X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/58fa7679bccafd00f9a50bcd4a87e96876331b03..refs/pull/3210/head:/app/Http/Controllers/UserController.php

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index ba3590437..a76105fa6 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -1,4 +1,6 @@
-<?php namespace BookStack\Http\Controllers;
+<?php
+
+namespace BookStack\Http\Controllers;
 
 use BookStack\Actions\ActivityType;
 use BookStack\Auth\Access\SocialAuthService;
@@ -10,12 +12,13 @@ use BookStack\Exceptions\UserUpdateException;
 use BookStack\Uploads\ImageRepo;
 use Exception;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Str;
+use Illuminate\Validation\Rules\Password;
 use Illuminate\Validation\ValidationException;
 
 class UserController extends Controller
 {
-
     protected $user;
     protected $userRepo;
     protected $inviteService;
@@ -39,14 +42,15 @@ class UserController extends Controller
     {
         $this->checkPermission('users-manage');
         $listDetails = [
-            'order' => $request->get('order', 'asc'),
+            'order'  => $request->get('order', 'asc'),
             'search' => $request->get('search', ''),
-            'sort' => $request->get('sort', 'name'),
+            'sort'   => $request->get('sort', 'name'),
         ];
         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
 
         $this->setPageTitle(trans('settings.users'));
         $users->appends($listDetails);
+
         return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
     }
 
@@ -58,11 +62,13 @@ class UserController extends Controller
         $this->checkPermission('users-manage');
         $authMethod = config('auth.method');
         $roles = $this->userRepo->getAllRoles();
+
         return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
     }
 
     /**
      * Store a newly created user in storage.
+     *
      * @throws UserUpdateException
      * @throws ValidationException
      */
@@ -70,18 +76,18 @@ class UserController extends Controller
     {
         $this->checkPermission('users-manage');
         $validationRules = [
-            'name'  => 'required',
-            'email' => 'required|email|unique:users,email'
+            'name'  => ['required'],
+            'email' => ['required', 'email', 'unique:users,email'],
         ];
 
         $authMethod = config('auth.method');
         $sendInvite = ($request->get('send_invite', 'false') === 'true');
 
         if ($authMethod === 'standard' && !$sendInvite) {
-            $validationRules['password'] = 'required|min:6';
-            $validationRules['password-confirm'] = 'required|same:password';
-        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
-            $validationRules['external_auth_id'] = 'required';
+            $validationRules['password'] = ['required', Password::default()];
+            $validationRules['password-confirm'] = ['required', 'same:password'];
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
+            $validationRules['external_auth_id'] = ['required'];
         }
         $this->validate($request, $validationRules);
 
@@ -89,25 +95,29 @@ class UserController extends Controller
 
         if ($authMethod === 'standard') {
             $user->password = bcrypt($request->get('password', Str::random(32)));
-        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
             $user->external_auth_id = $request->get('external_auth_id');
         }
 
         $user->refreshSlug();
-        $user->save();
 
-        if ($sendInvite) {
-            $this->inviteService->sendInvitation($user);
-        }
+        DB::transaction(function () use ($user, $sendInvite, $request) {
+            $user->save();
 
-        if ($request->filled('roles')) {
-            $roles = $request->get('roles');
-            $this->userRepo->setUserRoles($user, $roles);
-        }
+            if ($sendInvite) {
+                $this->inviteService->sendInvitation($user);
+            }
 
-        $this->userRepo->downloadAndAssignUserAvatar($user);
+            if ($request->filled('roles')) {
+                $roles = $request->get('roles');
+                $this->userRepo->setUserRoles($user, $roles);
+            }
+
+            $this->userRepo->downloadAndAssignUserAvatar($user);
+
+            $this->logActivity(ActivityType::USER_CREATE, $user);
+        });
 
-        $this->logActivity(ActivityType::USER_CREATE, $user);
         return redirect('/settings/users');
     }
 
@@ -118,23 +128,28 @@ class UserController extends Controller
     {
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
-        $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);
+        /** @var User $user */
+        $user = $this->user->newQuery()->with(['apiTokens', 'mfaValues'])->findOrFail($id);
 
         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 
         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
+        $mfaMethods = $user->mfaValues->groupBy('method');
         $this->setPageTitle(trans('settings.user_profile'));
         $roles = $this->userRepo->getAllRoles();
+
         return view('users.edit', [
-            'user' => $user,
+            'user'                => $user,
             'activeSocialDrivers' => $activeSocialDrivers,
-            'authMethod' => $authMethod,
-            'roles' => $roles
+            'mfaMethods'          => $mfaMethods,
+            'authMethod'          => $authMethod,
+            'roles'               => $roles,
         ]);
     }
 
     /**
      * Update the specified user in storage.
+     *
      * @throws UserUpdateException
      * @throws ImageUploadException
      * @throws ValidationException
@@ -145,12 +160,12 @@ class UserController extends Controller
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $this->validate($request, [
-            'name'             => 'min:2',
-            'email'            => 'min:2|email|unique:users,email,' . $id,
-            'password'         => 'min:6|required_with:password_confirm',
-            'password-confirm' => 'same:password|required_with:password',
-            'setting'          => 'array',
-            'profile_image'    => 'nullable|' . $this->getImageValidationRules(),
+            'name'             => ['min:2'],
+            'email'            => ['min:2', 'email', 'unique:users,email,' . $id],
+            'password'         => ['required_with:password_confirm', Password::default()],
+            'password-confirm' => ['same:password', 'required_with:password'],
+            'setting'          => ['array'],
+            'profile_image'    => array_merge(['nullable'], $this->getImageValidationRules()),
         ]);
 
         $user = $this->userRepo->getById($id);
@@ -208,6 +223,7 @@ class UserController extends Controller
         $this->logActivity(ActivityType::USER_UPDATE, $user);
 
         $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
+
         return redirect($redirectUrl);
     }
 
@@ -220,11 +236,13 @@ class UserController extends Controller
 
         $user = $this->userRepo->getById($id);
         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
+
         return view('users.delete', ['user' => $user]);
     }
 
     /**
      * Remove the specified user from storage.
+     *
      * @throws Exception
      */
     public function destroy(Request $request, int $id)
@@ -237,11 +255,13 @@ class UserController extends Controller
 
         if ($this->userRepo->isOnlyAdmin($user)) {
             $this->showErrorNotification(trans('errors.users_cannot_delete_only_admin'));
+
             return redirect($user->getEditUrl());
         }
 
         if ($user->system_name === 'public') {
             $this->showErrorNotification(trans('errors.users_cannot_delete_guest'));
+
             return redirect($user->getEditUrl());
         }
 
@@ -304,6 +324,7 @@ class UserController extends Controller
         if (!in_array($type, $validSortTypes)) {
             return redirect()->back(500);
         }
+
         return $this->changeListSort($id, $request, $type);
     }
 
@@ -314,6 +335,7 @@ class UserController extends Controller
     {
         $enabled = setting()->getForCurrentUser('dark-mode-enabled', false);
         setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');
+
         return redirect()->back();
     }
 
@@ -325,14 +347,15 @@ class UserController extends Controller
         $this->checkPermissionOrCurrentUser('users-manage', $id);
         $keyWhitelist = ['home-details'];
         if (!in_array($key, $keyWhitelist)) {
-            return response("Invalid key", 500);
+            return response('Invalid key', 500);
         }
 
         $newState = $request->get('expand', 'false');
 
         $user = $this->user->findOrFail($id);
         setting()->putUser($user, 'section_expansion#' . $key, $newState);
-        return response("", 204);
+
+        return response('', 204);
     }
 
     /**