 'boolean', 'defaultPassword' => 'string'];
$this->validate($this->request, $validationRules);
if ($this->request->has('username')) {
$user->username = $this->request->input('username');
}
if ($this->request->has('email')) {
$user->email = $this->request->input('email');
}
if ($this->request->has('password')) {
$user->password = $passwordHasher->generateHash($this->request->input('password'));
}
if ($this->request->has('defaultAnonymous')) {
$user->defaultAnonymous = (bool) $this->request->input('defaultAnonymous');
}
if ($this->request->exists('defaultPassword')) {
if ($password = $this->request->input('defaultPassword')) {
$user->defaultPassword = $passwordHasher->generateHash($password);
} else {
$user->defaultPassword = null;
}
}
$success = $user->isDirty() ? $user->save() : false;
return $this->response(['success' => $success, 'user' => $user->fresh()]);
}
