bookstack/app/Users/Controllers/UserAccountController.php

<?php

namespace BookStack\Users\Controllers;

use BookStack\Access\SocialDriverManager;
use BookStack\Http\Controller;
use BookStack\Permissions\PermissionApplicator;
use BookStack\Settings\UserNotificationPreferences;
use BookStack\Settings\UserShortcutMap;
use BookStack\Uploads\ImageRepo;
use BookStack\Users\UserRepo;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Validation\Rules\Password;

class UserAccountController extends Controller
{
    public function __construct(
        protected UserRepo $userRepo,
    ) {
        $this->middleware(function (Request $request, Closure $next) {
            $this->preventGuestAccess();
            return $next($request);
        });
    }

    /**
     * Redirect the root my-account path to the main/first category.
     * Required as a controller method, instead of the Route::redirect helper,
     * to ensure the URL is generated correctly.
     */
    public function redirect()
    {
        return redirect('/my-account/profile');
    }

    /**
     * Show the profile form interface.
     */
    public function showProfile()
    {
        $this->setPageTitle(trans('preferences.profile'));

        return view('users.account.profile', [
            'model' => user(),
            'category' => 'profile',
        ]);
    }

    /**
     * Handle the submission of the user profile form.
     */
    public function updateProfile(Request $request, ImageRepo $imageRepo)
    {
        $this->preventAccessInDemoMode();

        $user = user();
        $validated = $this->validate($request, [
            'name'             => ['min:2', 'max:100'],
            'email'            => ['min:2', 'email', 'unique:users,email,' . $user->id],
            'language'         => ['string', 'max:15', 'alpha_dash'],
            'profile_image'    => array_merge(['nullable'], $this->getImageValidationRules()),
        ]);

        $this->userRepo->update($user, $validated, userCan('users-manage'));

        // Save profile image if in request
        if ($request->hasFile('profile_image')) {
            $imageUpload = $request->file('profile_image');
            $imageRepo->destroyImage($user->avatar);
            $image = $imageRepo->saveNew($imageUpload, 'user', $user->id);
            $user->image_id = $image->id;
            $user->save();
        }

        // Delete the profile image if reset option is in request
        if ($request->has('profile_image_reset')) {
            $imageRepo->destroyImage($user->avatar);
            $user->image_id = 0;
            $user->save();
        }

        return redirect('/my-account/profile');
    }

    /**
     * Show the user-specific interface shortcuts.
     */
    public function showShortcuts()
    {
        $shortcuts = UserShortcutMap::fromUserPreferences();
        $enabled = setting()->getForCurrentUser('ui-shortcuts-enabled', false);

        $this->setPageTitle(trans('preferences.shortcuts_interface'));

        return view('users.account.shortcuts', [
            'category' => 'shortcuts',
            'shortcuts' => $shortcuts,
            'enabled' => $enabled,
        ]);
    }

    /**
     * Update the user-specific interface shortcuts.
     */
    public function updateShortcuts(Request $request)
    {
        $enabled = $request->get('enabled') === 'true';
        $providedShortcuts = $request->get('shortcut', []);
        $shortcuts = new UserShortcutMap($providedShortcuts);

        setting()->putForCurrentUser('ui-shortcuts', $shortcuts->toJson());
        setting()->putForCurrentUser('ui-shortcuts-enabled', $enabled);

        $this->showSuccessNotification(trans('preferences.shortcuts_update_success'));

        return redirect('/my-account/shortcuts');
    }

    /**
     * Show the notification preferences for the current user.
     */
    public function showNotifications(PermissionApplicator $permissions)
    {
        $this->checkPermission('receive-notifications');

        $preferences = (new UserNotificationPreferences(user()));

        $query = user()->watches()->getQuery();
        $query = $permissions->restrictEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');
        $query = $permissions->filterDeletedFromEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');
        $watches = $query->with('watchable')->paginate(20);

        $this->setPageTitle(trans('preferences.notifications'));
        return view('users.account.notifications', [
            'category' => 'notifications',
            'preferences' => $preferences,
            'watches' => $watches,
        ]);
    }

