2FAuth/app/Http/Controllers/Auth/UserController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Api\v1\Resources\UserResource;
use App\Http\Controllers\Controller;
use App\Http\Requests\UserDeleteRequest;
use App\Http\Requests\UserUpdateRequest;
use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;

class UserController extends Controller
{
    /**
     * Update the user's profile information.
     *
     * @return \App\Api\v1\Resources\UserResource|\Illuminate\Http\JsonResponse
     */
    public function update(UserUpdateRequest $request)
    {
        $user      = $request->user();
        $validated = $request->validated();

        if (config('auth.defaults.guard') === 'reverse-proxy-guard' || $user->oauth_provider) {
            Log::notice('Account update rejected: reverse-proxy-guard enabled or account from external sso provider');

            return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);
        }

        if (! Hash::check($request->password, Auth::user()->password)) {
            Log::notice('Account update failed: wrong password provided');

            return response()->json(['message' => __('errors.wrong_current_password')], 400);
        }

        if (! config('2fauth.config.isDemoApp')) {
            $user->update([
                'name'  => $validated['name'],
                'email' => $validated['email'],
            ]);
        }
        Log::info(sprintf('Account of user ID #%s updated', $user->id));

        return new UserResource($user);
    }

    /**
     * Delete the user's account.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function delete(UserDeleteRequest $request)
    {
        $validated = $request->validated();
        $user      = Auth::user();

        Log::info(sprintf('Deletion of user ID #%s requested', $user->id));

        if ($user->is_admin && User::admins()->count() == 1) {
            return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
        }

        if (! Hash::check($validated['password'], Auth::user()->password)) {
            return response()->json(['message' => __('errors.wrong_current_password')], 400);
        }

        try {
            DB::transaction(function () use ($user) {
                DB::table('twofaccounts')->where('user_id', $user->id)->delete();
                DB::table('groups')->where('user_id', $user->id)->delete();
                DB::table('webauthn_credentials')->where('authenticatable_id', $user->id)->delete();
                DB::table('webauthn_recoveries')->where('email', $user->email)->delete();
                DB::table('oauth_access_tokens')->where('user_id', $user->id)->delete();
                DB::table('password_resets')->where('email', $user->email)->delete();
                DB::table('users')->where('id', $user->id)->delete();
            });
        }
        // @codeCoverageIgnoreStart
        catch (\Throwable $e) {
            Log::error(sprintf('Deletion of user ID #%s failed, transaction has been rolled-back', $user->id));

            return response()->json(['message' => __('errors.user_deletion_failed')], 400);
        }
        // @codeCoverageIgnoreEnd

        Log::info(sprintf('User ID #%s deleted', $user->id));

        return response()->json(null, 204);
    }
}
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`<?php`

Add WebAuthn authentication 2022-03-15 14:47:07 +01:00			`namespace App\Http\Controllers\Auth;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00
Set up paths & namespace to match versioned routes 2021-11-07 21:57:22 +01:00			`use App\Api\v1\Resources\UserResource;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`use App\Http\Controllers\Controller;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use App\Http\Requests\UserDeleteRequest;`
			`use App\Http\Requests\UserUpdateRequest;`
Prevent last admin deletion & Update the Delete user feature 2023-03-10 16:02:56 +01:00			`use App\Models\User;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`use Illuminate\Support\Facades\Auth;`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`use Illuminate\Support\Facades\DB;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use Illuminate\Support\Facades\Hash;`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`use Illuminate\Support\Facades\Log;`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00
			`class UserController extends Controller`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`{`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`/**`
			`* Update the user's profile information.`
			`*`
Fix some issues detected by static analysis 2022-08-26 15:57:18 +02:00			`* @return \App\Api\v1\Resources\UserResource\|\Illuminate\Http\JsonResponse`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`*/`
			`public function update(UserUpdateRequest $request)`
			`{`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`$user = $request->user();`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`$validated = $request->validated();`

Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00			`if (config('auth.defaults.guard') === 'reverse-proxy-guard' \|\| $user->oauth_provider) {`
			`Log::notice('Account update rejected: reverse-proxy-guard enabled or account from external sso provider');`

			`return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);`
			`}`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! Hash::check($request->password, Auth::user()->password)) {`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`Log::notice('Account update failed: wrong password provided');`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`return response()->json(['message' => __('errors.wrong_current_password')], 400);`
			`}`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! config('2fauth.config.isDemoApp')) {`
Fix multiple issues detected by static analysis 2022-09-07 17:54:27 +02:00			`$user->update([`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`'name' => $validated['name'],`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`'email' => $validated['email'],`
			`]);`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`}`
Update logs messages 2023-02-27 00:33:42 +01:00			`Log::info(sprintf('Account of user ID #%s updated', $user->id));`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00
			`return new UserResource($user);`
			`}`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00
			`/**`
			`* Delete the user's account.`
			`*`
			`* @return \Illuminate\Http\JsonResponse`
			`*/`
			`public function delete(UserDeleteRequest $request)`
			`{`
			`$validated = $request->validated();`
Apply Laravel Pint fixes 2023-03-10 22:59:46 +01:00			`$user = Auth::user();`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00
Prevent last admin deletion & Update the Delete user feature 2023-03-10 16:02:56 +01:00			`Log::info(sprintf('Deletion of user ID #%s requested', $user->id));`

			`if ($user->is_admin && User::admins()->count() == 1) {`
			`return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);`
			`}`
Add IDs to logs to identify the user concerned by the logged event 2023-02-21 14:09:36 +01:00
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! Hash::check($validated['password'], Auth::user()->password)) {`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`return response()->json(['message' => __('errors.wrong_current_password')], 400);`
			`}`

			`try {`
Prevent last admin deletion & Update the Delete user feature 2023-03-10 16:02:56 +01:00			`DB::transaction(function () use ($user) {`
			`DB::table('twofaccounts')->where('user_id', $user->id)->delete();`
			`DB::table('groups')->where('user_id', $user->id)->delete();`
			`DB::table('webauthn_credentials')->where('authenticatable_id', $user->id)->delete();`
			`DB::table('webauthn_recoveries')->where('email', $user->email)->delete();`
			`DB::table('oauth_access_tokens')->where('user_id', $user->id)->delete();`
			`DB::table('password_resets')->where('email', $user->email)->delete();`
			`DB::table('users')->where('id', $user->id)->delete();`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`});`
			`}`
Fix and complete tests 2022-03-31 08:38:35 +02:00			`// @codeCoverageIgnoreStart`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`catch (\Throwable $e) {`
Prevent last admin deletion & Update the Delete user feature 2023-03-10 16:02:56 +01:00			`Log::error(sprintf('Deletion of user ID #%s failed, transaction has been rolled-back', $user->id));`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00			`return response()->json(['message' => __('errors.user_deletion_failed')], 400);`
			`}`
Fix and complete tests 2022-03-31 08:38:35 +02:00			`// @codeCoverageIgnoreEnd`
Apply Laravel Pint fixes 2023-03-10 22:59:46 +01:00
Prevent last admin deletion & Update the Delete user feature 2023-03-10 16:02:56 +01:00			`Log::info(sprintf('User ID #%s deleted', $user->id));`
Add possibility to delete the registered user and reset 2FAuth data 2022-03-28 13:45:19 +02:00
			`return response()->json(null, 204);`
			`}`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`}`