Commit c63a0776 authored by Yassine Doghri's avatar Yassine Doghri
Browse files

feat(users): add myth-auth to handle users crud + add admin gateway only accessible by login

- overwrite myth/auth config with castopod app needs
- create custom views for users authentication
- add admin area bootstrapped by admin controller
- shift podcast and episodes crud to admin area
- reorganize view layouts
- update docs for database migration
- add myth-auth to DEPENDENCIES.md

closes #11
parent da0f0472
......@@ -13,3 +13,4 @@ Castopod uses the following components:
- [GeoIP2 PHP API](https://github.com/maxmind/GeoIP2-php) ([Apache License 2.0](https://github.com/maxmind/GeoIP2-php/blob/master/LICENSE))
- [Quill Rich Text Editor](https://github.com/quilljs/quill) ([BSD 3-Clause "New" or "Revised" License](https://github.com/quilljs/quill/blob/develop/LICENSE))
- [getID3](https://github.com/JamesHeinrich/getID3) ([GNU General Public License v3](https://github.com/JamesHeinrich/getID3/blob/2.0/licenses/license.gpl-30.txt))
- [myth-auth](https://github.com/lonnieezell/myth-auth) ([MIT license](https://github.com/lonnieezell/myth-auth/blob/develop/LICENSE.md))
......@@ -274,4 +274,20 @@ class App extends BaseConfig
| Defines the root folder for media files storage
*/
public $mediaRoot = 'media';
/*
|--------------------------------------------------------------------------
| Admin gateway
|--------------------------------------------------------------------------
| Defines a base route for all admin pages
*/
public $adminGateway = 'admin';
/*
|--------------------------------------------------------------------------
| Auth gateway
|--------------------------------------------------------------------------
| Defines a base route for all authentication related pages
*/
public $authGateway = 'auth';
}
<?php
namespace Config;
class Auth extends \Myth\Auth\Config\Auth
{
//--------------------------------------------------------------------
// Views used by Auth Controllers
//--------------------------------------------------------------------
public $views = [
'login' => 'auth/login',
'register' => 'auth/register',
'forgot' => 'auth/forgot',
'reset' => 'auth/reset',
'emailForgot' => 'auth/emails/forgot',
'emailActivation' => 'auth/emails/activation',
];
//--------------------------------------------------------------------
// Layout for the views to extend
//--------------------------------------------------------------------
public $viewLayout = 'auth/_layout';
//--------------------------------------------------------------------
// Allow User Registration
//--------------------------------------------------------------------
// When enabled (default) any unregistered user may apply for a new
// account. If you disable registration you may need to ensure your
// controllers and views know not to offer registration.
//
public $allowRegistration = false;
//--------------------------------------------------------------------
// Require confirmation registration via email
//--------------------------------------------------------------------
// When enabled, every registered user will receive an email message
// with a special link he have to confirm to activate his account.
//
public $requireActivation = false;
}
......@@ -10,6 +10,9 @@ class Filters extends BaseConfig
'csrf' => \CodeIgniter\Filters\CSRF::class,
'toolbar' => \CodeIgniter\Filters\DebugToolbar::class,
'honeypot' => \CodeIgniter\Filters\Honeypot::class,
'login' => \Myth\Auth\Filters\LoginFilter::class,
'role' => \Myth\Auth\Filters\RoleFilter::class,
'permission' => \Myth\Auth\Filters\PermissionFilter::class,
];
// Always applied before every request
......@@ -33,4 +36,13 @@ class Filters extends BaseConfig
// that they should run on, like:
// 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
public $filters = [];
public function __construct()
{
parent::__construct();
$this->filters = [
'login' => ['before' => [config('App')->adminGateway . '*']],
];
}
}
......@@ -24,6 +24,7 @@ $routes->set404Override();
$routes->setAutoRoute(false);
$routes->addPlaceholder('podcastName', '[a-zA-Z0-9\_]{1,191}');
$routes->addPlaceholder('episodeSlug', '[a-zA-Z0-9\-]{1,191}');
$routes->addPlaceholder('username', '[a-zA-Z0-9 ]{3,}');
/**
* --------------------------------------------------------------------
......@@ -34,28 +35,13 @@ $routes->addPlaceholder('episodeSlug', '[a-zA-Z0-9\-]{1,191}');
// We get a performance increase by specifying the default
// route since we don't have to scan directories.
