Images: Prevented base64 extraction without permission

[bookstack] / app / Users / Controllers / UserAccountController.php

diff --git a/app/Users/Controllers/UserAccountController.php b/app/Users/Controllers/UserAccountController.php
index bdd923d6da10ba06f81cb57aeabed91b755e8511..55776a7f685af7bbc08d322946238b6b50a6970a 100644 (file)
--- a/app/Users/Controllers/UserAccountController.php
+++ b/app/Users/Controllers/UserAccountController.php
@@ -20,7 +20,6 @@ class UserAccountController extends Controller
     ) {
         $this->middleware(function (Request $request, Closure $next) {
             $this->preventGuestAccess();
-            $this->preventAccessInDemoMode();
             return $next($request);
         });
     }
@@ -40,6 +39,8 @@ class UserAccountController extends Controller
      */
     public function showProfile()
     {
+        $this->setPageTitle(trans('preferences.profile'));
+
         return view('users.account.profile', [
             'model' => user(),
             'category' => 'profile',
@@ -51,6 +52,8 @@ class UserAccountController extends Controller
      */
     public function updateProfile(Request $request, ImageRepo $imageRepo)
     {
+        $this->preventAccessInDemoMode();
+
         $user = user();
         $validated = $this->validate($request, [
             'name'             => ['min:2', 'max:100'],
@@ -141,6 +144,7 @@ class UserAccountController extends Controller
      */
     public function updateNotifications(Request $request)
     {
+        $this->preventAccessInDemoMode();
         $this->checkPermission('receive-notifications');
         $data = $this->validate($request, [
            'preferences' => ['required', 'array'],
@@ -159,7 +163,7 @@ class UserAccountController extends Controller
      */
     public function showAuth(SocialAuthService $socialAuthService)
     {
-        $mfaMethods = user()->mfaValues->groupBy('method');
+        $mfaMethods = user()->mfaValues()->get()->groupBy('method');
 
         $this->setPageTitle(trans('preferences.auth'));
 
@@ -176,6 +180,8 @@ class UserAccountController extends Controller
      */
     public function updatePassword(Request $request)
     {
+        $this->preventAccessInDemoMode();
+
         if (config('auth.method') !== 'standard') {
             $this->showPermissionError();
         }
@@ -191,4 +197,31 @@ class UserAccountController extends Controller
 
         return redirect('/my-account/auth');
     }
+
+    /**
+     * Show the user self-delete page.
+     */
+    public function delete()
+    {
+        $this->setPageTitle(trans('preferences.delete_my_account'));
+
+        return view('users.account.delete', [
+            'category' => 'profile',
+        ]);
+    }
+
+    /**
+     * Remove the current user from the system.
+     */
+    public function destroy(Request $request)
+    {
+        $this->preventAccessInDemoMode();
+
+        $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
+        $newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;
+
+        $this->userRepo->destroy(user(), $newOwnerId);
+
+        return redirect('/');
+    }
 }