2FAuth/app/Http/Controllers/Auth/UserController.php

90 lines
3.1 KiB
PHP
Raw Normal View History

<?php
2022-03-15 14:47:07 +01:00
namespace App\Http\Controllers\Auth;
use App\Api\v1\Resources\UserResource;
use App\Http\Controllers\Controller;
2022-11-22 15:15:52 +01:00
use App\Http\Requests\UserDeleteRequest;
use App\Http\Requests\UserUpdateRequest;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
2022-11-22 15:15:52 +01:00
use Illuminate\Support\Facades\Hash;
2022-10-18 17:34:56 +02:00
use Illuminate\Support\Facades\Log;
class UserController extends Controller
2022-11-22 15:15:52 +01:00
{
/**
* Update the user's profile information.
*
2022-11-22 15:15:52 +01:00
* @param \App\Http\Requests\UserUpdateRequest $request
* @return \App\Api\v1\Resources\UserResource|\Illuminate\Http\JsonResponse
*/
public function update(UserUpdateRequest $request)
{
2022-11-22 15:15:52 +01:00
$user = $request->user();
$validated = $request->validated();
2022-11-22 15:15:52 +01:00
if (! Hash::check($request->password, Auth::user()->password)) {
2022-10-18 17:34:56 +02:00
Log::notice('Account update failed: wrong password provided');
2022-11-22 15:15:52 +01:00
return response()->json(['message' => __('errors.wrong_current_password')], 400);
}
2022-11-22 15:15:52 +01:00
if (! config('2fauth.config.isDemoApp')) {
$user->update([
2022-11-22 15:15:52 +01:00
'name' => $validated['name'],
'email' => $validated['email'],
]);
2022-10-18 17:34:56 +02:00
}
2023-02-27 00:33:42 +01:00
Log::info(sprintf('Account of user ID #%s updated', $user->id));
return new UserResource($user);
}
/**
* Delete the user's account.
*
2022-11-22 15:15:52 +01:00
* @param \App\Http\Requests\UserDeleteRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function delete(UserDeleteRequest $request)
{
$validated = $request->validated();
2023-03-10 22:59:46 +01:00
$user = Auth::user();
Log::info(sprintf('Deletion of user ID #%s requested', $user->id));
if ($user->is_admin && User::admins()->count() == 1) {
return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
}
2022-11-22 15:15:52 +01:00
if (! Hash::check($validated['password'], Auth::user()->password)) {
return response()->json(['message' => __('errors.wrong_current_password')], 400);
}
try {
DB::transaction(function () use ($user) {
DB::table('twofaccounts')->where('user_id', $user->id)->delete();
DB::table('groups')->where('user_id', $user->id)->delete();
DB::table('webauthn_credentials')->where('authenticatable_id', $user->id)->delete();
DB::table('webauthn_recoveries')->where('email', $user->email)->delete();
DB::table('oauth_access_tokens')->where('user_id', $user->id)->delete();
DB::table('password_resets')->where('email', $user->email)->delete();
DB::table('users')->where('id', $user->id)->delete();
});
}
2022-03-31 08:38:35 +02:00
// @codeCoverageIgnoreStart
catch (\Throwable $e) {
Log::error(sprintf('Deletion of user ID #%s failed, transaction has been rolled-back', $user->id));
2022-11-22 15:15:52 +01:00
return response()->json(['message' => __('errors.user_deletion_failed')], 400);
}
2022-03-31 08:38:35 +02:00
// @codeCoverageIgnoreEnd
2023-03-10 22:59:46 +01:00
Log::info(sprintf('User ID #%s deleted', $user->id));
return response()->json(null, 204);
}
2022-11-22 15:15:52 +01:00
}