/** * Since images can be uploaded without authenticating we need a way to know * if the request is by the person that uploaded the image. A key is generated * and sent back when the image is first uploaded. That should be stored by the client * and used in subsequent requests. * * @param PasswordHasher $passwordHasher * * @return string */ public function generateKey(PasswordHasher $passwordHasher) { $key = $passwordHasher->generateKey(); $this->key = $passwordHasher->generateHash($key); return $key; }
/** * @api {put} /users/{username} Update User Info * @apiGroup Users * @apiDescription Update a user's account information. * @apiParam {string} sessionKey A session key belonging to this user. * @apiParam {string} [username] A new username for the user. * @apiParam {string} [email] A new email address for the user. * @apiParam {string} [password] A new password for the user. Minimum 3 characters. * @apiParam {boolean=0,1} [defaultAnonymous=0] Display the username on images uploaded by this user? * @apiParam {string} [defaultPassword] A password that will be required to view newly uploaded images. * (Can be changed per image after uploading, see "Update Image Info"). * @apiUse UserSuccessResponse * * @param User $user * @param PasswordHasher $passwordHasher * * @return Response */ public function update(User $user, PasswordHasher $passwordHasher) { $this->requireAuthentication($user->userId); $validationRules = ['username' => 'unique:users,username,' . $user->userId . ',userId', 'email' => 'unique:users,email,' . $user->userId . ',userId', 'password' => 'min:3', 'defaultAnonymous' => 'boolean', 'defaultPassword' => 'string']; $this->validate($this->request, $validationRules); if ($this->request->has('username')) { $user->username = $this->request->input('username'); } if ($this->request->has('email')) { $user->email = $this->request->input('email'); } if ($this->request->has('password')) { $user->password = $passwordHasher->generateHash($this->request->input('password')); } if ($this->request->has('defaultAnonymous')) { $user->defaultAnonymous = (bool) $this->request->input('defaultAnonymous'); } if ($this->request->exists('defaultPassword')) { if ($password = $this->request->input('defaultPassword')) { $user->defaultPassword = $passwordHasher->generateHash($password); } else { $user->defaultPassword = null; } } $success = $user->isDirty() ? $user->save() : false; return $this->response(['success' => $success, 'user' => $user->fresh()]); }
/** * @api {put} /images/{imageId} Update Image Info * @apiGroup Images * @apiDescription Update the stored metadata for an image. * @apiParam {string} [title] Title for the image. Give a blank value to clear. * @apiParam {boolean=0,1} [anonymous=0] Hide the name of the uploader? (Requires authentication) * @apiParam {string=""} [password] Password that will be needed to view the image. Give a blank value to clear. * (Requires authentication) * @apiParam {int} [albumId] An album that the image should be moved to. Give a blank value to remove from album. * (Requires authentication) * @apiUse RequiresEditableImage * @apiUse ImageSuccessResponse * * @param Image $image * @param PasswordHasher $passwordHasher * * @return Response */ public function update(Image $image, PasswordHasher $passwordHasher) { $this->requireEditableImage($image); $this->validate($this->request, ['title' => 'max:10', 'anonymous' => 'boolean', 'password' => '', 'sessionKey' => 'required_with:anonymous,password,albumId']); if ($this->request->exists('albumId')) { if ($albumId = $this->request->input('albumId')) { $this->validate($this->request, ['albumId' => 'exists:albums,albumId,userId,' . $this->user->getId()]); $image->albumId = $albumId; } else { $image->albumId = null; } } if ($this->request->exists('title')) { $image->title = $this->request->input('title'); } if ($this->request->exists('anonymous')) { $image->anonymous = (bool) $this->request->input('anonymous'); } if ($this->request->exists('password')) { if ($password = $this->request->input('password')) { $image->password = $passwordHasher->generateHash($password); } else { $image->password = null; } } $success = $image->isDirty() ? $image->save() : false; return $this->response(['success' => $success, 'image' => $image->fresh()]); }
/** * @api {put} /albums/{albumId} Update Album Info * @apiGroup Albums * @apiDescription Update the stored metadata for an album. * @apiParam {string} [title] New title of the album. * @apiParam {boolean=0,1} [anonymous=0] Hide the name of the album owner? * @apiParam {string=""} [password] Password that will be needed to view the album and any images in it. * Give a blank value to clear. * <br/>**If an image is in an album the anonymous setting and password for the album apply instead of * the images own settings.** * @apiUse RequiresAuthentication * @apiUse AlbumSuccessResponse * * @param Album $album * @param PasswordHasher $passwordHasher * * @return Response */ public function update(Album $album, PasswordHasher $passwordHasher) { $user = $this->requireAuthentication($album->userId); $this->validate($this->request, ['title' => 'string|max:100|unique:albums,title,' . $album->albumId . ',albumId,userId,' . $user->userId, 'anonymous' => 'boolean', 'password' => '']); if ($title = $this->request->input('name')) { $album->title = $title; } if ($this->request->exists('anonymous')) { $album->anonymous = (bool) $this->request->input('anonymous'); } if ($this->request->exists('password')) { if ($password = $this->request->input('password')) { $album->password = $passwordHasher->generateHash($password); } else { $album->password = null; } } if ($album->save()) { return $this->response(['album' => $album->fresh(), 'success' => true]); } throw new HttpException(500, "Unable to update album."); }