    /**
     * Update the notification preferences for the current user.
     */
    public function updateNotifications(Request $request)
    {
        $this->preventAccessInDemoMode();
        $this->checkPermission('receive-notifications');
        $data = $this->validate($request, [
           'preferences' => ['required', 'array'],
           'preferences.*' => ['required', 'string'],
        ]);

        $preferences = (new UserNotificationPreferences(user()));
        $preferences->updateFromSettingsArray($data['preferences']);
        $this->showSuccessNotification(trans('preferences.notifications_update_success'));

        return redirect('/my-account/notifications');
    }

    /**
     * Show the view for the "Access & Security" account options.
     */
    public function showAuth(SocialDriverManager $socialDriverManager)
    {
        $mfaMethods = user()->mfaValues()->get()->groupBy('method');

        $this->setPageTitle(trans('preferences.auth'));

        return view('users.account.auth', [
            'category' => 'auth',
            'mfaMethods' => $mfaMethods,
            'authMethod' => config('auth.method'),
            'activeSocialDrivers' => $socialDriverManager->getActive(),
        ]);
    }

    /**
     * Handle the submission for the auth change password form.
     */
    public function updatePassword(Request $request)
    {
        $this->preventAccessInDemoMode();

        if (config('auth.method') !== 'standard') {
            $this->showPermissionError();
        }

        $validated = $this->validate($request, [
            'password'         => ['required_with:password_confirm', Password::default()],
            'password-confirm' => ['same:password', 'required_with:password'],
        ]);

        $this->userRepo->update(user(), $validated, false);

        $this->showSuccessNotification(trans('preferences.auth_change_password_success'));

        return redirect('/my-account/auth');
    }

    /**
     * Show the user self-delete page.
     */
    public function delete()
    {
        $this->setPageTitle(trans('preferences.delete_my_account'));

        return view('users.account.delete', [
            'category' => 'profile',
        ]);
    }

    /**
     * Remove the current user from the system.
     */
    public function destroy(Request $request)
    {
        $this->preventAccessInDemoMode();

        $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
        $newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;

        $this->userRepo->destroy(user(), $newOwnerId);

        return redirect('/');
    }
}
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`<?php`

			`namespace BookStack\Users\Controllers;`

Auth: Refactored OIDC RP-logout PR code, Extracted logout Extracted logout to the login service so the logic can be shared instead of re-implemented at each stage. For this, the SocialAuthService was split so the driver management is in its own class, so it can be used elsewhere without use (or circular dependencies) of the SocialAuthService. During review of #4467 2023-12-06 21:49:53 +08:00			`use BookStack\Access\SocialDriverManager;`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`use BookStack\Http\Controller;`
			`use BookStack\Permissions\PermissionApplicator;`
			`use BookStack\Settings\UserNotificationPreferences;`
			`use BookStack\Settings\UserShortcutMap;`
My Account: Built out profile page & endpoints Text currently hard-coded, needs finalising and extracting. 2023-10-18 19:39:57 +08:00			`use BookStack\Uploads\ImageRepo;`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`use BookStack\Users\UserRepo;`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`use Closure;`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`use Illuminate\Http\Request;`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`use Illuminate\Validation\Rules\Password;`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00
			`class UserAccountController extends Controller`
			`{`
			`public function __construct(`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`protected UserRepo $userRepo,`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`) {`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`$this->middleware(function (Request $request, Closure $next) {`
			`$this->preventGuestAccess();`
			`return $next($request);`
			`});`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`}`

			`/**`
My Account: Extracted/tweaked profile text, removed old index 2023-10-19 00:53:58 +08:00			`* Redirect the root my-account path to the main/first category.`
			`* Required as a controller method, instead of the Route::redirect helper,`
			`* to ensure the URL is generated correctly.`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`*/`
My Account: Extracted/tweaked profile text, removed old index 2023-10-19 00:53:58 +08:00			`public function redirect()`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`{`
My Account: Extracted/tweaked profile text, removed old index 2023-10-19 00:53:58 +08:00			`return redirect('/my-account/profile');`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`}`

