2022-09-20 21:59:52 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Models;
|
|
|
|
|
|
|
|
|
|
use App\Models\Forms\Form;
|
|
|
|
|
use App\Notifications\ResetPassword;
|
|
|
|
|
use App\Notifications\VerifyEmail;
|
|
|
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
|
|
|
use Illuminate\Foundation\Auth\User as Authenticatable;
|
|
|
|
|
use Illuminate\Notifications\Notifiable;
|
|
|
|
|
use Laravel\Cashier\Billable;
|
2024-08-12 11:14:02 +02:00
|
|
|
use Laravel\Sanctum\HasApiTokens;
|
2022-09-20 21:59:52 +02:00
|
|
|
use Tymon\JWTAuth\Contracts\JWTSubject;
|
2023-11-01 16:58:10 +01:00
|
|
|
|
2023-10-12 12:06:03 +02:00
|
|
|
class User extends Authenticatable implements JWTSubject
|
2022-09-20 21:59:52 +02:00
|
|
|
{
|
2024-02-23 11:54:12 +01:00
|
|
|
use Billable;
|
|
|
|
|
use HasFactory;
|
|
|
|
|
use Notifiable;
|
2024-08-12 11:14:02 +02:00
|
|
|
use HasApiTokens;
|
2022-09-20 21:59:52 +02:00
|
|
|
|
2024-07-04 17:21:36 +02:00
|
|
|
public const ROLE_ADMIN = 'admin';
|
|
|
|
|
public const ROLE_USER = 'user';
|
2024-12-30 14:35:23 +01:00
|
|
|
public const ROLE_READONLY = 'readonly';
|
|
|
|
|
|
|
|
|
|
public const ROLES = [
|
|
|
|
|
self::ROLE_ADMIN,
|
|
|
|
|
self::ROLE_USER,
|
|
|
|
|
self::ROLE_READONLY,
|
|
|
|
|
];
|
2024-07-04 17:21:36 +02:00
|
|
|
|
2022-09-20 21:59:52 +02:00
|
|
|
/**
|
|
|
|
|
* The attributes that are mass assignable.
|
|
|
|
|
*
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
protected $fillable = [
|
|
|
|
|
'name',
|
|
|
|
|
'email',
|
|
|
|
|
'password',
|
2024-02-23 11:54:12 +01:00
|
|
|
'hear_about_us',
|
2024-09-18 18:50:04 +02:00
|
|
|
'utm_data',
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
'meta'
|
2022-09-20 21:59:52 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The attributes that should be hidden for arrays.
|
|
|
|
|
*
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
protected $hidden = [
|
|
|
|
|
'password',
|
|
|
|
|
'remember_token',
|
2024-02-23 11:54:12 +01:00
|
|
|
'hear_about_us',
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
'meta'
|
2022-09-20 21:59:52 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The attributes that should be cast to native types.
|
|
|
|
|
*
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
2024-06-10 16:10:14 +02:00
|
|
|
protected function casts()
|
|
|
|
|
{
|
|
|
|
|
return [
|
|
|
|
|
'email_verified_at' => 'datetime',
|
2024-09-18 18:50:04 +02:00
|
|
|
'utm_data' => 'array',
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
'meta' => 'array',
|
2024-06-10 16:10:14 +02:00
|
|
|
];
|
|
|
|
|
}
|
2022-09-20 21:59:52 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The accessors to append to the model's array form.
|
|
|
|
|
*
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
protected $appends = [
|
|
|
|
|
'photo_url',
|
|
|
|
|
];
|
|
|
|
|
|
2023-11-28 11:23:04 +01:00
|
|
|
public function ownsForm(Form $form)
|
|
|
|
|
{
|
2024-02-23 11:54:12 +01:00
|
|
|
return $this->workspaces()->where('workspaces.id', $form->workspace_id)->exists();
|
2023-12-03 15:02:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function ownsWorkspace(Workspace $workspace)
|
|
|
|
|
{
|
2024-02-23 11:54:12 +01:00
|
|
|
return $this->workspaces()->where('workspaces.id', $workspace->id)->exists();
|
2023-11-28 11:23:04 +01:00
|
|
|
}
|
2023-12-02 14:51:08 +01:00
|
|
|
|
2022-09-20 21:59:52 +02:00
|
|
|
/**
|
|
|
|
|
* Get the profile photo URL attribute.
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function getPhotoUrlAttribute()
|
|
|
|
|
{
|
|
|
|
|
return vsprintf('https://www.gravatar.com/avatar/%s.jpg?s=200&d=%s', [
|
|
|
|
|
md5(strtolower($this->email)),
|
2024-07-04 17:21:36 +02:00
|
|
|
$this->name ? urlencode("https://ui-avatars.com/api/$this->name.jpg") : 'mp',
|
2022-09-20 21:59:52 +02:00
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getHasFormsAttribute()
|
|
|
|
|
{
|
|
|
|
|
return $this->workspaces()->whereHas('forms')->exists();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getIsSubscribedAttribute()
|
|
|
|
|
{
|
2023-11-01 16:58:10 +01:00
|
|
|
return $this->subscribed()
|
|
|
|
|
|| in_array($this->email, config('opnform.extra_pro_users_emails'))
|
2024-06-10 16:10:14 +02:00
|
|
|
|| !is_null($this->activeLicense());
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getHasCustomerIdAttribute()
|
|
|
|
|
{
|
2024-06-10 16:10:14 +02:00
|
|
|
return !is_null($this->stripe_id);
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getAdminAttribute()
|
|
|
|
|
{
|
2023-10-12 12:06:03 +02:00
|
|
|
return in_array($this->email, config('opnform.admin_emails'));
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
2024-01-19 14:27:04 +01:00
|
|
|
public function getModeratorAttribute()
|
|
|
|
|
{
|
|
|
|
|
return in_array($this->email, config('opnform.moderator_emails')) || $this->admin;
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-16 13:12:48 +01:00
|
|
|
public function getTemplateEditorAttribute()
|
|
|
|
|
{
|
2023-10-12 12:06:03 +02:00
|
|
|
return $this->admin || in_array($this->email, config('opnform.template_editor_emails'));
|
2022-11-16 13:12:48 +01:00
|
|
|
}
|
|
|
|
|
|
2022-09-20 21:59:52 +02:00
|
|
|
/**
|
|
|
|
|
* =================================
|
|
|
|
|
* Helper Related
|
|
|
|
|
* =================================
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Send the password reset notification.
