BookStack/app/Access/UserTokenService.php

<?php

namespace BookStack\Access;

use BookStack\Exceptions\UserTokenExpiredException;
use BookStack\Exceptions\UserTokenNotFoundException;
use BookStack\Users\Models\User;
use Carbon\Carbon;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
use stdClass;

class UserTokenService
{
    /**
     * Name of table where user tokens are stored.
     */
    protected string $tokenTable = 'user_tokens';

    /**
     * Token expiry time in hours.
     */
    protected int $expiryTime = 24;

    /**
     * Delete all tokens that belong to a user.
     */
    public function deleteByUser(User $user): void
    {
        DB::table($this->tokenTable)
            ->where('user_id', '=', $user->id)
            ->delete();
    }

    /**
     * Get the user id from a token, while checking the token exists and has not expired.
     *
     * @throws UserTokenNotFoundException
     * @throws UserTokenExpiredException
     */
    public function checkTokenAndGetUserId(string $token): int
    {
        $entry = $this->getEntryByToken($token);

        if (is_null($entry)) {
            throw new UserTokenNotFoundException('Token "' . $token . '" not found');
        }

        if ($this->entryExpired($entry)) {
            throw new UserTokenExpiredException("Token of id {$entry->id} has expired.", $entry->user_id);
        }

        return $entry->user_id;
    }

    /**
     * Creates a unique token within the email confirmation database.
     */
    protected function generateToken(): string
    {
        $token = Str::random(24);
        while ($this->tokenExists($token)) {
            $token = Str::random(25);
        }

        return $token;
    }

    /**
     * Generate and store a token for the given user.
     */
    protected function createTokenForUser(User $user): string
    {
        $token = $this->generateToken();
        DB::table($this->tokenTable)->insert([
            'user_id'    => $user->id,
            'token'      => $token,
            'created_at' => Carbon::now(),
            'updated_at' => Carbon::now(),
        ]);

        return $token;
    }

    /**
     * Check if the given token exists.
     */
    protected function tokenExists(string $token): bool
    {
        return DB::table($this->tokenTable)
            ->where('token', '=', $token)->exists();
    }

    /**
     * Get a token entry for the given token.
     */
    protected function getEntryByToken(string $token): ?stdClass
    {
        return DB::table($this->tokenTable)
            ->where('token', '=', $token)
            ->first();
    }

    /**
     * Check if the given token entry has expired.
     */
    protected function entryExpired(stdClass $tokenEntry): bool
    {
        return Carbon::now()->subHours($this->expiryTime)
            ->gt(new Carbon($tokenEntry->created_at));
    }
}
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`<?php`

Played around with a new app structure 2023-05-17 16:56:55 +00:00			`namespace BookStack\Access;`
Start user invite system 2019-08-17 14:52:33 +00:00
			`use BookStack\Exceptions\UserTokenExpiredException;`
			`use BookStack\Exceptions\UserTokenNotFoundException;`
Played around with a new app structure 2023-05-17 16:56:55 +00:00			`use BookStack\Users\Models\User;`
Start user invite system 2019-08-17 14:52:33 +00:00			`use Carbon\Carbon;`
Swapped injected db instance with facade Injected db instance was causing the DB connection to be made a lot earlier than desired or required. Swapped to a facade for now but ideally this extension of services needs to be cleaned up with a better approach in general. 2021-08-31 20:50:23 +00:00			`use Illuminate\Support\Facades\DB;`
Updated to Laravel 5.8 2019-09-13 22:58:40 +00:00			`use Illuminate\Support\Str;`
Start user invite system 2019-08-17 14:52:33 +00:00			`use stdClass;`

			`class UserTokenService`
			`{`
			`/**`
			`* Name of table where user tokens are stored.`
			`*/`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`protected string $tokenTable = 'user_tokens';`
Start user invite system 2019-08-17 14:52:33 +00:00
			`/**`
			`* Token expiry time in hours.`
			`*/`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`protected int $expiryTime = 24;`
Start user invite system 2019-08-17 14:52:33 +00:00
			`/**`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`* Delete all tokens that belong to a user.`
Start user invite system 2019-08-17 14:52:33 +00:00			`*/`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`public function deleteByUser(User $user): void`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`DB::table($this->tokenTable)`
Start user invite system 2019-08-17 14:52:33 +00:00			`->where('user_id', '=', $user->id)`
			`->delete();`
			`}`