My Account: Built out profile page & endpoints Text currently hard-coded, needs finalising and extracting. 2023-10-18 19:39:57 +08:00			`/**`
			`* Show the profile form interface.`
			`*/`
			`public function showProfile()`
			`{`
User Account: Ensured page titles for pages and api tokens 2023-10-19 22:24:48 +08:00			`$this->setPageTitle(trans('preferences.profile'));`

My Account: Built out profile page & endpoints Text currently hard-coded, needs finalising and extracting. 2023-10-18 19:39:57 +08:00			`return view('users.account.profile', [`
			`'model' => user(),`
			`'category' => 'profile',`
			`]);`
			`}`

			`/**`
			`* Handle the submission of the user profile form.`
			`*/`
			`public function updateProfile(Request $request, ImageRepo $imageRepo)`
			`{`
Demo mode: Updated my account access to be more selective 2023-10-30 20:07:18 +08:00			`$this->preventAccessInDemoMode();`

My Account: Built out profile page & endpoints Text currently hard-coded, needs finalising and extracting. 2023-10-18 19:39:57 +08:00			`$user = user();`
			`$validated = $this->validate($request, [`
			`'name' => ['min:2', 'max:100'],`
			`'email' => ['min:2', 'email', 'unique:users,email,' . $user->id],`
			`'language' => ['string', 'max:15', 'alpha_dash'],`
			`'profile_image' => array_merge(['nullable'], $this->getImageValidationRules()),`
			`]);`

			`$this->userRepo->update($user, $validated, userCan('users-manage'));`

			`// Save profile image if in request`
			`if ($request->hasFile('profile_image')) {`
			`$imageUpload = $request->file('profile_image');`
			`$imageRepo->destroyImage($user->avatar);`
			`$image = $imageRepo->saveNew($imageUpload, 'user', $user->id);`
			`$user->image_id = $image->id;`
			`$user->save();`
			`}`

			`// Delete the profile image if reset option is in request`
			`if ($request->has('profile_image_reset')) {`
			`$imageRepo->destroyImage($user->avatar);`
			`$user->image_id = 0;`
			`$user->save();`
			`}`

			`return redirect('/my-account/profile');`
			`}`

User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`/**`
			`* Show the user-specific interface shortcuts.`
			`*/`
			`public function showShortcuts()`
			`{`
			`$shortcuts = UserShortcutMap::fromUserPreferences();`
			`$enabled = setting()->getForCurrentUser('ui-shortcuts-enabled', false);`

			`$this->setPageTitle(trans('preferences.shortcuts_interface'));`

			`return view('users.account.shortcuts', [`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`'category' => 'shortcuts',`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`'shortcuts' => $shortcuts,`
			`'enabled' => $enabled,`
			`]);`
			`}`

			`/**`
			`* Update the user-specific interface shortcuts.`
			`*/`
			`public function updateShortcuts(Request $request)`
			`{`
			`$enabled = $request->get('enabled') === 'true';`
			`$providedShortcuts = $request->get('shortcut', []);`
			`$shortcuts = new UserShortcutMap($providedShortcuts);`

			`setting()->putForCurrentUser('ui-shortcuts', $shortcuts->toJson());`
			`setting()->putForCurrentUser('ui-shortcuts-enabled', $enabled);`

			`$this->showSuccessNotification(trans('preferences.shortcuts_update_success'));`

			`return redirect('/my-account/shortcuts');`
			`}`

			`/**`
			`* Show the notification preferences for the current user.`
			`*/`
			`public function showNotifications(PermissionApplicator $permissions)`
			`{`
			`$this->checkPermission('receive-notifications');`

			`$preferences = (new UserNotificationPreferences(user()));`

			`$query = user()->watches()->getQuery();`
			`$query = $permissions->restrictEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');`
			`$query = $permissions->filterDeletedFromEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');`
			`$watches = $query->with('watchable')->paginate(20);`