$routes->get('/', 'Home::index', ['as' => 'home']);
$routes->add('new-podcast', 'Podcast::create', ['as' => 'podcast_create']);
$routes->group('@(:podcastName)', function ($routes) {
$routes->add('/', 'Podcast::view/$1', ['as' => 'podcast_view']);
$routes->add('edit', 'Podcast::edit/$1', [
'as' => 'podcast_edit',
]);
$routes->add('delete', 'Podcast::delete/$1', [
'as' => 'podcast_delete',
]);
$routes->add('/', 'Podcast/$1', ['as' => 'podcast']);
$routes->add('feed.xml', 'Feed/$1', ['as' => 'podcast_feed']);
$routes->add('new-episode', 'Episode::create/$1', [
'as' => 'episode_create',
]);
$routes->add('episodes/(:episodeSlug)', 'Episode::view/$1/$2', [
'as' => 'episode_view',
]);
$routes->add('episodes/(:episodeSlug)/edit', 'Episode::edit/$1/$2', [
'as' => 'episode_edit',
]);
$routes->add('episodes/(:episodeSlug)/delete', 'Episode::delete/$1/$2', [
'as' => 'episode_delete',
$routes->add('episodes/(:episodeSlug)', 'Episode/$1/$2', [
'as' => 'episode',
]);
});
......@@ -68,6 +54,132 @@ $routes->add('stats/(:num)/(:num)/(:any)', 'Analytics::hit/$1/$2/$3', [
$routes->add('.well-known/unknown-useragents', 'UnknownUserAgents');
$routes->add('.well-known/unknown-useragents/(:num)', 'UnknownUserAgents/$1');
// Admin area
$routes->group(
config('App')->adminGateway,
['namespace' => 'App\Controllers\Admin'],
function ($routes) {
$routes->add('/', 'Home', [
'as' => 'admin',
]);
$routes->add('new-podcast', 'Podcast::create', [
'as' => 'podcast_create',
]);
$routes->add('podcasts', 'Podcast::list', ['as' => 'podcast_list']);
$routes->group('podcasts/@(:podcastName)', function ($routes) {
$routes->add('edit', 'Podcast::edit/$1', [
'as' => 'podcast_edit',
]);
$routes->add('delete', 'Podcast::delete/$1', [
'as' => 'podcast_delete',
]);
$routes->add('new-episode', 'Episode::create/$1', [
'as' => 'episode_create',
]);
$routes->add('episodes', 'Episode::list/$1', [
'as' => 'episode_list',
]);
$routes->add(
'episodes/(:episodeSlug)/edit',
'Episode::edit/$1/$2',
[
'as' => 'episode_edit',
]
);
$routes->add(
'episodes/(:episodeSlug)/delete',
'Episode::delete/$1/$2',
[
'as' => 'episode_delete',
]
);
});
// Users
$routes->add('users', 'User::list', ['as' => 'user_list']);
$routes->add('new-user', 'User::create', ['as' => 'user_create']);
$routes->add('users/@(:any)/ban', 'User::ban/$1', [
'as' => 'user_ban',
]);
$routes->add('users/@(:any)/unban', 'User::unBan/$1', [
'as' => 'user_unban',
]);
$routes->add(
'users/@(:any)/force-pass-reset',
'User::forcePassReset/$1',
[
'as' => 'user_force_pass_reset',
]
);
$routes->add('users/@(:any)/delete', 'User::delete/$1', [
'as' => 'user_delete',
]);
// My account
$routes->get('my-account', 'Myaccount', [
'as' => 'myAccount',
]);
$routes->get(
'my-account/change-password',
'Myaccount::changePassword/$1',
[
'as' => 'myAccount_change-password',
]
);
$routes->post(
'my-account/change-password',
'Myaccount::attemptChange/$1',
[
'as' => 'myAccount_change-password',
]
);
}
);
/**
* Overwriting Myth:auth routes file
*/
$routes->group(config('App')->authGateway, function ($routes) {
// Login/out
$routes->get('login', 'Auth::login', ['as' => 'login']);
$routes->post('login', 'Auth::attemptLogin');
$routes->get('logout', 'Auth::logout', ['as' => 'logout']);
// Registration
$routes->get('register', 'Auth::register', [
'as' => 'register',
]);
$routes->post('register', 'Auth::attemptRegister');
// Activation
$routes->get('activate-account', 'Auth::activateAccount', [
'as' => 'activate-account',
]);
$routes->get('resend-activate-account', 'Auth::resendActivateAccount', [
'as' => 'resend-activate-account',
]);
// Forgot/Resets
$routes->get('forgot', 'Auth::forgotPassword', [
'as' => 'forgot',
]);
$routes->post('forgot', 'Auth::attemptForgot');
$routes->get('reset-password', 'Auth::resetPassword', [
'as' => 'reset-password',
]);
$routes->post('reset-password', 'Auth::attemptReset');
$routes->get('change-password', 'Auth::changePassword', [
'as' => 'change_pass',
]);
$routes->post('change-password', 'Auth::attemptChange');
});
/**
* --------------------------------------------------------------------
* Additional Routing
......
