Fix bad key name

Revert "Apply fixes from StyleCI (pull request #6)"

.env.example

@@ -21,9 +21,6 @@ RECAPTCHA_PRIVATE_KEY=
 RECAPTCHA_VERIFY_URL="https://www.google.com/recaptcha/api/siteverify"
 # WARNING: Your contact form will be useless if you change this value. Only change this URL if Google updates it.
 
-IPGEO_API_KEY=""
-IPGEO_API_URL=""
-
 MOJANG_STATUS_URL="https://status.mojang.com/check"
 MOJANG_API_URL="https://api.mojang.com"
 
@@ -32,7 +29,7 @@ IPGEO_API_URL="https://api.ipgeolocation.io/ipgeo"
 
 ARCANEDEV_LOGVIEWER_MIDDLEWARE=web,auth,can:admin.maintenance.logs.view
 
-RELEASE=staffmanagement@0.2.0
+RELEASE=staffmanagement@0.6.1
 
 SLACK_INTEGRATION_WEBHOOK=
 
@@ -68,4 +65,8 @@ PUSHER_APP_CLUSTER=mt1
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
 
+# Mostly for developers, but with Papertrail, you can easily see what the app's users are doing without relying on
+# the internal log viewer.
 SENTRY_LARAVEL_DSN=
+PAPERTRAIL_URL=
+PAPERTRAIL_PORT

CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at support@spacejewel-hosting.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

CONTRIBUTING.md

@@ -0,0 +1,29 @@
+# Thank you for contributing!
+
+Read this file carefully before contributing to the project. It's important that everyone follows these rules to ensure smooth contribution.
+
+## General workflow
+
+Since the project is under version 1.0.0, the master branch can be quite unstable, and even unusable. For this reason, I recommend you stick to the published
+releases, unless you intend on helping out with the project.
+
+New features are commited directly to the ``master`` branch, while translations are commited to a special service branch, merged onto ``translate``, tested, and
+merged back to master. Above version 1.0.0, new features should follow the same procedure as translations.
+
+## Before commiting
+
+Before commiting, make sure your code adheres to the Laravel coding guidelines, as well as PSR-4. I'll personally review and merge each PR.
+Thank you for your interest!
+
+
+# Bug reports
+
+As always, bug reports should stick to the bug report template. GitHub makes this easy for you by letting you choose which issue template you'd like to use
+before reporting an isuse. This helps everyone stay in the same page.
+
+Issues published without a template might take longer to be resolved, or may be ignored and marked ``wontfix``.
+
+
+# Licensing
+
+Any contributions you make will be under the GNU GPL v3 license, which is the license that covers this project.

README.md

@@ -1,6 +1,6 @@
 
-# Raspberry Teams - The Simple Staff Application Manager v 0.1.0 [![Crowdin](https://badges.crowdin.net/raspberry-staff-manager/localized.svg)](https://crowdin.com/project/raspberry-staff-manager)
+# RB Recruiter v 0.6.2 [![Crowdin](https://badges.crowdin.net/raspberry-staff-manager/localized.svg)](https://crowdin.com/project/raspberry-staff-manager)
-## The quick and pain-free staff application manager
+## The quick and pain-free form management solution for communities
 
 Have you ever gotten tired of managing your Minecraft server/network's applications through Discord (or anything else) and having to scroll through hundreds of new messages just to find that one applicant's username?
 
@@ -48,6 +48,14 @@ Tech stack:
  - jQuery / Plain Javascript
  - vueJS (in the future)
  
+ # Stability
+ 
+ Currently, the ``master`` branch is highly unstable, since it's under active development. Expect it to break with each commit. Even though I make an effort to make sure each commit is good to go before pushing, things might still break unexpectedly, and you may find a lot of bugs (which you should report).
+ 
+ Every released version is currently pre-release. If you really want to run this before version ``1.0.0`` comes out, always stay on the latest version, as those will always be tested before release, ensuring less chaos.
+ 
+ *Note: This application is NOT production ready! It won't be until the first stable release comes out, which might take a bit longer.
+
 # Operating System Requirements
 
  Currently, this application is only supported on Linux environments (Ubuntu 20.04 or derivatives are recommended).

SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions are currently supported:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.x   | :x:                |
+| 0.5.x   | :x:                |
+| 0.6.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To securely report a vulnerability, you may send me an email directly containing the details of said vulnerability: ``me@nogueira.codes``.
+
+You may optionally encrypt your message with my [public PGP key](http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x48DF709E7405702B).
+
+Use this free [online encryption tool](https://www.igolder.com/pgp/encryption/) if you don't know how to use PGP on your desktop.

app/Ban.php

@@ -17,6 +17,10 @@ class Ban extends Model
 
     ];
 
+    public $dates = [
+        'bannedUntil'
+    ];
+
     public function user()
     {
         return $this->belongsTo('App\User', 'userID', 'id');

app/Console/Commands/Install.php

@@ -99,12 +99,16 @@ class Install extends Command
                $settings['MAIL_PASSWORD'] = $this->secret('SMTP Password (Input won\'t be seen)');
                $settings['MAIL_PORT'] = $this->ask('SMTP Server Port');
                $settings['MAIL_HOST'] = $this->ask('SMTP Server Hostname');
+               $settings['MAIL_FROM_ADDRESS'] = $this->ask('E-mail address to send from');
 
                $this->info('== Notification Settings (5/6) (Slack) ==');
                $settings['SLACK_INTEGRATION_WEBHOOK'] = $this->ask('Integration webhook URL');
 
                $this->info('== Web Settings (6/6) ==');
-               $settings['APP_URL'] = $this->ask('Application\'s URL');
+               $settings['APP_URL'] = $this->ask('Application\'s URL (ex. https://where.you.installed.theapp.com): ');
+               $settings['APP_LOGO'] = $this->ask('App logo (Link to an image): ');
+               $settings['APP_SITEHOMEPAGE'] = $this->ask('Site homepage (appears in the main header): ');
+
 
            } while(!$this->confirm('Are you sure you want to save these settings? You can always go back and try again.'));
 

app/Http/Controllers/BanController.php

@@ -15,7 +15,7 @@ class BanController extends Controller
     public function insert(BanUserRequest $request, User $user)
     {
 
-        $this->authorize('create', Ban::class);
+        $this->authorize('create', [Ban::class, $user]);
 
         if (is_null($user->bans))
         {
@@ -50,13 +50,13 @@ class BanController extends Controller
             else
             {
                 // Essentially permanent
-                $expiryDate->addYears(100);
+                $expiryDate->addYears(5);
             }
 
             $ban = Ban::create([
                 'userID' => $user->id,
                 'reason' => $reason,
-                'bannedUntil' => $expiryDate->toDateTimeString() ?? null,
+                'bannedUntil' => $expiryDate->format('Y-m-d H:i:s'),
                 'userAgent' => "Unknown",
                 'authorUserID' => Auth::user()->id
             ]);

app/Http/Controllers/OptionsController.php

@@ -7,6 +7,7 @@ use App\Options as Option;
 
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Log;
 
 class OptionsController extends Controller
 {
@@ -29,17 +30,33 @@ class OptionsController extends Controller
    {
        if (Auth::user()->can('admin.settings.edit'))
        {
+           Log::debug('Updating application options', [
+               'ip' => $request->ip(),
+               'ua' => $request->userAgent(),
+               'username' => Auth::user()->username
+           ]);
            foreach($request->all() as $optionName => $option)
            {
                try
                {
-                   if (Options::optionExists($option))
+                   Log::debug('Going through option ' . $optionName);
+                   if (Options::optionExists($optionName))
                    {
+                       Log::debug('Option exists, updating to new values', [
+                           'opt' => $optionName,
+                           'new_value' => $option
+                       ]);
                        Options::changeOption($optionName, $option);
                    }
                }
                catch(\Exception $ex)
                {
+                   Log::error('Unable to update options!', [
+                       'msg' => $ex->getMessage(),
+                       'trace' => $ex->getTraceAsString()
+                   ]);
+                   report($ex);
+
                    $errorCond = true;
                    $request->session()->flash('error', 'An error occurred while trying to save settings: ' . $ex->getMessage());
                }

