castopod/app/Controllers/Auth.php

<?php

/**
 * @copyright  2020 Podlibre
 * @license    https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
 * @link       https://castopod.org/
 */

namespace App\Controllers;

use App\Entities\User;

class Auth extends \Myth\Auth\Controllers\AuthController
{
    /**
     * An array of helpers to be automatically loaded
     * upon class instantiation.
     *
     * @var array
     */
    protected $helpers = ['components'];

    /**
     * Attempt to register a new user.
     */
    public function attemptRegister()
    {
        // Check if registration is allowed
        if (!$this->config->allowRegistration) {
            return redirect()
                ->back()
                ->withInput()
                ->with('error', lang('Auth.registerDisabled'));
        }

        $users = model('UserModel');

        // Validate here first, since some things,
        // like the password, can only be validated properly here.
        $rules = [
            'username' =>
                'required|alpha_numeric_space|min_length[3]|is_unique[users.username]',
            'email' => 'required|valid_email|is_unique[users.email]',
            'password' => 'required|strong_password',
        ];

        if (!$this->validate($rules)) {
            return redirect()
                ->back()
                ->withInput()
                ->with('errors', service('validation')->getErrors());
        }

        // Save the user
        $allowedPostFields = array_merge(
            ['password'],
            $this->config->validFields,
            $this->config->personalFields,
        );
        $user = new User($this->request->getPost($allowedPostFields));

        $this->config->requireActivation !== false
            ? $user->generateActivateHash()
            : $user->activate();

        // Ensure default group gets assigned if set
        if (!empty($this->config->defaultUserGroup)) {
            $users = $users->withGroup($this->config->defaultUserGroup);
        }

        if (!$users->save($user)) {
            return redirect()
                ->back()
                ->withInput()
                ->with('errors', $users->errors());
        }

        if ($this->config->requireActivation !== false) {
            $activator = service('activator');
            $sent = $activator->send($user);

            if (!$sent) {
                return redirect()
                    ->back()
                    ->withInput()
                    ->with(
                        'error',
                        $activator->error() ?? lang('Auth.unknownError'),
                    );
            }

            // Success!
            return redirect()
                ->route('login')
                ->with('message', lang('Auth.activationSuccess'));
        }

        // Success!
        return redirect()
            ->route('login')
            ->with('message', lang('Auth.registerSuccess'));
    }

    /**
     * Verifies the code with the email and saves the new password,
     * if they all pass validation.
     *
     * @return mixed
     */
    public function attemptReset()
    {
        if ($this->config->activeResetter === false) {
            return redirect()
                ->route('login')
                ->with('error', lang('Auth.forgotDisabled'));
        }

        $users = model('UserModel');

        // First things first - log the reset attempt.
        $users->logResetAttempt(
            $this->request->getPost('email'),
            $this->request->getPost('token'),
            $this->request->getIPAddress(),
            (string) $this->request->getUserAgent(),
        );

        $rules = [
            'token' => 'required',
            'email' => 'required|valid_email',
            'password' => 'required|strong_password',
        ];

        if (!$this->validate($rules)) {
            return redirect()
                ->back()
                ->withInput()
                ->with('errors', $users->errors());
        }

        $user = $users
            ->where('email', $this->request->getPost('email'))
            ->where('reset_hash', $this->request->getPost('token'))
            ->first();

        if (is_null($user)) {
            return redirect()
                ->back()
                ->with('error', lang('Auth.forgotNoUser'));
        }

        // Reset token still valid?
        if (
            !empty($user->reset_expires) &&
            time() > $user->reset_expires->getTimestamp()
        ) {
            return redirect()
                ->back()
                ->withInput()
                ->with('error', lang('Auth.resetTokenExpired'));
        }

