Changeset View
Changeset View
Standalone View
Standalone View
src/app/Observers/UserObserver.php
| Show First 20 Lines • Show All 228 Lines • ▼ Show 20 Lines | public function updated(User $user) | ||||
| ->where('entitleable_id', '!=', $user->id) | ->where('entitleable_id', '!=', $user->id) | ||||
| ->where('entitleable_type', User::class) | ->where('entitleable_type', User::class) | ||||
| ->pluck('entitleable_id') | ->pluck('entitleable_id') | ||||
| ->unique() | ->unique() | ||||
| ->each(function ($user_id) { | ->each(function ($user_id) { | ||||
| \App\Jobs\User\UpdateJob::dispatch($user_id); | \App\Jobs\User\UpdateJob::dispatch($user_id); | ||||
| }); | }); | ||||
| } | } | ||||
| // Save the old password in the password history | |||||
| $oldPassword = $user->getOriginal('password'); | |||||
| if ($oldPassword && $user->password != $oldPassword) { | |||||
| self::saveOldPassword($user, $oldPassword); | |||||
| } | |||||
| } | } | ||||
| /** | /** | ||||
| * Remove entitleables/transactions related to the user (in user's wallets) | * Remove entitleables/transactions related to the user (in user's wallets) | ||||
| * | * | ||||
| * @param \App\User $user The user | * @param \App\User $user The user | ||||
| * @param bool $force Force-delete mode | * @param bool $force Force-delete mode | ||||
| */ | */ | ||||
| Show All 30 Lines | private static function removeRelatedObjects(User $user, $force = false): void | ||||
| // regardless of force delete, we're always purging whitelists... just in case | // regardless of force delete, we're always purging whitelists... just in case | ||||
| \App\Policy\RateLimitWhitelist::where( | \App\Policy\RateLimitWhitelist::where( | ||||
| [ | [ | ||||
| 'whitelistable_id' => $user->id, | 'whitelistable_id' => $user->id, | ||||
| 'whitelistable_type' => User::class | 'whitelistable_type' => User::class | ||||
| ] | ] | ||||
| )->delete(); | )->delete(); | ||||
| } | } | ||||
| /** | |||||
| * Store the old password in user password history. Make sure | |||||
| * we do not store more passwords than we need in the history. | |||||
| * | |||||
| * @param \App\User $user The user | |||||
| * @param string $password The old password | |||||
| */ | |||||
| private static function saveOldPassword(User $user, string $password): void | |||||
| { | |||||
| // Note: All this is kinda heavy and complicated because we don't want to store | |||||
| // more old passwords than we need. However, except the complication/performance, | |||||
| // there's one issue with it. E.g. the policy changes from 2 to 4, and we already | |||||
| // removed the old passwords that were excessive before, but not now. | |||||
| // Get the account password policy | |||||
| $policy = new \App\Rules\Password($user->walletOwner()); | |||||
| $rules = $policy->rules(); | |||||
| // Password history disabled? | |||||
| if (empty($rules['last']) || $rules['last']['param'] < 2) { | |||||
| return; | |||||
| } | |||||
| // Store the old password | |||||
| $user->passwords()->create(['password' => $password]); | |||||
| // Remove passwords that we don't need anymore | |||||
| $limit = $rules['last']['param'] - 1; | |||||
| $ids = $user->passwords()->latest()->limit($limit)->pluck('id')->all(); | |||||
| if (count($ids) >= $limit) { | |||||
mollekopf: I would make this a >= just to be safe (even if we technically *shouldn't* ever get there). | |||||
| $user->passwords()->where('id', '<', $ids[count($ids) - 1])->delete(); | |||||
| } | |||||
| } | |||||
| } | } | ||||
I would make this a >= just to be safe (even if we technically *shouldn't* ever get there).