mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-11-22 16:23:18 +01:00
Prevent last admin deletion & Update the Delete user feature
This commit is contained in:
Bubka
parent
fd6941d300
commit
4753401827
@ -6,7 +6,7 @@
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\UserDeleteRequest;
|
||||
use App\Http\Requests\UserUpdateRequest;
|
||||
use Illuminate\Support\Facades\Artisan;
|
||||
use App\Models\User;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
@ -51,40 +51,38 @@ public function update(UserUpdateRequest $request)
|
||||
public function delete(UserDeleteRequest $request)
|
||||
{
|
||||
$validated = $request->validated();
|
||||
$user = Auth::user();
|
||||
|
||||
Log::info(sprintf('Deletion of user ID #%s requested', $validated['user_id']));
|
||||
Log::info(sprintf('Deletion of user ID #%s requested', $user->id));
|
||||
|
||||
if ($user->is_admin && User::admins()->count() == 1) {
|
||||
return response()->json(['message' => __('errors.cannot_delete_the_only_admin')], 400);
|
||||
}
|
||||
|
||||
if (! Hash::check($validated['password'], Auth::user()->password)) {
|
||||
return response()->json(['message' => __('errors.wrong_current_password')], 400);
|
||||
}
|
||||
|
||||
try {
|
||||
DB::transaction(function () {
|
||||
DB::table('twofaccounts')->delete();
|
||||
DB::table('groups')->delete();
|
||||
DB::table('options')->delete();
|
||||
DB::table('webauthn_credentials')->delete();
|
||||
DB::table('webauthn_recoveries')->delete();
|
||||
DB::table('oauth_access_tokens')->delete();
|
||||
DB::table('oauth_auth_codes')->delete();
|
||||
DB::table('oauth_clients')->delete();
|
||||
DB::table('oauth_personal_access_clients')->delete();
|
||||
DB::table('oauth_refresh_tokens')->delete();
|
||||
DB::table('password_resets')->delete();
|
||||
DB::table('users')->delete();
|
||||
DB::transaction(function () use ($user) {
|
||||
DB::table('twofaccounts')->where('user_id', $user->id)->delete();
|
||||
DB::table('groups')->where('user_id', $user->id)->delete();
|
||||
DB::table('webauthn_credentials')->where('authenticatable_id', $user->id)->delete();
|
||||
DB::table('webauthn_recoveries')->where('email', $user->email)->delete();
|
||||
DB::table('oauth_access_tokens')->where('user_id', $user->id)->delete();
|
||||
DB::table('password_resets')->where('email', $user->email)->delete();
|
||||
DB::table('users')->where('id', $user->id)->delete();
|
||||
});
|
||||
|
||||
Artisan::call('passport:install --force');
|
||||
Artisan::call('config:clear');
|
||||
}
|
||||
// @codeCoverageIgnoreStart
|
||||
catch (\Throwable $e) {
|
||||
Log::error('User deletion failed');
|
||||
Log::error(sprintf('Deletion of user ID #%s failed, transaction has been rolled-back', $user->id));
|
||||
|
||||
return response()->json(['message' => __('errors.user_deletion_failed')], 400);
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
Log::info(sprintf('User ID #%s deleted', $validated['user_id']));
|
||||
|
||||
Log::info(sprintf('User ID #%s deleted', $user->id));
|
||||
|
||||
return response()->json(null, 204);
|
||||
}
|
||||
|
||||
@ -51,4 +51,5 @@
|
||||
'file_upload_failed' => 'File upload failed',
|
||||
'unauthorized' => 'Unauthorized',
|
||||
'unauthorized_legend' => 'You do not have permissions to view this resource or to perform this action',
|
||||
'cannot_delete_the_only_admin' => 'Cannot delete the only admin account'
|
||||
];
|
||||
Loading…
Reference in New Issue
Block a user