merge 1

Signed-off-by: miguel456 <me@nogueira.codes>

app/Http/Controllers/Auth/DiscordController.php

@@ -0,0 +1,101 @@
+<?php
+
+/*
+ * Copyright © 2020 Miguel Nogueira
+ *
+ *   This file is part of Raspberry Staff Manager.
+ *
+ *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU General Public License as published by
+ *     the Free Software Foundation, either version 3 of the License, or
+ *     (at your option) any later version.
+ *
+ *     Raspberry Staff Manager is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU General Public License for more details.
+ *
+ *     You should have received a copy of the GNU General Public License
+ *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Http\Controllers\Auth;
+
+use App\Facades\Discord;
+use App\Facades\Options;
+use App\Http\Controllers\Controller;
+use App\User;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Str;
+use Laravel\Socialite\Facades\Socialite;
+use Laravel\Socialite\Two\InvalidStateException;
+
+class DiscordController extends Controller
+{
+
+
+    public function discordRedirect() {
+        return Socialite::driver('discord')
+            ->scopes(['email', 'guilds.join', 'guilds.members.read', 'guilds'])
+            ->redirect();
+    }
+
+    public function discordCallback() {
+
+        try {
+
+            $discordUser = Socialite::driver('discord')->user();
+
+        } catch (InvalidStateException $stateException) {
+            Log::warning('Invalid state for social authentication: ', [
+                'message' => $stateException->getMessage(),
+                'ua' => request()->userAgent(),
+                'ip' => request()->ip()
+            ]);
+            return redirect(route('discordRedirect'));
+        }
+
+        $appUser = User::where('email', $discordUser->getEmail())->first();
+
+        if ($appUser) {
+
+            $appUser->discord_token = $discordUser->token;
+            $appUser->discord_refresh_token = $discordUser->refreshToken;
+            $appUser->discord_user_id = $discordUser->getId();
+            $appUser->discord_pfp = $discordUser->getAvatar();
+            $appUser->save();
+
+            Auth::login($appUser, true);
+
+        } else {
+
+            $oAuthUser = User::create([
+                'uuid' => null,
+                'name' => $discordUser->getName(),
+                'email' => $discordUser->getEmail(),
+                'email_verified_at' => now(), // verify the account since it came from a trusted provider
+                'username' => $discordUser->getNickname(),
+                'currentIp' => \request()->ip(),
+                'registrationIp' => request()->ip(),
+                'discord_user_id' => $discordUser->getId(),
+                'discord_pfp' => $discordUser->getAvatar(),
+                'discord_token' => $discordUser->token,
+                'discord_refresh_token' => $discordUser->refreshToken
+            ]);
+
+            $oAuthUser->assignRole('user');
+
+            Auth::login($oAuthUser, true);
+        }
+
+        if (session()->has('discordApplicationRedirectedSlug')) {
+            return redirect(route('renderApplicationForm', ['vacancySlug' => session()->pull('discordApplicationRedirectedSlug')]));
+        }
+
+        return redirect()
+            ->route('dashboard');
+    }
+
+}

app/Http/Controllers/Auth/LoginController.php

@@ -26,8 +26,11 @@ use App\Services\AccountSuspensionService;
 use App\User;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Crypt;
 use Illuminate\Support\Facades\Log;
 use App\Facades\IP;
+use Illuminate\Support\Str;
 use Laravel\Socialite\Facades\Socialite;
 
 class LoginController extends Controller
@@ -76,6 +79,14 @@ class LoginController extends Controller
             $isLocked = $service->isLocked($user);
 
             if ($isBanned || $isLocked) {
+
+                Log::alert('Restricted user attempting to login.', [
+                    'ip' => $request->ip(),
+                    'email' => $user->email,
+                    'isBanned' => $isBanned,
+                    'isLocked' => $isLocked
+                ]);
+
                 return false;
             } else {
                 return $this->originalAttemptLogin($request);
@@ -94,17 +105,11 @@ class LoginController extends Controller
                     'prev' => $user->originalIP,
                     'new' => $request->ip()
                 ]);
-                $user->originalIP = $request->ip();
+                $user->currentIp = $request->ip();
                 $user->save();
             }
         }
     }
 
-    public function discordRedirect() {
-        return Socialite::driver('discord')->redirect();
-    }
 
-    public function discordCallback() {
-        // TODO;
-    }
 }

app/Http/Controllers/Auth/RegisterController.php

@@ -23,11 +23,13 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use App\Profile;
+use App\Services\AccountSuspensionService;
 use App\User;
 use App\Facades\Options;
 use App\Facades\IP;
 use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Validator;
 
 class RegisterController extends Controller
@@ -62,19 +64,6 @@ class RegisterController extends Controller
         $this->middleware('guest');
     }
 
-    public function showRegistrationForm()
-    {
-        $users = User::where('originalIP', \request()->ip())->get();
-
-        foreach ($users as $user) {
-            if ($user && $user->isBanned()) {
-                abort(403, 'You do not have permission to access this page.');
-            }
-        }
-
-        return view('auth.register');
-    }
-
     /**
      * Get a validator for an incoming registration request.
      *
@@ -106,9 +95,14 @@ class RegisterController extends Controller
             'uuid' => (Options::getOption('requireGameLicense') && Options::getOption('currentGame') == 'MINECRAFT') ? ['required', 'string', 'unique:users', 'min:32', 'max:32'] : ['nullable', 'string'],
             'name' => ['required', 'string', 'max:255'],
             'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
+            'dob' => ['required', 'string', 'date_format:Y-m-d', 'before:-13 years'],
+            'acceptTerms' => ['required', 'accepted'],
             'password' => $password,
         ], [
-            'uuid.required' => 'Please enter a valid (and Premium) Minecraft username! We do not support cracked users.',
+            'dob.before' => __('You must be 13 years of age or older in order to sign up for an account.'),
+            'dob.required' => __('Please enter your date of birth.'),
+            'uuid.required' => __('Please enter a valid (and Premium) Minecraft username! We do not support cracked users.'),
+            'acceptTerms.required' => __('Please accept the Community Guidelines, Terms of Service and Privacy Policy to continue.')
         ]);
     }
 
@@ -120,12 +114,16 @@ class RegisterController extends Controller
      */
     protected function create(array $data)
     {
+        $ip = IP::shouldCollect() ? request()->ip() : '0.0.0.0';
+
         $user = User::create([
             'uuid' => $data['uuid'] ?? "disabled",
             'name' => $data['name'],
             'email' => $data['email'],
             'password' => Hash::make($data['password']),
-            'originalIP' => IP::shouldCollect() ? request()->ip() : '0.0.0.0',
+            'registrationIp' => $ip,
+            'currentIp' => $ip,
+            'dob' => $data['dob']
         ]);
 
         $user->assignRole('user');