From f99c3ae6c07a80a57a55d370c353827f2c8f5d42 Mon Sep 17 00:00:00 2001 From: DariusIII Date: Wed, 19 Sep 2018 11:37:07 +0200 Subject: [PATCH] Use dirape/token to generate tokens and passwords for users --- Changelog | 2 + app/Http/Controllers/Admin/UserController.php | 6 +- .../Auth/ForgotPasswordController.php | 7 +- app/Http/Controllers/BasePageController.php | 30 +++--- app/Models/User.php | 92 +++---------------- composer.json | 1 + composer.lock | 58 +++++++++++- 7 files changed, 99 insertions(+), 97 deletions(-) diff --git a/Changelog b/Changelog index 156d60ce74..7a96d3fa21 100755 --- a/Changelog +++ b/Changelog @@ -1,3 +1,5 @@ +2018-09-19 DariusIII + * Chg: Use dirape/token to generate tokens and passwords for users 2018-09-18 DariusIII * Chg: Update laravel/framework to version 5.7.4 * Fix: Use url helper in place of $this->serverurl variable diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php index ac4b30141d..0b49807749 100644 --- a/app/Http/Controllers/Admin/UserController.php +++ b/app/Http/Controllers/Admin/UserController.php @@ -15,9 +15,9 @@ class UserController extends BasePageController /** * @param \Illuminate\Http\Request $request * - * @throws \Exception + * @throws \Throwable */ - public function index(Request $request) + public function index(Request $request): void { $this->setAdminPrefs(); @@ -138,7 +138,7 @@ public function edit(Request $request) $invites = $role['defaultinvites']; } } - $ret = User::signup($request->input('username'), $request->input('password'), $request->input('email'), '', $request->input('role'), $request->input('notes'), $invites, '', true); + $ret = User::signUp($request->input('username'), $request->input('password'), $request->input('email'), '', $request->input('notes'), $invites, '', true, $request->input('role')); $this->smarty->assign('role', $request->input('role')); } else { $ret = User::updateUser($request->input('id'), $request->input('username'), $request->input('email'), $request->input('grabs'), $request->input('role'), $request->input('notes'), $request->input('invites'), ($request->has('movieview') ? 1 : 0), ($request->has('musicview') ? 1 : 0), ($request->has('gameview') ? 1 : 0), ($request->has('xxxview') ? 1 : 0), ($request->has('consoleview') ? 1 : 0), ($request->has('bookview') ? 1 : 0)); diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php index 592b18540a..42118c4ef0 100644 --- a/app/Http/Controllers/Auth/ForgotPasswordController.php +++ b/app/Http/Controllers/Auth/ForgotPasswordController.php @@ -35,6 +35,11 @@ public function __construct() $this->middleware('guest'); } + /** + * @param \Illuminate\Http\Request $request + * + * @throws \Exception + */ public function showLinkRequestForm(Request $request) { $sent = ''; @@ -59,7 +64,7 @@ public function showLinkRequestForm(Request $request) // // Generate a forgottenpassword guid, store it in the user table // - $guid = md5(uniqid('', false)); + $guid = \Token::random(32); User::updatePassResetGuid($ret['id'], $guid); // // Send the email diff --git a/app/Http/Controllers/BasePageController.php b/app/Http/Controllers/BasePageController.php index 3c1ddbda44..0903da2fae 100644 --- a/app/Http/Controllers/BasePageController.php +++ b/app/Http/Controllers/BasePageController.php @@ -21,14 +21,29 @@ class BasePageController extends Controller */ public $settings; + /** + * @var string + */ public $title = ''; + /** + * @var string + */ public $content = ''; + /** + * @var string + */ public $meta_keywords = ''; + /** + * @var string + */ public $meta_title = ''; + /** + * @var string + */ public $meta_description = ''; /** @@ -38,6 +53,9 @@ class BasePageController extends Controller */ public $page = ''; + /** + * @var string + */ public $page_template = ''; /** @@ -47,13 +65,6 @@ class BasePageController extends Controller */ public $userdata = []; - /** - * URL of the server. ie http://localhost/. - * - * @var string - */ - public $serverurl = ''; - /** * User's theme. * @@ -61,11 +72,6 @@ class BasePageController extends Controller */ protected $theme = 'Gentele'; - /** - * @var string - */ - public $token; - /** * @var \Illuminate\Foundation\Application|mixed */ diff --git a/app/Models/User.php b/app/Models/User.php index 688cba41bf..8837ee7769 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -214,29 +214,6 @@ public function comment() return $this->hasMany(ReleaseComment::class, 'users_id'); } - /** - * @return array - */ - public static function getAllUsers(): array - { - return self::all()->toArray(); - } - - /** - * Get the users selected theme. - * - * - * @param int $userID - * - * @return mixed|string - */ - public static function getStyle($userID) - { - $row = self::query()->where('id', $userID)->value('style'); - - return $row ?? 'None'; - } - /** * @param $id * @throws \Exception @@ -459,9 +436,9 @@ public static function updateExpiredRoles(): int * @param bool $apiRequests * * @return array - * @throws \Exception + * @throws \Throwable */ - public static function getRange($start, $offset, $orderBy, $userName = '', $email = '', $host = '', $role = '', $apiRequests = false) + public static function getRange($start, $offset, $orderBy, $userName = '', $email = '', $host = '', $role = '', $apiRequests = false): array { if ($apiRequests) { UserRequest::clearApiRequests(false); @@ -505,7 +482,7 @@ public static function getRange($start, $offset, $orderBy, $userName = '', $emai * * @return string[] */ - public static function getBrowseOrder($orderBy) + public static function getBrowseOrder($orderBy): array { $order = (empty($orderBy) ? 