			`$this->setPageTitle(trans('preferences.notifications'));`
			`return view('users.account.notifications', [`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`'category' => 'notifications',`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`'preferences' => $preferences,`
			`'watches' => $watches,`
			`]);`
			`}`

			`/**`
			`* Update the notification preferences for the current user.`
			`*/`
			`public function updateNotifications(Request $request)`
			`{`
Demo mode: Updated my account access to be more selective 2023-10-30 20:07:18 +08:00			`$this->preventAccessInDemoMode();`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`$this->checkPermission('receive-notifications');`
			`$data = $this->validate($request, [`
			`'preferences' => ['required', 'array'],`
			`'preferences.*' => ['required', 'string'],`
			`]);`

			`$preferences = (new UserNotificationPreferences(user()));`
			`$preferences->updateFromSettingsArray($data['preferences']);`
			`$this->showSuccessNotification(trans('preferences.notifications_update_success'));`

			`return redirect('/my-account/notifications');`
			`}`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00
			`/**`
			`* Show the view for the "Access & Security" account options.`
			`*/`
Auth: Refactored OIDC RP-logout PR code, Extracted logout Extracted logout to the login service so the logic can be shared instead of re-implemented at each stage. For this, the SocialAuthService was split so the driver management is in its own class, so it can be used elsewhere without use (or circular dependencies) of the SocialAuthService. During review of #4467 2023-12-06 21:49:53 +08:00			`public function showAuth(SocialDriverManager $socialDriverManager)`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`{`
My Account: Covered profile and auth pages with tests 2023-10-19 23:06:59 +08:00			`$mfaMethods = user()->mfaValues()->get()->groupBy('method');`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00
			`$this->setPageTitle(trans('preferences.auth'));`

			`return view('users.account.auth', [`
			`'category' => 'auth',`
			`'mfaMethods' => $mfaMethods,`
			`'authMethod' => config('auth.method'),`
Auth: Refactored OIDC RP-logout PR code, Extracted logout Extracted logout to the login service so the logic can be shared instead of re-implemented at each stage. For this, the SocialAuthService was split so the driver management is in its own class, so it can be used elsewhere without use (or circular dependencies) of the SocialAuthService. During review of #4467 2023-12-06 21:49:53 +08:00			`'activeSocialDrivers' => $socialDriverManager->getActive(),`
Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`]);`
			`}`

			`/**`
			`* Handle the submission for the auth change password form.`
			`*/`
			`public function updatePassword(Request $request)`
			`{`
Demo mode: Updated my account access to be more selective 2023-10-30 20:07:18 +08:00			`$this->preventAccessInDemoMode();`

Users: Built out auth page for my-account section 2023-10-18 00:38:07 +08:00			`if (config('auth.method') !== 'standard') {`
			`$this->showPermissionError();`
			`}`

			`$validated = $this->validate($request, [`
			`'password' => ['required_with:password_confirm', Password::default()],`
			`'password-confirm' => ['same:password', 'required_with:password'],`
			`]);`

			`$this->userRepo->update(user(), $validated, false);`

			`$this->showSuccessNotification(trans('preferences.auth_change_password_success'));`

			`return redirect('/my-account/auth');`
			`}`
My Account: Added self-delete flow 2023-10-19 17:48:27 +08:00
			`/**`
			`* Show the user self-delete page.`
			`*/`
			`public function delete()`
			`{`
			`$this->setPageTitle(trans('preferences.delete_my_account'));`

			`return view('users.account.delete', [`
			`'category' => 'profile',`
			`]);`
			`}`

			`/**`
			`* Remove the current user from the system.`
			`*/`
			`public function destroy(Request $request)`
			`{`
			`$this->preventAccessInDemoMode();`

			`$requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;`
			`$newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;`

			`$this->userRepo->destroy(user(), $newOwnerId);`

			`return redirect('/');`
			`}`
User: Started cleanup of user self-management - Moved preference views to more general "my-account" area. - Started new layout for my-account with sidebar. - Added MFA to prefeences view (to be moved). 2023-10-17 20:11:10 +08:00			`}`