From 488513f5396ff1b4b2f00b0cc8be8e90c70e18a8 Mon Sep 17 00:00:00 2001
From: dogukanoksuz <me@dogukan.dev>
Date: Tue, 10 Oct 2023 11:24:41 +0000
Subject: [PATCH] fix: User and password operations

---
 app/Http/Controllers/API/AuthController.php     | 17 ++++++++++++++++-
 .../Controllers/API/Settings/UserController.php |  4 +++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
index 71528442..5ab92b3f 100644
--- a/app/Http/Controllers/API/AuthController.php
+++ b/app/Http/Controllers/API/AuthController.php
@@ -140,6 +140,14 @@ public function forceChangePassword(Request $request)
         $validator = Validator::make($request->all(), [
             'email' => 'required|email',
             'password' => 'required|string',
+            'new_password' => [
+                'string',
+                'min:10',
+                'max:32',
+                'regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[\!\[\]\(\)\{\}\#\?\%\&\*\+\,\-\.\/\:\;\<\=\>\@\^\_\`\~]).{10,}$/',
+            ],
+        ], [
+            'new_password.regex' => 'Yeni parolanız en az 10 karakter uzunluğunda olmalı ve en az 1 sayı, özel karakter ve büyük harf içermelidir.',
         ]);
 
         if ($validator->fails()) {
@@ -151,6 +159,11 @@ public function forceChangePassword(Request $request)
             return response()->json(['message' => 'Kullanıcı adı veya şifreniz yanlış.'], 401);
         }
 
+        // If new_password is same as password return error
+        if (Hash::check($request->new_password, auth('api')->user()->password)) {
+            return response()->json(['message' => 'Yeni şifreniz eski şifreniz ile aynı olamaz.'], 405);
+        }
+
         $user = auth('api')->user();
         $user->forceChange = false;
         $user->password = bcrypt($request->new_password);
@@ -421,13 +434,15 @@ protected function createNewToken($token, Request $request = null)
             'expired_at' => (auth('api')->factory()->getTTL() * 60 + time()) * 1000,
             'user' => [
                 ...User::find(auth('api')->user()->id)->toArray(),
+                'last_login_at' => Carbon::now()->toDateTimeString(),
+                'last_login_ip' => $request->ip(),
                 'permissions' => [
                     'server_details' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_details'),
                     'server_services' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'server_services'),
                     'add_server' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'add_server'),
                     'update_server' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'update_server'),
                     'view_logs' => Permission::can(auth('api')->user()->id, 'liman', 'id', 'view_logs'),
-                ]
+                ],
             ],
         ]);
     }
diff --git a/app/Http/Controllers/API/Settings/UserController.php b/app/Http/Controllers/API/Settings/UserController.php
index 5fa5070a..90c967aa 100644
--- a/app/Http/Controllers/API/Settings/UserController.php
+++ b/app/Http/Controllers/API/Settings/UserController.php
@@ -5,6 +5,7 @@
 use App\Http\Controllers\Controller;
 use App\Models\AuditLog;
 use App\Models\AuthLog;
+use App\Models\Notification;
 use App\Models\Permission;
 use App\Models\RoleUser;
 use App\User;
@@ -90,7 +91,8 @@ public function delete(Request $request)
         RoleUser::where('user_id', $request->user_id)->delete();
 
         // Delete User
-        $user = User::where('id', $request->user_id)->delete();
+        $user = User::where('id', $request->user_id)->first();
+        $user->delete();
 
         AuditLog::write(
             'user',