|
|
|
|
|
*
|
2024-02-23 11:54:12 +01:00
|
|
|
* @param string $token
|
2022-09-20 21:59:52 +02:00
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function sendPasswordResetNotification($token)
|
|
|
|
|
{
|
|
|
|
|
$this->notify(new ResetPassword($token));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Send the email verification notification.
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function sendEmailVerificationNotification()
|
|
|
|
|
{
|
2024-02-23 11:54:12 +01:00
|
|
|
$this->notify(new VerifyEmail());
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* =================================
|
|
|
|
|
* Relationship
|
|
|
|
|
* =================================
|
|
|
|
|
*/
|
|
|
|
|
public function workspaces()
|
|
|
|
|
{
|
|
|
|
|
return $this->belongsToMany(Workspace::class);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function forms()
|
|
|
|
|
{
|
2023-11-01 16:58:10 +01:00
|
|
|
return $this->hasMany(Form::class, 'creator_id');
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-13 12:11:03 +02:00
|
|
|
public function formTemplates()
|
|
|
|
|
{
|
|
|
|
|
return $this->hasMany(Template::class, 'creator_id');
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-01 16:58:10 +01:00
|
|
|
public function licenses()
|
|
|
|
|
{
|
|
|
|
|
return $this->hasMany(License::class);
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-01 18:14:01 +01:00
|
|
|
public function activeLicense(): ?License
|
2023-11-01 16:58:10 +01:00
|
|
|
{
|
|
|
|
|
return $this->licenses()->active()->first();
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-20 21:59:52 +02:00
|
|
|
/**
|
|
|
|
|
* =================================
|
|
|
|
|
* Oauth Related
|
|
|
|
|
* =================================
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the oauth providers.
|
|
|
|
|
*
|
|
|
|
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
|
|
|
|
*/
|
|
|
|
|
public function oauthProviders()
|
|
|
|
|
{
|
|
|
|
|
return $this->hasMany(OAuthProvider::class);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return int
|
|
|
|
|
*/
|
|
|
|
|
public function getJWTIdentifier()
|
|
|
|
|
{
|
|
|
|
|
return $this->getKey();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public function getJWTCustomClaims()
|
|
|
|
|
{
|
2024-01-09 10:43:07 +01:00
|
|
|
return [
|
|
|
|
|
'ip' => \Hash::make(request()->ip()),
|
|
|
|
|
'ua' => \Hash::make(request()->userAgent()),
|
|
|
|
|
];
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-30 09:58:29 +02:00
|
|
|
public function getIsRiskyAttribute()
|
|
|
|
|
{
|
|
|
|
|
return $this->created_at->isAfter(now()->subDays(3)) || // created in last 3 days
|
|
|
|
|
$this->subscriptions()->where(function ($q) {
|
|
|
|
|
$q->where('stripe_status', 'trialing')
|
|
|
|
|
->orWhere('stripe_status', 'active');
|
|
|
|
|
})->first()?->onTrial();
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-03 15:02:48 +01:00
|
|
|
public function flushCache()
|
|
|
|
|
{
|
|
|
|
|
$this->workspaces()->with('forms')->get()->each(function (Workspace $workspace) {
|
|
|
|
|
$workspace->flush();
|
|
|
|
|
$workspace->forms->each(function (Form $form) {
|
|
|
|
|
$form->flush();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-01 16:58:10 +01:00
|
|
|
public static function boot()
|
2022-09-20 21:59:52 +02:00
|
|
|
{
|
|
|
|
|
parent::boot();
|
2023-11-01 16:58:10 +01:00
|
|
|
static::deleting(function (User $user) {
|
2022-09-20 21:59:52 +02:00
|
|
|
// Remove user's workspace if he's the only one with this workspace
|
|
|
|
|
foreach ($user->workspaces as $workspace) {
|
|
|
|
|
if ($workspace->users()->count() == 1) {
|
|
|
|
|
$workspace->delete();
|
2024-07-04 17:21:36 +02:00
|
|
|
} else {
|
|
|
|
|
$workspace->users()->detach($user->id);
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
}
|
2023-11-01 16:58:10 +01:00
|
|
|
});
|
2022-09-20 21:59:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function scopeWithActiveSubscription($query)
|
|
|
|
|
{
|
2023-11-01 16:58:10 +01:00
|
|
|
return $query->whereHas('subscriptions', function ($query) {
|
|
|
|
|
$query->where(function ($q) {
|
|
|
|
|
$q->where('stripe_status', 'trialing')
|
|
|
|
|
->orWhere('stripe_status', 'active');
|
|
|
|
|
});
|
2022-09-20 21:59:52 +02:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
