snipe-it/app/Http/Controllers/ProfileController.php

<?php
namespace App\Http\Controllers;

use Image;
use Input;
use Redirect;
use View;
use Auth;
use App\Helpers\Helper;
use App\Models\Setting;
use Gate;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;

/**
 * This controller handles all actions related to User Profiles for
 * the Snipe-IT Asset Management application.
 *
 * @version    v1.0
 */
class ProfileController extends Controller
{
    /**
    * Returns a view with the user's profile form for editing
    *
    * @author [A. Gianotto] [<snipe@snipe.net>]
    * @since [v1.0]
    * @return \Illuminate\Contracts\View\View
     */
    public function getIndex()
    {
        $user = Auth::user();
        $location_list = Helper::locationsList();
        return view('account/profile', compact('user'))->with('location_list', $location_list);
    }

    /**
    * Validates and stores the user's update data.
    *
    * @author [A. Gianotto] [<snipe@snipe.net>]
    * @since [v1.0]
    * @return \Illuminate\Http\RedirectResponse
     */
    public function postIndex()
    {

        $user = Auth::user();
        $user->first_name = Input::get('first_name');
        $user->last_name  = Input::get('last_name');
        $user->website    = Input::get('website');
        $user->location_id    = Input::get('location_id');
        $user->gravatar   = Input::get('gravatar');
        $user->locale = Input::get('locale');

        if ((Gate::allows('self.two_factor')) && ((Setting::getSettings()->two_factor_enabled=='1') && (!config('app.lock_passwords')))) {
            $user->two_factor_optin = Input::get('two_factor_optin', '0');
        }
        
        if (Input::file('avatar')) {
            $image = Input::file('avatar');
            $file_name = str_slug($user->first_name."-".$user->last_name).".".$image->getClientOriginalExtension();
            $path = public_path('uploads/avatars/'.$file_name);
            Image::make($image->getRealPath())->resize(84, 84)->save($path);
            $user->avatar = $file_name;
        }

        if (Input::get('avatar_delete') == 1 && Input::file('avatar') == "") {
            $user->avatar = null;
        }

        if ($user->save()) {
            return redirect()->route('profile')->with('success', 'Account successfully updated');
        }
        return redirect()->back()->withInput()->withErrors($user->getErrors());
    }


    /**
     * Returns a page with the API token generation interface.
     *
     * We created a controller method for this because closures aren't allowed
     * in the routes file if you want to be able to cache the routes.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
     * @return View
     */
    public function api() {
        return view('account/api');
    }

    /**
     * User change email page.
     *
     * @return View
     */
    public function password()
    {
        $user = Auth::user();
        return view('account/change-password', compact('user'));
    }

    /**
     * Users change password form processing page.
     *
     * @return Redirect
     */
    public function passwordSave(Request $request)
    {

        if (config('app.lock_passwords')) {
            return redirect()->route('account.password.index')->with('error', Lang::get('admin/users/table.lock_passwords'));
        }

        $user = Auth::user();
        if ($user->ldap_import=='1') {
            return redirect()->route('account.password.index')->with('error', Lang::get('admin/users/message.error.password_ldap'));
        }

        $rules = array(
            'current_password'     => 'required',
            'password'         => 'required|min:6',
            'password_confirm' => 'required|same:password',
        );

        $validator = \Validator::make($request->all(), $rules);
        $validator->after(function($validator) use ($request, $user) {

            if (!Hash::check($request->input('current_password'), $user->password)) {
                $validator->errors()->add('current_password', trans('validation.hashed_pass'));
            }
            
        });

        if (!$validator->fails()) {
            $user->password = Hash::make($request->input('password'));
            $user->save();
            return redirect()->route('account.password.index')->with('success', 'Password updated!');

        }
        return redirect()->back()->withInput()->withErrors($validator);


    }


}
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`<?php`
			`namespace App\Http\Controllers;`

			`use Image;`
			`use Input;`
			`use Redirect;`
			`use View;`
			`use Auth;`
			`use App\Helpers\Helper;`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`use App\Models\Setting;`
Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00			`use Gate;`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Hash;`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00
Updated docblocks 2016-04-07 13:21:09 -07:00			`/**`
			`* This controller handles all actions related to User Profiles for`
			`* the Snipe-IT Asset Management application.`
			`*`
			`* @version v1.0`
			`*/`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`class ProfileController extends Controller`
			`{`
			`/**`
Updated to use 5.2 trans() instead of Lang::get for localization 2016-04-07 13:39:35 -07:00			`* Returns a view with the user's profile form for editing`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v1.0]`
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way. 2016-12-19 22:00:50 -08:00			`* @return \Illuminate\Contracts\View\View`
			`*/`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`public function getIndex()`
			`{`
			`$user = Auth::user();`
			`$location_list = Helper::locationsList();`
Update all controllers to use laravel 5 return view method 2017-06-09 16:44:03 -07:00			`return view('account/profile', compact('user'))->with('location_list', $location_list);`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`}`