			`/**`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`* Get the user id from a token, while checking the token exists and has not expired.`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`*`
Start user invite system 2019-08-17 14:52:33 +00:00			`* @throws UserTokenNotFoundException`
			`* @throws UserTokenExpiredException`
			`*/`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`public function checkTokenAndGetUserId(string $token): int`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
			`$entry = $this->getEntryByToken($token);`

			`if (is_null($entry)) {`
			`throw new UserTokenNotFoundException('Token "' . $token . '" not found');`
			`}`

			`if ($this->entryExpired($entry)) {`
Covered new invite system with testing Closes #316 2019-08-18 12:55:28 +00:00			`throw new UserTokenExpiredException("Token of id {$entry->id} has expired.", $entry->user_id);`
Start user invite system 2019-08-17 14:52:33 +00:00			`}`

			`return $entry->user_id;`
			`}`

			`/**`
			`* Creates a unique token within the email confirmation database.`
			`*/`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`protected function generateToken(): string`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
Updated to Laravel 5.8 2019-09-13 22:58:40 +00:00			`$token = Str::random(24);`
Start user invite system 2019-08-17 14:52:33 +00:00			`while ($this->tokenExists($token)) {`
Updated to Laravel 5.8 2019-09-13 22:58:40 +00:00			`$token = Str::random(25);`
Start user invite system 2019-08-17 14:52:33 +00:00			`}`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Start user invite system 2019-08-17 14:52:33 +00:00			`return $token;`
			`}`

			`/**`
			`* Generate and store a token for the given user.`
			`*/`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`protected function createTokenForUser(User $user): string`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
			`$token = $this->generateToken();`
Swapped injected db instance with facade Injected db instance was causing the DB connection to be made a lot earlier than desired or required. Swapped to a facade for now but ideally this extension of services needs to be cleaned up with a better approach in general. 2021-08-31 20:50:23 +00:00			`DB::table($this->tokenTable)->insert([`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`'user_id' => $user->id,`
			`'token' => $token,`
Start user invite system 2019-08-17 14:52:33 +00:00			`'created_at' => Carbon::now(),`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`'updated_at' => Carbon::now(),`
Start user invite system 2019-08-17 14:52:33 +00:00			`]);`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Start user invite system 2019-08-17 14:52:33 +00:00			`return $token;`
			`}`

			`/**`
			`* Check if the given token exists.`
			`*/`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`protected function tokenExists(string $token): bool`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
Swapped injected db instance with facade Injected db instance was causing the DB connection to be made a lot earlier than desired or required. Swapped to a facade for now but ideally this extension of services needs to be cleaned up with a better approach in general. 2021-08-31 20:50:23 +00:00			`return DB::table($this->tokenTable)`
Start user invite system 2019-08-17 14:52:33 +00:00			`->where('token', '=', $token)->exists();`
			`}`

			`/**`
			`* Get a token entry for the given token.`
			`*/`
Cleaned up old token services 2023-04-04 09:44:38 +00:00			`protected function getEntryByToken(string $token): ?stdClass`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
Swapped injected db instance with facade Injected db instance was causing the DB connection to be made a lot earlier than desired or required. Swapped to a facade for now but ideally this extension of services needs to be cleaned up with a better approach in general. 2021-08-31 20:50:23 +00:00			`return DB::table($this->tokenTable)`
Start user invite system 2019-08-17 14:52:33 +00:00			`->where('token', '=', $token)`
			`->first();`
			`}`

			`/**`
			`* Check if the given token entry has expired.`
			`*/`
Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00			`protected function entryExpired(stdClass $tokenEntry): bool`
Start user invite system 2019-08-17 14:52:33 +00:00			`{`
			`return Carbon::now()->subHours($this->expiryTime)`
			`->gt(new Carbon($tokenEntry->created_at));`
			`}`
Ran phpcbf and updated helpers typehinting 2019-09-15 17:29:51 +00:00			`}`