        // Success! Save the new password, and cleanup the reset hash.
        $user->password = $this->request->getPost('password');
        $user->reset_hash = null;
        $user->reset_at = date('Y-m-d H:i:s');
        $user->reset_expires = null;
        $user->force_pass_reset = false;
        $users->save($user);

        return redirect()
            ->route('login')
            ->with('message', lang('Auth.resetSuccess'));
    }

    public function attemptInteractAsActor()
    {
        $rules = [
            'actor_id' => 'required|numeric',
        ];

        if (!$this->validate($rules)) {
            return redirect()
                ->back()
                ->withInput()
                ->with('errors', service('validation')->getErrors());
        }

        helper('auth');

        set_interact_as_actor($this->request->getPost('actor_id'));

        return redirect()->back();
    }
}
refactor: rewrite form pages using form helper - add installGateway to app config - update route names and groups - remove `author_name` and `author_email` from `episodes` table - remove `author_name` and `author_email` from `podcasts` table - remove `owner_id` + add `created_by` and `updated_by` fields in `podcasts` and `episodes` tables - remove unnecessary comments in database fields - remove confirm password inputs from auth forms for better ux - rename `pub_date` field to `published_at` and add publication time field in episode form closes #14, #28 2020-08-14 20:27:57 +02:00			`<?php`

			`/**`
			`* @copyright 2020 Podlibre`
			`* @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3`
			`* @link https://castopod.org/`
			`*/`

			`namespace App\Controllers;`

			`use App\Entities\User;`

			`class Auth extends \Myth\Auth\Controllers\AuthController`
			`{`
feat: enhance admin ui with responsive design and ux improvements - add podcast sidebar navigation - add podcast dashboard with latest episodes - add pagination to podcast episodes - add components helper to reuse ui components (button, data_table, etc.) - enhance podcast and episode forms by splitting them into form sections - add hint tooltips to podcast and episode forms - transform radio inputs as buttons for better ux - replace explicit field by parental_advisory - replace author field by publisher - add podcasts_categories table to set multiple categories - use choices.js to enhance multiselect fields - update Language files - update js dependencies to latest versions closes #31, #9 2020-10-02 17:38:16 +02:00			`/**`
			`* An array of helpers to be automatically loaded`
			`* upon class instantiation.`
			`*`
			`* @var array`
			`*/`
			`protected $helpers = ['components'];`

refactor: rewrite form pages using form helper - add installGateway to app config - update route names and groups - remove `author_name` and `author_email` from `episodes` table - remove `author_name` and `author_email` from `podcasts` table - remove `owner_id` + add `created_by` and `updated_by` fields in `podcasts` and `episodes` tables - remove unnecessary comments in database fields - remove confirm password inputs from auth forms for better ux - rename `pub_date` field to `published_at` and add publication time field in episode form closes #14, #28 2020-08-14 20:27:57 +02:00			`/**`
			`* Attempt to register a new user.`
			`*/`
			`public function attemptRegister()`
			`{`
			`// Check if registration is allowed`
			`if (!$this->config->allowRegistration) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with('error', lang('Auth.registerDisabled'));`
			`}`

			`$users = model('UserModel');`

			`// Validate here first, since some things,`
			`// like the password, can only be validated properly here.`
			`$rules = [`
			`'username' =>`
			`'required\|alpha_numeric_space\|min_length[3]\|is_unique[users.username]',`
			`'email' => 'required\|valid_email\|is_unique[users.email]',`
			`'password' => 'required\|strong_password',`
			`];`

			`if (!$this->validate($rules)) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with('errors', service('validation')->getErrors());`
			`}`

			`// Save the user`
			`$allowedPostFields = array_merge(`
			`['password'],`
			`$this->config->validFields,`
feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 19:20:02 +02:00			`$this->config->personalFields,`
refactor: rewrite form pages using form helper - add installGateway to app config - update route names and groups - remove `author_name` and `author_email` from `episodes` table - remove `author_name` and `author_email` from `podcasts` table - remove `owner_id` + add `created_by` and `updated_by` fields in `podcasts` and `episodes` tables - remove unnecessary comments in database fields - remove confirm password inputs from auth forms for better ux - rename `pub_date` field to `published_at` and add publication time field in episode form closes #14, #28 2020-08-14 20:27:57 +02:00			`);`
			`$user = new User($this->request->getPost($allowedPostFields));`

			`$this->config->requireActivation !== false`
			`? $user->generateActivateHash()`
			`: $user->activate();`

			`// Ensure default group gets assigned if set`
			`if (!empty($this->config->defaultUserGroup)) {`
			`$users = $users->withGroup($this->config->defaultUserGroup);`
			`}`

			`if (!$users->save($user)) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with('errors', $users->errors());`
			`}`

			`if ($this->config->requireActivation !== false) {`
			`$activator = service('activator');`
			`$sent = $activator->send($user);`

