staffmanager/app/Http/Controllers/ContactController.php

<?php

/*
 * Copyright © 2020 Miguel Nogueira
 *
 *   This file is part of Raspberry Staff Manager.
 *
 *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
 *     it under the terms of the GNU General Public License as published by
 *     the Free Software Foundation, either version 3 of the License, or
 *     (at your option) any later version.
 *
 *     Raspberry Staff Manager is distributed in the hope that it will be useful,
 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *     GNU General Public License for more details.
 *
 *     You should have received a copy of the GNU General Public License
 *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
 */

namespace App\Http\Controllers;

use App\Notifications\NewContact;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;

class ContactController extends Controller
{
    protected $users;

    public function __construct(User $users)
    {
        $this->users = $users;
    }

    public function create(Request $request)
    {
        $name = $request->name;
        $email = $request->email;
        $subject = $request->subject;
        $msg = $request->msg;

        $challenge = $request->input('captcha');

        // TODO: now: add middleware for this verification, move to invisible captcha
        $verifyrequest = Http::asForm()->post(config('recaptcha.verify.apiurl'), [
            'secret' => config('recaptcha.keys.secret'),
            'response' => $challenge,
            'remoteip' => $request->ip(),
        ]);

        $response = json_decode($verifyrequest->getBody(), true);

        if (! $response['success']) {
            $request->session()->flash('error', 'Beep beep boop... Robot? Submission failed.');

            return redirect()->back();
        }

        foreach (User::all() as $user) {
            if ($user->hasRole('admin')) {
                $user->notify(new NewContact(collect([
                    'message' => $msg,
                    'ip' => $request->ip(),
                    'email' => $email,
                ])));
            }
        }

        $request->session()->flash('success', 'Message sent successfully! We usually respond within 48 hours.');

        return redirect()->back();
    }
}
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`<?php`

Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00			`/*`
			`* Copyright © 2020 Miguel Nogueira`
			`*`
			`* This file is part of Raspberry Staff Manager.`
			`*`
			`* Raspberry Staff Manager is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* Raspberry Staff Manager is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with Raspberry Staff Manager. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`namespace App\Http\Controllers;`

Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`use App\Notifications\NewContact;`
			`use App\User;`
Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Http;`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`class ContactController extends Controller`
			`{`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`protected $users;`

			`public function __construct(User $users)`
			`{`
			`$this->users = $users;`
			`}`

Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`public function create(Request $request)`
			`{`
			`$name = $request->name;`
			`$email = $request->email;`
			`$subject = $request->subject;`
			`$msg = $request->msg;`

			`$challenge = $request->input('captcha');`

Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`// TODO: now: add middleware for this verification, move to invisible captcha`
Switch custom Guzzle integration for Laravel's HTTP facade Commit also adds config options to the example file. 2020-05-02 19:18:56 +00:00			`$verifyrequest = Http::asForm()->post(config('recaptcha.verify.apiurl'), [`
			`'secret' => config('recaptcha.keys.secret'),`
			`'response' => $challenge,`
Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00			`'remoteip' => $request->ip(),`
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`]);`
Switch custom Guzzle integration for Laravel's HTTP facade Commit also adds config options to the example file. 2020-05-02 19:18:56 +00:00
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`$response = json_decode($verifyrequest->getBody(), true);`

Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00			`if (! $response['success']) {`
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`$request->session()->flash('error', 'Beep beep boop... Robot? Submission failed.');`
Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`return redirect()->back();`
			`}`

Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00			`foreach (User::all() as $user) {`
			`if ($user->hasRole('admin')) {`
			`$user->notify(new NewContact(collect([`
			`'message' => $msg,`
			`'ip' => $request->ip(),`
			`'email' => $email,`
			`])));`
			`}`
Code review This commit fixes some superficial instances of Broken Access Control (https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control). There may be some more instances of this, as authorization was only done after most of the controllers were done (big mistake). Some refactoring was also performed, where Route Model Binding with DI (dependency injection) was used whenever possible, to increase testability of the codebase. Some reused code was also moved to Helper classes as to enforce DRY; There may be some lines of code that are still copy-pasted from other parts of the codebase for reuse. Non-breaking refactoring changes were made, but the app as a whole still needs full manual testing, and customised responses to HTTP 500 responses. Some errors are also not handled gracefully and this wasn't checked in this commit. 2020-07-16 20:21:28 +00:00			`}`
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00
			`$request->session()->flash('success', 'Message sent successfully! We usually respond within 48 hours.');`
Apply fixes from StyleCI 2020-10-21 00:01:41 +00:00
Added main page This commit adds the main page (incl. breadcrumbs), a license file, a contact form (with recaptcha) and a captcha config file. 2020-04-27 06:28:00 +00:00			`return redirect()->back();`
			`}`
			`}`