* Some Modifications (c) 2015 Dylan Seidt . * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ namespace Pterodactyl\Repositories; use DB; use Auth; use Hash; use Settings; use Validator; use Pterodactyl\Models; use Pterodactyl\Services\UuidService; use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayValidationException; class UserRepository { /** * Creates a user on the panel. Returns the created user's ID. * * @param array $data * @return \Pterodactyl\Models\User * * @throws \Pterodactyl\Exceptions\DisplayValidationException */ public function create(array $data) { $validator = Validator::make($data, [ 'email' => 'required|email|unique:users,email', 'username' => 'required|string|between:1,255|unique:users,username|' . Models\User::USERNAME_RULES, 'name_first' => 'required|string|between:1,255', 'name_last' => 'required|string|between:1,255', 'password' => 'sometimes|nullable|' . Models\User::PASSWORD_RULES, 'root_admin' => 'required|boolean', 'custom_id' => 'sometimes|nullable|unique:users,id', ]); // Run validator, throw catchable and displayable exception if it fails. // Exception includes a JSON result of failed validation rules. if ($validator->fails()) { throw new DisplayValidationException(json_encode($validator->errors())); } DB::beginTransaction(); try { $user = new Models\User; $uuid = new UuidService; // Support for API Services if (isset($data['custom_id']) && ! is_null($data['custom_id'])) { $user->id = $token; } // UUIDs are not mass-fillable. $user->uuid = $uuid->generate('users', 'uuid'); $user->fill([ 'email' => $data['email'], 'username' => $data['username'], 'name_first' => $data['name_first'], 'name_last' => $data['name_last'], 'password' => (empty($data['password'])) ? 'unset' : Hash::make($data['password']), 'root_admin' => $data['root_admin'], 'language' => Settings::get('default_language', 'en'), ]); $user->save(); DB::commit(); return $user; } catch (\Exception $ex) { DB::rollBack(); throw $ex; } } /** * Updates a user on the panel. * * @param int $id * @param array $data * @return \Pterodactyl\Models\User * * @throws \Pterodactyl\Exceptions\DisplayValidationException */ public function update($id, array $data) { $user = Models\User::findOrFail($id); $validator = Validator::make($data, [ 'email' => 'sometimes|required|email|unique:users,email,' . $id, 'username' => 'sometimes|required|string|between:1,255|unique:users,username,' . $user->id . '|' . Models\User::USERNAME_RULES, 'name_first' => 'sometimes|required|string|between:1,255', 'name_last' => 'sometimes|required|string|between:1,255', 'password' => 'sometimes|nullable|' . Models\User::PASSWORD_RULES, 'root_admin' => 'sometimes|required|boolean', 'language' => 'sometimes|required|string|min:1|max:5', 'use_totp' => 'sometimes|required|boolean', 'totp_secret' => 'sometimes|required|size:16', ]); // Run validator, throw catchable and displayable exception if it fails. // Exception includes a JSON result of failed validation rules. if ($validator->fails()) { throw new DisplayValidationException(json_encode($validator->errors())); } // The password and root_admin fields are not mass assignable. if (! empty($data['password'])) { $data['password'] = Hash::make($data['password']); } else { unset($data['password']); } $user->fill($data)->save(); return $user; } /** * Deletes a user on the panel. * * @param int $id * @return void * @todo Move user self-deletion checking to the controller, rather than the repository. * * @throws \Pterodactyl\Exceptions\DisplayException */ public function delete($id) { $user = Models\User::findOrFail($id); if (Models\Server::where('owner_id', $id)->count() > 0) { throw new DisplayException('Cannot delete a user with active servers attached to thier account.'); } if (! is_null(Auth::user()) && (int) Auth::user()->id === (int) $id) { throw new DisplayException('Cannot delete your own account.'); } DB::beginTransaction(); try { foreach (Models\Subuser::with('permissions')->where('user_id', $id)->get() as &$subuser) { foreach ($subuser->permissions as &$permission) { $permission->delete(); } $subuser->delete(); } $user->delete(); DB::commit(); } catch (\Exception $ex) { DB::rollBack(); throw $ex; } } }