......@@ -25,6 +25,7 @@ class Toolbar extends BaseConfig
\CodeIgniter\Debug\Toolbar\Collectors\Files::class,
\CodeIgniter\Debug\Toolbar\Collectors\Routes::class,
\CodeIgniter\Debug\Toolbar\Collectors\Events::class,
\Myth\Auth\Collectors\Auth::class,
];
/*
......
......@@ -17,6 +17,7 @@ class Validation
\CodeIgniter\Validation\FormatRules::class,
\CodeIgniter\Validation\FileRules::class,
\CodeIgniter\Validation\CreditCardRules::class,
\Myth\Auth\Authentication\Passwords\ValidationRules::class,
];
/**
......
<?php
namespace App\Controllers\Admin;
/**
* Class BaseController
*
* BaseController provides a convenient place for loading components
* and performing functions that are needed by all your controllers.
* Extend this class in any new controllers:
* class Home extends BaseController
*
* For security be sure to declare any new methods as protected or private.
*
* @package CodeIgniter
*/
use CodeIgniter\Controller;
class BaseController extends Controller
{
/**
* An array of helpers to be loaded automatically upon
* class instantiation. These helpers will be available
* to all other controllers that extend BaseController.
*
* @var array
*/
protected $helpers = ['auth'];
/**
* Constructor.
*/
public function initController(
\CodeIgniter\HTTP\RequestInterface $request,
\CodeIgniter\HTTP\ResponseInterface $response,
\Psr\Log\LoggerInterface $logger
) {
// Do Not Edit This Line
parent::initController($request, $response, $logger);
//--------------------------------------------------------------------
// Preload any models, libraries, etc, here.
//--------------------------------------------------------------------
// E.g.:
// $this->session = \Config\Services::session();
}
}
<?php
/**
* @copyright 2020 Podlibre
* @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
* @link https://castopod.org/
*/
namespace App\Controllers\Admin;
use App\Models\EpisodeModel;
use App\Models\PodcastModel;
class Episode extends BaseController
{
protected \App\Entities\Podcast $podcast;
protected ?\App\Entities\Episode $episode;
public function _remap($method, ...$params)
{
$podcast_model = new PodcastModel();
$this->podcast = $podcast_model->where('name', $params[0])->first();
if (count($params) > 1) {
$episode_model = new EpisodeModel();
if (
!($episode = $episode_model
->where([
'podcast_id' => $this->podcast->id,
'slug' => $params[1],
])
->first())
) {
throw \CodeIgniter\Exceptions\PageNotFoundException::forPageNotFound();
}
$this->episode = $episode;
}
return $this->$method();
}
public function list()
{
$episode_model = new EpisodeModel();
$data = [
'podcast' => $this->podcast,
'all_podcast_episodes' => $episode_model
->where('podcast_id', $this->podcast->id)
->find(),
];
return view('admin/episode/list', $data);
}
public function create()
{
helper(['form']);
if (
!$this->validate([
'enclosure' => 'uploaded[enclosure]|ext_in[enclosure,mp3,m4a]',
'image' =>
'uploaded[image]|is_image[image]|ext_in[image,jpg,png]|permit_empty',
'title' => 'required',
'slug' => 'required|regex_match[[a-zA-Z0-9\-]{1,191}]',
'description' => 'required',
'type' => 'required',
])
) {
$data = [
'podcast' => $this->podcast,
];
echo view('admin/episode/create', $data);
} else {
$new_episode = new \App\Entities\Episode([
'podcast_id' => $this->podcast->id,
'title' => $this->request->getVar('title'),
'slug' => $this->request->getVar('slug'),
'enclosure' => $this->request->getFile('enclosure'),
'pub_date' => $this->request->getVar('pub_date'),
'description' => $this->request->getVar('description'),
'image' => $this->request->getFile('image'),
'explicit' => $this->request->getVar('explicit') or false,
'number' => $this->request->getVar('episode_number'),
'season_number' => $this->request->getVar('season_number'),
'type' => $this->request->getVar('type'),
'author_name' => $this->request->getVar('author_name'),
'author_email' => $this->request->getVar('author_email'),
'block' => $this->request->getVar('block') or false,
]);
$episode_model = new EpisodeModel();
$episode_model->save($new_episode);