			`/**`
Updated to use 5.2 trans() instead of Lang::get for localization 2016-04-07 13:39:35 -07:00			`* Validates and stores the user's update data.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v1.0]`
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way. 2016-12-19 22:00:50 -08:00			`* @return \Illuminate\Http\RedirectResponse`
			`*/`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`public function postIndex()`
			`{`

			`$user = Auth::user();`
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way. 2016-12-19 22:00:50 -08:00			`$user->first_name = Input::get('first_name');`
			`$user->last_name = Input::get('last_name');`
			`$user->website = Input::get('website');`
			`$user->location_id = Input::get('location_id');`
			`$user->gravatar = Input::get('gravatar');`
			`$user->locale = Input::get('locale');`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00
Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00			`if ((Gate::allows('self.two_factor')) && ((Setting::getSettings()->two_factor_enabled=='1') && (!config('app.lock_passwords')))) {`
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way. 2016-12-19 22:00:50 -08:00			`$user->two_factor_optin = Input::get('two_factor_optin', '0');`
Fixes #106 - adds Google Authenticator support (#2842) * refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings 2016-10-29 05:50:55 -07:00			`}`

Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`if (Input::file('avatar')) {`
			`$image = Input::file('avatar');`
Fixes #2399 2016-08-30 12:34:23 -07:00			`$file_name = str_slug($user->first_name."-".$user->last_name).".".$image->getClientOriginalExtension();`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`$path = public_path('uploads/avatars/'.$file_name);`
			`Image::make($image->getRealPath())->resize(84, 84)->save($path);`
			`$user->avatar = $file_name;`
			`}`

			`if (Input::get('avatar_delete') == 1 && Input::file('avatar') == "") {`
			`$user->avatar = null;`
			`}`

			`if ($user->save()) {`
Use updated redirect() reference 2016-04-28 21:06:41 -07:00			`return redirect()->route('profile')->with('success', 'Account successfully updated');`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`}`
Use updated redirect() reference 2016-04-28 21:06:41 -07:00			`return redirect()->back()->withInput()->withErrors($user->getErrors());`
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`}`
Removed closures from routes files so that we can allow people to cache routes for performance optimization 2017-01-24 17:37:07 -08:00

			`/**`
			`* Returns a page with the API token generation interface.`
			`*`
			`* We created a controller method for this because closures aren't allowed`
			`* in the routes file if you want to be able to cache the routes.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v4.0]`
			`* @return View`
			`*/`
			`public function api() {`
			`return view('account/api');`
			`}`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
			`/**`
			`* User change email page.`
			`*`
			`* @return View`
			`*/`
			`public function password()`
			`{`
			`$user = Auth::user();`
			`return view('account/change-password', compact('user'));`
			`}`

			`/**`
			`* Users change password form processing page.`
			`*`
			`* @return Redirect`
			`*/`
			`public function passwordSave(Request $request)`
			`{`
Removes erroneous else 2017-08-22 12:22:32 -07:00
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00			`if (config('app.lock_passwords')) {`
			`return redirect()->route('account.password.index')->with('error', Lang::get('admin/users/table.lock_passwords'));`
Removes erroneous else 2017-08-22 12:22:32 -07:00			`}`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
Removes erroneous else 2017-08-22 12:22:32 -07:00			`$user = Auth::user();`
			`if ($user->ldap_import=='1') {`
			`return redirect()->route('account.password.index')->with('error', Lang::get('admin/users/message.error.password_ldap'));`
			`}`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
Removes erroneous else 2017-08-22 12:22:32 -07:00			`$rules = array(`
			`'current_password' => 'required',`
			`'password' => 'required\|min:6',`
			`'password_confirm' => 'required\|same:password',`
			`);`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
Removes erroneous else 2017-08-22 12:22:32 -07:00			`$validator = \Validator::make($request->all(), $rules);`
			`$validator->after(function($validator) use ($request, $user) {`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
Removes erroneous else 2017-08-22 12:22:32 -07:00			`if (!Hash::check($request->input('current_password'), $user->password)) {`
			`$validator->errors()->add('current_password', trans('validation.hashed_pass'));`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00			`}`
Removes erroneous else 2017-08-22 12:22:32 -07:00
			`});`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
Removes erroneous else 2017-08-22 12:22:32 -07:00			`if (!$validator->fails()) {`
			`$user->password = Hash::make($request->input('password'));`
			`$user->save();`
			`return redirect()->route('account.password.index')->with('success', 'Password updated!');`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
			`}`
Removes erroneous else 2017-08-22 12:22:32 -07:00			`return redirect()->back()->withInput()->withErrors($validator);`
Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00

			`}`

Removes erroneous else 2017-08-22 12:22:32 -07:00
Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00			`}`