2FAuth/app/Http/Controllers/Auth/UserController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Api\v1\Resources\UserResource;
use App\Http\Controllers\Controller;
use App\Http\Requests\UserDeleteRequest;
use App\Http\Requests\UserUpdateRequest;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;

class UserController extends Controller
{
    /**
     * Update the user's profile information.
     *
     * @return \App\Api\v1\Resources\UserResource|\Illuminate\Http\JsonResponse
     */
    public function update(UserUpdateRequest $request)
    {
        $user      = $request->user();
        $validated = $request->validated();

        $this->authorize('update', $user);

        if (config('auth.defaults.guard') === 'reverse-proxy-guard' || $user->oauth_provider) {
            Log::notice('Account update rejected: reverse-proxy-guard enabled or account from external sso provider');

            return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);
        }

        if (! Hash::check($request->password, Auth::user()->password)) {
            Log::notice('Account update failed: wrong password provided');

            return response()->json(['message' => __('errors.wrong_current_password')], 400);
        }

        if (! config('2fauth.config.isDemoApp')) {
            $user->update([
                'name'  => $validated['name'],
                'email' => $validated['email'],
            ]);
        }
        Log::info(sprintf('Account of user ID #%s updated', $user->id));

        return new UserResource($user);
    }

    /**
     * Delete the user's account.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function delete(UserDeleteRequest $request)
    {
        $validated = $request->validated();
        $user      = Auth::user();

        if (! Hash::check($validated['password'], Auth::user()->password)) {
            return response()->json(['message' => __('errors.wrong_current_password')], 400);
        }

        // This will delete the user and all its 2FAs & Groups thanks to the onCascadeDelete constrains.
        // Deletion will not be done (and returns False) if the user is the only existing admin (see UserObserver clas)
        return $user->delete() === false
            ? response()->json([
                'message' => __('errors.cannot_delete_the_only_admin'),
            ], 400)
            : response()->json(null, 204);
    }
}
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`<?php`

Add WebAuthn authentication 2022-03-15 14:47:07 +01:00			`namespace App\Http\Controllers\Auth;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00
Set up paths & namespace to match versioned routes 2021-11-07 21:57:22 +01:00			`use App\Api\v1\Resources\UserResource;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`use App\Http\Controllers\Controller;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use App\Http\Requests\UserDeleteRequest;`
			`use App\Http\Requests\UserUpdateRequest;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`use Illuminate\Support\Facades\Auth;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use Illuminate\Support\Facades\Hash;`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`use Illuminate\Support\Facades\Log;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00
			`class UserController extends Controller`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`{`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`/**`
			`* Update the user's profile information.`
			`*`
Fix some issues detected by static analysis 2022-08-26 15:57:18 +02:00			`* @return \App\Api\v1\Resources\UserResource\|\Illuminate\Http\JsonResponse`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`*/`
			`public function update(UserUpdateRequest $request)`
			`{`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`$user = $request->user();`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`$validated = $request->validated();`

Refactor user deletion logic in a User observer 2024-01-29 08:46:09 +01:00			`$this->authorize('update', $user);`

Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00			`if (config('auth.defaults.guard') === 'reverse-proxy-guard' \|\| $user->oauth_provider) {`
			`Log::notice('Account update rejected: reverse-proxy-guard enabled or account from external sso provider');`

			`return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);`
			`}`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! Hash::check($request->password, Auth::user()->password)) {`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`Log::notice('Account update failed: wrong password provided');`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`return response()->json(['message' => __('errors.wrong_current_password')], 400);`
			`}`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! config('2fauth.config.isDemoApp')) {`
Fix multiple issues detected by static analysis 2022-09-07 17:54:27 +02:00			`$user->update([`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`'name' => $validated['name'],`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`'email' => $validated['email'],`
			`]);`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`}`
Update logs messages 2023-02-27 00:33:42 +01:00			`Log::info(sprintf('Account of user ID #%s updated', $user->id));`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00
			`return new UserResource($user);`
			`}`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00
			`/**`
			`* Delete the user's account.`
			`*`
			`* @return \Illuminate\Http\JsonResponse`
			`*/`
			`public function delete(UserDeleteRequest $request)`
			`{`
			`$validated = $request->validated();`
Apply Laravel Pint fixes 2023-03-10 22:59:46 +01:00			`$user = Auth::user();`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! Hash::check($validated['password'], Auth::user()->password)) {`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`return response()->json(['message' => __('errors.wrong_current_password')], 400);`
			`}`

Refactor user deletion logic in a User observer 2024-01-29 08:46:09 +01:00			`// This will delete the user and all its 2FAs & Groups thanks to the onCascadeDelete constrains.`
			`// Deletion will not be done (and returns False) if the user is the only existing admin (see UserObserver clas)`
			`return $user->delete() === false`
			`? response()->json([`
			`'message' => __('errors.cannot_delete_the_only_admin'),`
			`], 400)`
			`: response()->json(null, 204);`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`}`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`}`