'username_desc' : $orderBy); $orderArr = explode('_', $order); @@ -625,16 +602,6 @@ public static function hashPassword($password) return Hash::make($password); } - /** - * @param string $string - * - * @return string - */ - public static function hashSHA1(string $string): string - { - return sha1($string); - } - /** * @param $guid * @@ -705,51 +672,14 @@ public static function generateUsername(): string } /** - * @param int $length - * @param bool $add_dashes - * @param string $available_sets + * @param int $length * - * @return bool|string + * @return string * @throws \Exception */ - public static function generatePassword($length = 15, $add_dashes = false, $available_sets = 'luds') + public static function generatePassword($length = 15): string { - $sets = []; - if (strpos($available_sets, 'l') !== false) { - $sets[] = 'abcdefghjkmnpqrstuvwxyz'; - } - if (strpos($available_sets, 'u') !== false) { - $sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ'; - } - if (strpos($available_sets, 'd') !== false) { - $sets[] = '23456789'; - } - if (strpos($available_sets, 's') !== false) { - $sets[] = '!@#$%&*?'; - } - $all = ''; - $password = ''; - foreach ($sets as $set) { - $password .= $set[random_int(0, \count(str_split($set)) - 1)]; - $all .= $set; - } - $all = str_split($all); - for ($i = 0; $i < $length - \count($sets); $i++) { - $password .= $all[random_int(0, \count($all) - 1)]; - } - $password = str_shuffle($password); - if (! $add_dashes) { - return $password; - } - $dash_len = floor(sqrt($length)); - $dash_str = ''; - while (\strlen($password) > $dash_len) { - $dash_str .= substr($password, 0, $dash_len).'-'; - $password = substr($password, $dash_len); - } - $dash_str .= $password; - - return $dash_str; + return \Token::random($length, true); } /** @@ -769,7 +699,7 @@ public static function generatePassword($length = 15, $add_dashes = false, $avai * @throws \Exception * @throws \Illuminate\Database\Eloquent\ModelNotFoundException */ - public static function signup($userName, $password, $email, $host, $role = self::ROLE_USER, $notes, $invites = Invitation::DEFAULT_INVITES, $inviteCode = '', $forceInviteMode = false) + public static function signUp($userName, $password, $email, $host, $notes, $invites = Invitation::DEFAULT_INVITES, $inviteCode = '', $forceInviteMode = false, $role = self::ROLE_USER) { $userName = trim($userName); $password = trim($password); @@ -817,7 +747,7 @@ public static function signup($userName, $password, $email, $host, $role = self: * @param string $password * @return bool */ - public static function isValidPassword(string $password) + public static function isValidPassword(string $password): bool { return \strlen($password) > 8 && preg_match('#[0-9]+#', $password) && preg_match('#[A-Z]+#', $password) && preg_match('#[a-z]+#', $password); } @@ -994,11 +924,13 @@ public static function getUsersByMonth() * @param $serverUrl * @param $uid * @param $emailTo + * * @return string + * @throws \Exception */ public static function sendInvite($serverUrl, $uid, $emailTo): string { - $token = static::hashSHA1(uniqid('', true)); + $token = \Token::randomString(40); $url = $serverUrl.'register?invitecode='.$token; Mail::to($emailTo)->send(new SendInvite($uid, $url)); diff --git a/composer.json b/composer.json index 11c4a581e5..cb8a758488 100755 --- a/composer.json +++ b/composer.json @@ -130,6 +130,7 @@ "canihavesomecoffee/thetvdbapi": "^1.0", "dariusiii/rarinfo": "^2.5", "dborsatto/php-giantbomb": "dev-master", + "dirape/token": "^2.1", "doctrine/dbal": "^2.7", "exeu/apai-io": "~2.0", "fideloper/proxy": "~4.0", diff --git a/composer.lock b/composer.lock index 4f7ade036e..6a24c9d50a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d7e790cca583e2d57488c9bf24bb12ee", + "content-hash": "73d050456acb6fc2c38248a4f2c705ae", "packages": [ { "name": "aharen/omdbapi", @@ -1924,6 +1924,62 @@ "description": "A PHP library that acts as a wrapper for the GiantBomb API.", "time": "2018-08-20T21:53:06+00:00" }, + { + "name": "dirape/token", + "version": "v2.1", + "source": { + "type": "git", + "url": "https://github.com/F54it/laravel-token.git", + "reference": "a1c636399d1e45fa2ccc523f7494e54b33c05421" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/F54it/laravel-token/zipball/a1c636399d1e45fa2ccc523f7494e54b33c05421", + "reference": "a1c636399d1e45fa2ccc523f7494e54b33c05421", + "shasum": "" + }, + "require": { + "illuminate/support": "~5.0 || ~4.0", + "php": ">=5.4.0" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Dirape\\Token\\TokenServiceProvider" + ], + "aliases": { + "Token": "Dirape\\Token\\Facades\\Facade" + } + } + }, + "autoload": { + "psr-4": { + "Dirape\\Token\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "MustafaKhaled", + "email": "MustafaKhaled.dev@gmail.com" + } + ], + "description": "Unique Token Generator For Laravel", + "keywords": [ + "PHP token", + "generate", + "laravel", + "laravel token", + "token", + "token generator", + "unique token" + ], + "time": "2018-06-24T20:30:21+00:00" + }, { "name": "dnoegel/php-xdg-base-dir", "version": "0.1",