app/Http/Requests/BanUserRequest.php

@@ -27,7 +27,7 @@ class BanUserRequest extends FormRequest
     {
         return [
             'reason' => 'required|string',
-            'durationOperand' => 'nullable|integer',
+            'durationOperand' => 'nullable|string',
             'durationOperator' => 'nullable|string'
         ];
     }

app/Listeners/LogAuthenticationFailure.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Listeners;
+
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Support\Facades\Log;
+
+class LogAuthenticationFailure
+{
+    /**
+     * Create the event listener.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Handle the event.
+     *
+     * @param  object  $event
+     * @return void
+     */
+    public function handle($event)
+    {
+        $targetAccountID = 0;
+        $originalIP = "0.0.0.0";
+
+        if (isset($event->user->id))
+        {
+            $targetAccountID = $event->user->id;
+        }
+
+        Log::alert('SECURITY (login): Detected failed authentication attempt!', [
+            'targetAccountID' => $targetAccountID,
+            'existingAccount' => ($targetAccountID == 0) ? false : true,
+            'sourceIP' => request()->ip(),
+            'matchesAccountLastIP' => request()->ip() == $originalIP,
+            'sourceUserAgent' => request()->userAgent(),
+        ]);
+    }
+}

app/Listeners/LogAuthenticationSuccess.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Listeners;
+
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Support\Facades\Log;
+
+class LogAuthenticationSuccess
+{
+    /**
+     * Create the event listener.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Handle the event.
+     *
+     * @param  object  $event
+     * @return void
+     */
+    public function handle($event)
+    {
+        Log::info('SECURITY (postauth-pre2fa): Detected successful login attempt', [
+            'accountID' => $event->user->id,
+            'sourceIP' => request()->ip(),
+            'matchesAccountLastIP' => request()->ip() == $event->user->originalIP,
+            'sourceUserAgent' => request()->userAgent(),
+        ]);
+    }
+}

app/Observers/ApplicationObserver.php

@@ -3,6 +3,7 @@
 namespace App\Observers;
 
 use App\Application;
+use Illuminate\Support\Facades\Log;
 
 class ApplicationObserver
 {

app/Policies/BanPolicy.php

@@ -39,17 +39,18 @@ class BanPolicy
      * Determine whether the user can create models.
      *
      * @param \App\User $user
+     * @param User $targetUser
      * @return mixed
      */
-    public function create(User $user)
+    public function create(User $user, User $targetUser)
     {
         Log::debug("Authorization check started", [
             'requiredRoles' => 'admin',
-            'currentRoles' => $user->roles(),
             'hasRequiredRole' => $user->hasRole('admin'),
+            'targetUser' => $targetUser->username,
             'isCurrentUser' => Auth::user()->is($user)
         ]);
-        return $user->hasRole('admin') && Auth::user()->isNot($user);
+        return $user->hasRole('admin') && $user->isNot($targetUser);
     }
 
     /**

app/Providers/AppServiceProvider.php

@@ -2,6 +2,8 @@
 
 namespace App\Providers;
 
+use App\Application;
+use App\Observers\ApplicationObserver;
 use App\Observers\UserObserver;
 use App\User;
 use Illuminate\Support\Facades\Schema;
@@ -32,7 +34,9 @@ class AppServiceProvider extends ServiceProvider
         ]);
 
         Schema::defaultStringLength(191);
+
         User::observe(UserObserver::class);
+        Application::observe(ApplicationObserver::class);
 
         $this->app['request']->server->set('HTTPS', $this->app->environment() != 'local');
     }

app/Providers/EventServiceProvider.php

@@ -2,7 +2,11 @@
 
 namespace App\Providers;
 
+use App\Listeners\LogAuthenticationFailure;
+use App\Listeners\LogAuthenticationSuccess;
 use App\Listeners\OnUserRegistration;
+use Illuminate\Auth\Events\Failed;
+use Illuminate\Auth\Events\Login;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
@@ -20,6 +24,12 @@ class EventServiceProvider extends ServiceProvider
             SendEmailVerificationNotification::class,
             OnUserRegistration::class
         ],
+        Failed::class => [
+            LogAuthenticationFailure::class
+        ],
+        Login::class => [
+            LogAuthenticationSuccess::class
+        ],
         'App\Events\ApplicationApprovedEvent' => [
             'App\Listeners\PromoteUser'
         ],