Use dirape/token to generate tokens and passwords for users

Changelog

@@ -1,3 +1,5 @@
+2018-09-19 DariusIII
+	* Chg: Use dirape/token to generate tokens and passwords for users
 2018-09-18 DariusIII
 	* Chg: Update laravel/framework to version 5.7.4
 	* Fix: Use url helper in place of $this->serverurl variable

app/Http/Controllers/Admin/UserController.php

@@ -15,9 +15,9 @@ class UserController extends BasePageController
     /**
      * @param \Illuminate\Http\Request $request
      *
-     * @throws \Exception
+     * @throws \Throwable
      */
-    public function index(Request $request)
+    public function index(Request $request): void
     {
         $this->setAdminPrefs();
 
@@ -138,7 +138,7 @@ public function edit(Request $request)
                             $invites = $role['defaultinvites'];
                         }
                     }
-                    $ret = User::signup($request->input('username'), $request->input('password'), $request->input('email'), '', $request->input('role'), $request->input('notes'), $invites, '', true);
+                    $ret = User::signUp($request->input('username'), $request->input('password'), $request->input('email'), '', $request->input('notes'), $invites, '', true, $request->input('role'));
                     $this->smarty->assign('role', $request->input('role'));
                 } else {
                     $ret = User::updateUser($request->input('id'), $request->input('username'), $request->input('email'), $request->input('grabs'), $request->input('role'), $request->input('notes'), $request->input('invites'), ($request->has('movieview') ? 1 : 0), ($request->has('musicview') ? 1 : 0), ($request->has('gameview') ? 1 : 0), ($request->has('xxxview') ? 1 : 0), ($request->has('consoleview') ? 1 : 0), ($request->has('bookview') ? 1 : 0));

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -35,6 +35,11 @@ public function __construct()
         $this->middleware('guest');
     }
 
+    /**
+     * @param \Illuminate\Http\Request $request
+     *
+     * @throws \Exception
+     */
     public function showLinkRequestForm(Request $request)
     {
         $sent = '';
@@ -59,7 +64,7 @@ public function showLinkRequestForm(Request $request)
             //
             // Generate a forgottenpassword guid, store it in the user table
             //
-            $guid = md5(uniqid('', false));
+            $guid = \Token::random(32);
             User::updatePassResetGuid($ret['id'], $guid);
             //
             // Send the email

app/Http/Controllers/BasePageController.php

@@ -21,14 +21,29 @@ class BasePageController extends Controller
      */
     public $settings;
 
+    /**
+     * @var string
+     */
     public $title = '';
 
+    /**
+     * @var string
+     */
     public $content = '';
 
+    /**
+     * @var string
+     */
     public $meta_keywords = '';
 
+    /**
+     * @var string
+     */
     public $meta_title = '';
 
+    /**
+     * @var string
+     */
     public $meta_description = '';
 
     /**
@@ -38,6 +53,9 @@ class BasePageController extends Controller
      */
     public $page = '';
 
+    /**
+     * @var string
+     */
     public $page_template = '';
 
     /**
@@ -47,25 +65,13 @@ class BasePageController extends Controller
      */
     public $userdata = [];
 
-    /**
-     * URL of the server. ie http://localhost/.
-     *
-     * @var string
-     */
-    public $serverurl = '';
-
     /**
      * User's theme.
      *
      * @var string
      */
     protected $theme = 'Gentele';
 
-    /**
-     * @var string
-     */
-    public $token;
-
     /**
      * @var \Illuminate\Foundation\Application|mixed
      */

app/Models/User.php

@@ -214,29 +214,6 @@ public function comment()
         return $this->hasMany(ReleaseComment::class, 'users_id');
     }
 
-    /**
-     * @return array
-     */
-    public static function getAllUsers(): array
-    {
-        return self::all()->toArray();
-    }
-
-    /**
-     * Get the users selected theme.
-     *
-     *
-     * @param int $userID
-     *
-     * @return mixed|string
-     */
-    public static function getStyle($userID)
-    {
-        $row = self::query()->where('id', $userID)->value('style');
-
-        return $row ?? 'None';
-    }
-
     /**
      * @param $id
      * @throws \Exception
@@ -459,9 +436,9 @@ public static function updateExpiredRoles(): int
      * @param bool   $apiRequests
      *
      * @return array
-     * @throws \Exception
+     * @throws \Throwable
      */
-    public static function getRange($start, $offset, $orderBy, $userName = '', $email = '', $host = '', $role = '', $apiRequests = false)
+    public static function getRange($start, $offset, $orderBy, $userName = '', $email = '', $host = '', $role = '', $apiRequests = false): array
     {
         if ($apiRequests) {
             UserRequest::clearApiRequests(false);
@@ -505,7 +482,7 @@ public static function getRange($start, $offset, $orderBy, $userName = '', $emai
      *
      * @return string[]
      */
-    public static function getBrowseOrder($orderBy)
+    public static function getBrowseOrder($orderBy): array
     {
         $order = (empty($orderBy) ? 'username_desc' : $orderBy);
         $orderArr = explode('_', $order);
@@ -625,16 +602,6 @@ public static function hashPassword($password)
         return Hash::make($password);
     }
 