return redirect()->route('episode_list', [$this->podcast->name]);
}
}
public function edit()
{
helper(['form']);
if (
!$this->validate([
'enclosure' =>
'uploaded[enclosure]|ext_in[enclosure,mp3,m4a]|permit_empty',
'image' =>
'uploaded[image]|is_image[image]|ext_in[image,jpg,png]|permit_empty',
'title' => 'required',
'slug' => 'required|regex_match[[a-zA-Z0-9\-]{1,191}]',
'description' => 'required',
'type' => 'required',
])
) {
$data = [
'podcast' => $this->podcast,
'episode' => $this->episode,
];
echo view('admin/episode/edit', $data);
} else {
$this->episode->title = $this->request->getVar('title');
$this->episode->slug = $this->request->getVar('slug');
$this->episode->pub_date = $this->request->getVar('pub_date');
$this->episode->description = $this->request->getVar('description');
$this->episode->explicit =
($this->request->getVar('explicit') or false);
$this->episode->number = $this->request->getVar('episode_number');
$this->episode->season_number = $this->request->getVar(
'season_number'
)
? $this->request->getVar('season_number')
: null;
$this->episode->type = $this->request->getVar('type');
$this->episode->author_name = $this->request->getVar('author_name');
$this->episode->author_email = $this->request->getVar(
'author_email'
);
$this->episode->block = ($this->request->getVar('block') or false);
$enclosure = $this->request->getFile('enclosure');
if ($enclosure->isValid()) {
$this->episode->enclosure = $this->request->getFile(
'enclosure'
);
}
$image = $this->request->getFile('image');
if ($image) {
$this->episode->image = $this->request->getFile('image');
}
$episode_model = new EpisodeModel();
$episode_model->save($this->episode);
return redirect()->route('episode_list', [$this->podcast->name]);
}
}
public function delete()
{
$episode_model = new EpisodeModel();
$episode_model->delete($this->episode->id);
return redirect()->route('episode_list', [$this->podcast->name]);
}
}
<?php
/**
* @copyright 2020 Podlibre
* @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
* @link https://castopod.org/
*/
namespace App\Controllers\Admin;
class Home extends BaseController
{
public function index()
{
return view('admin/dashboard');
}
}
<?php
/**
* @copyright 2020 Podlibre
* @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
* @link https://castopod.org/
*/
namespace App\Controllers\Admin;
use Myth\Auth\Config\Services;
use Myth\Auth\Models\UserModel;
class Myaccount extends BaseController
{
public function index()
{
return view('admin/my_account/view');
}
public function changePassword()
{
return view('admin/my_account/change_password');
}
public function attemptChange()
{
$auth = Services::authentication();
$user_model = new UserModel();
// Validate here first, since some things,
// like the password, can only be validated properly here.
$rules = [
'email' => 'required|valid_email',
'password' => 'required',
'new_password' => 'required|strong_password',
'new_pass_confirm' => 'required|matches[new_password]',
];
if (!$this->validate($rules)) {
return redirect()
->back()
->withInput()
->with('errors', $user_model->errors());
}
$credentials = [
'email' => user()->email,
'password' => $this->request->getPost('password'),
];
if (!$auth->validate($credentials)) {
return redirect()
->back()
->withInput()
->with('errors', $user_model->errors());
}
user()->password = $this->request->getPost('new_password');
$user_model->save(user());
if (!$user_model->save(user())) {
return redirect()
->back()
->withInput()
->with('errors', $user_model->errors());
}
// Success!
return redirect()
->route('myAccount')
->with('message', lang('MyAccount.passwordChangeSuccess'));
}
}
<?php
/**
* @copyright 2020 Podlibre
* @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
* @link https://castopod.org/
*/
namespace App\Controllers\Admin;
use App\Entities\UserPodcast;
use App\Models\CategoryModel;
use App\Models\LanguageModel;
use App\Models\PodcastModel;
class Podcast extends BaseController
{
protected ?\App\Entities\Podcast $podcast;