			`if (!$sent) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with(`
			`'error',`
feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 19:20:02 +02:00			`$activator->error() ?? lang('Auth.unknownError'),`
refactor: rewrite form pages using form helper - add installGateway to app config - update route names and groups - remove `author_name` and `author_email` from `episodes` table - remove `author_name` and `author_email` from `podcasts` table - remove `owner_id` + add `created_by` and `updated_by` fields in `podcasts` and `episodes` tables - remove unnecessary comments in database fields - remove confirm password inputs from auth forms for better ux - rename `pub_date` field to `published_at` and add publication time field in episode form closes #14, #28 2020-08-14 20:27:57 +02:00			`);`
			`}`

			`// Success!`
			`return redirect()`
			`->route('login')`
			`->with('message', lang('Auth.activationSuccess'));`
			`}`

			`// Success!`
			`return redirect()`
			`->route('login')`
			`->with('message', lang('Auth.registerSuccess'));`
			`}`

			`/**`
			`* Verifies the code with the email and saves the new password,`
			`* if they all pass validation.`
			`*`
			`* @return mixed`
			`*/`
			`public function attemptReset()`
			`{`
			`if ($this->config->activeResetter === false) {`
			`return redirect()`
			`->route('login')`
			`->with('error', lang('Auth.forgotDisabled'));`
			`}`

			`$users = model('UserModel');`

			`// First things first - log the reset attempt.`
			`$users->logResetAttempt(`
			`$this->request->getPost('email'),`
			`$this->request->getPost('token'),`
			`$this->request->getIPAddress(),`
feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 19:20:02 +02:00			`(string) $this->request->getUserAgent(),`
refactor: rewrite form pages using form helper - add installGateway to app config - update route names and groups - remove `author_name` and `author_email` from `episodes` table - remove `author_name` and `author_email` from `podcasts` table - remove `owner_id` + add `created_by` and `updated_by` fields in `podcasts` and `episodes` tables - remove unnecessary comments in database fields - remove confirm password inputs from auth forms for better ux - rename `pub_date` field to `published_at` and add publication time field in episode form closes #14, #28 2020-08-14 20:27:57 +02:00			`);`

			`$rules = [`
			`'token' => 'required',`
			`'email' => 'required\|valid_email',`
			`'password' => 'required\|strong_password',`
			`];`

			`if (!$this->validate($rules)) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with('errors', $users->errors());`
			`}`

			`$user = $users`
			`->where('email', $this->request->getPost('email'))`
			`->where('reset_hash', $this->request->getPost('token'))`
			`->first();`

			`if (is_null($user)) {`
			`return redirect()`
			`->back()`
			`->with('error', lang('Auth.forgotNoUser'));`
			`}`

			`// Reset token still valid?`
			`if (`
			`!empty($user->reset_expires) &&`
			`time() > $user->reset_expires->getTimestamp()`
			`) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with('error', lang('Auth.resetTokenExpired'));`
			`}`

			`// Success! Save the new password, and cleanup the reset hash.`
			`$user->password = $this->request->getPost('password');`
			`$user->reset_hash = null;`
			`$user->reset_at = date('Y-m-d H:i:s');`
			`$user->reset_expires = null;`
			`$user->force_pass_reset = false;`
			`$users->save($user);`

			`return redirect()`
			`->route('login')`
			`->with('message', lang('Auth.resetSuccess'));`
			`}`
feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 19:20:02 +02:00
			`public function attemptInteractAsActor()`
			`{`
			`$rules = [`
			`'actor_id' => 'required\|numeric',`
			`];`

			`if (!$this->validate($rules)) {`
			`return redirect()`
			`->back()`
			`->withInput()`
			`->with('errors', service('validation')->getErrors());`
			`}`

			`helper('auth');`

			`set_interact_as_actor($this->request->getPost('actor_id'));`

			`return redirect()->back();`
			`}`
refactor: rewrite form pages using form helper - add installGateway to app config - update route names and groups - remove `author_name` and `author_email` from `episodes` table - remove `author_name` and `author_email` from `podcasts` table - remove `owner_id` + add `created_by` and `updated_by` fields in `podcasts` and `episodes` tables - remove unnecessary comments in database fields - remove confirm password inputs from auth forms for better ux - rename `pub_date` field to `published_at` and add publication time field in episode form closes #14, #28 2020-08-14 20:27:57 +02:00			`}`