-    /**
-     * @param string $string
-     *
-     * @return string
-     */
-    public static function hashSHA1(string $string): string
-    {
-        return sha1($string);
-    }
-
     /**
      * @param $guid
      *
@@ -705,51 +672,14 @@ public static function generateUsername(): string
     }
 
     /**
-     * @param int    $length
-     * @param bool   $add_dashes
-     * @param string $available_sets
+     * @param int $length
      *
-     * @return bool|string
+     * @return string
      * @throws \Exception
      */
-    public static function generatePassword($length = 15, $add_dashes = false, $available_sets = 'luds')
+    public static function generatePassword($length = 15): string
     {
-        $sets = [];
-        if (strpos($available_sets, 'l') !== false) {
-            $sets[] = 'abcdefghjkmnpqrstuvwxyz';
-        }
-        if (strpos($available_sets, 'u') !== false) {
-            $sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
-        }
-        if (strpos($available_sets, 'd') !== false) {
-            $sets[] = '23456789';
-        }
-        if (strpos($available_sets, 's') !== false) {
-            $sets[] = '!@#$%&*?';
-        }
-        $all = '';
-        $password = '';
-        foreach ($sets as $set) {
-            $password .= $set[random_int(0, \count(str_split($set)) - 1)];
-            $all .= $set;
-        }
-        $all = str_split($all);
-        for ($i = 0; $i < $length - \count($sets); $i++) {
-            $password .= $all[random_int(0, \count($all) - 1)];
-        }
-        $password = str_shuffle($password);
-        if (! $add_dashes) {
-            return $password;
-        }
-        $dash_len = floor(sqrt($length));
-        $dash_str = '';
-        while (\strlen($password) > $dash_len) {
-            $dash_str .= substr($password, 0, $dash_len).'-';
-            $password = substr($password, $dash_len);
-        }
-        $dash_str .= $password;
-
-        return $dash_str;
+        return \Token::random($length, true);
     }
 
     /**
@@ -769,7 +699,7 @@ public static function generatePassword($length = 15, $add_dashes = false, $avai
      * @throws \Exception
      * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
      */
-    public static function signup($userName, $password, $email, $host, $role = self::ROLE_USER, $notes, $invites = Invitation::DEFAULT_INVITES, $inviteCode = '', $forceInviteMode = false)
+    public static function signUp($userName, $password, $email, $host, $notes, $invites = Invitation::DEFAULT_INVITES, $inviteCode = '', $forceInviteMode = false, $role = self::ROLE_USER)
     {
         $userName = trim($userName);
         $password = trim($password);
@@ -817,7 +747,7 @@ public static function signup($userName, $password, $email, $host, $role = self:
      * @param string $password
      * @return bool
      */
-    public static function isValidPassword(string $password)
+    public static function isValidPassword(string $password): bool
     {
         return \strlen($password) > 8 && preg_match('#[0-9]+#', $password) && preg_match('#[A-Z]+#', $password) && preg_match('#[a-z]+#', $password);
     }
@@ -994,11 +924,13 @@ public static function getUsersByMonth()
      * @param $serverUrl
      * @param $uid
      * @param $emailTo
+     *
      * @return string
+     * @throws \Exception
      */
     public static function sendInvite($serverUrl, $uid, $emailTo): string
     {
-        $token = static::hashSHA1(uniqid('', true));
+        $token = \Token::randomString(40);
         $url = $serverUrl.'register?invitecode='.$token;
 
         Mail::to($emailTo)->send(new SendInvite($uid, $url));

composer.json

@@ -130,6 +130,7 @@
     "canihavesomecoffee/thetvdbapi": "^1.0",
     "dariusiii/rarinfo": "^2.5",
     "dborsatto/php-giantbomb": "dev-master",
+    "dirape/token": "^2.1",
     "doctrine/dbal": "^2.7",
     "exeu/apai-io": "~2.0",
     "fideloper/proxy": "~4.0",