app/Http/Requests/UpdateUserRequest.php

<?php

namespace App\Http\Requests;

use Hash;
use Illuminate\Foundation\Http\FormRequest;
use LibreNMS\Config;

class UpdateUserRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        if ($this->user()->isAdmin()) {
            return true;
        }

        $user = $this->route('user');
        if ($user && $this->user()->can('update', $user)) {
            // normal users cannot edit their level or ability to modify a password
            unset($this['level'], $this['can_modify_passwd']);
            return true;
        }

        return false;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'realname' => 'max:64',
            'email' => 'nullable|email|max:64',
            'descr' => 'max:30',
            'level' => 'int',
            'old_password' => 'nullable|string',
            'new_password' => 'nullable|confirmed|min:' . Config::get('password.min_length', 8),
            'dashboard' => 'int',
        ];
    }

    /**
     * Configure the validator instance.
     *
     * @param  \Illuminate\Validation\Validator  $validator
     * @return void
     */
    public function withValidator($validator)
    {
        $validator->after(function ($validator) {
            // if not an admin and new_password is set, check old password matches
            if (!$this->user()->isAdmin()) {
                if ($this->has('new_password')) {
                    if ($this->has('old_password')) {
                        $user = $this->route('user');
                        if ($user && !Hash::check($this->old_password, $user->password)) {
                            $validator->errors()->add('old_password', __('Existing password did not match'));
                        }
                    } else {
                        $validator->errors()->add('old_password', __('The :attribute field is required.', ['attribute' => 'old_password']));
                    }
                }
            }
        });
    }
}
New User Management (#9348) * Rewrite user management. Error management Revert edituser legacy page Connect user permissions button to legacy page for now. Implement user creation Refine form Remove PingCheck.php accidental add :) Fixes for redirection and deletion More fixes: realname accidental validation setting, hide can modify for read-only auths Use a panel to improve style Add icon to panel-title Not allowed to delete own user (at least via the click of a button) Use request validation to reduce complexity of controller. Improve protection against users doing things they should not. Switch to horizontal form and not nearly as wide of layout :) delete without refresh. Fix for buttons Include all users (not just from this auth) Hide the auth column if there is only one auth type Show username if real name isn't set Don't allow creation of demo users via the webui a fix to the lnms user:add command, it didn't set auth_id update edituser.inc.php to current just redirect to users page * Remove TwoFactorTest for now * Update edituser.inc.php * Update .env.dusk.testing * Enable 2fa for 2fa test... 2019-04-22 19:01:39 -05:00			`<?php`

			`namespace App\Http\Requests;`

			`use Hash;`
			`use Illuminate\Foundation\Http\FormRequest;`
			`use LibreNMS\Config;`

			`class UpdateUserRequest extends FormRequest`
			`{`
			`/**`
			`* Determine if the user is authorized to make this request.`
			`*`
			`* @return bool`
			`*/`
			`public function authorize()`
			`{`
			`if ($this->user()->isAdmin()) {`
			`return true;`
			`}`

			`$user = $this->route('user');`
			`if ($user && $this->user()->can('update', $user)) {`
			`// normal users cannot edit their level or ability to modify a password`
			`unset($this['level'], $this['can_modify_passwd']);`
			`return true;`
			`}`

			`return false;`
			`}`

			`/**`
			`* Get the validation rules that apply to the request.`
			`*`
			`* @return array`
			`*/`
			`public function rules()`
			`{`
			`return [`
			`'realname' => 'max:64',`
			`'email' => 'nullable\|email\|max:64',`
			`'descr' => 'max:30',`
			`'level' => 'int',`
			`'old_password' => 'nullable\|string',`
			`'new_password' => 'nullable\|confirmed\|min:' . Config::get('password.min_length', 8),`
			`'dashboard' => 'int',`
			`];`
			`}`

			`/**`
			`* Configure the validator instance.`
			`*`
			`* @param \Illuminate\Validation\Validator $validator`
			`* @return void`
			`*/`
			`public function withValidator($validator)`
			`{`
			`$validator->after(function ($validator) {`
			`// if not an admin and new_password is set, check old password matches`
			`if (!$this->user()->isAdmin()) {`
			`if ($this->has('new_password')) {`
			`if ($this->has('old_password')) {`
			`$user = $this->route('user');`
			`if ($user && !Hash::check($this->old_password, $user->password)) {`
			`$validator->errors()->add('old_password', __('Existing password did not match'));`
			`}`
			`} else {`
			`$validator->errors()->add('old_password', __('The :attribute field is required.', ['attribute' => 'old_password']));`
			`}`
			`}`
			`}`
			`});`
			`}`
			`}`