diff --git a/app/Http/Controllers/Appeal/PublicAppealController.php b/app/Http/Controllers/Appeal/PublicAppealController.php index ddc4e1ad..03bf286a 100644 --- a/app/Http/Controllers/Appeal/PublicAppealController.php +++ b/app/Http/Controllers/Appeal/PublicAppealController.php @@ -20,6 +20,19 @@ class PublicAppealController extends Controller { + public static function checkValidUser($username, $wiki) { + + $api = MediaWikiRepository::getApiForTarget($wiki); + $services = $api->getAddWikiServices(); + + $user = $services->newUserGetter()->getFromUsername($username); + if($user->getId() > 0) { + return True; + } else { + return False; + } + } + public function store(Request $request) { $ua = $request->userAgent(); @@ -38,6 +51,9 @@ public function store(Request $request) 'hiddenip' => 'nullable|ip' ]); + // back compat, at least for now + $data['wiki'] = Wiki::where('id', $data['wiki_id'])->firstOrFail()->database_name; + //If blocktype == 0 and appealfor not IP/range if ($data['blocktype']==0 && !(IPUtils::isIp($data['appealfor']) || IPUtils::isIpRange($data['appealfor']))) { return Redirect::back()->withErrors(['msg'=>'That is not a valid IP address, please try again.'])->withInput(); @@ -47,6 +63,10 @@ public function store(Request $request) return Redirect::back()->withErrors(['msg'=>'You need to enter a username, not an IP address, please try again.'])->withInput(); } + if (($data['blocktype']==2 || $data['blocktype']==1) && !self::checkValidUser($data['appealfor'],$data['wiki'])) { + return Redirect::back()->withErrors(['msg'=>'You need to enter a valid username, please try again.'])->withInput(); + } + if ($data['blocktype']==2 && (!isset($data['hiddenip'])||$data['hiddenip']===NULL)) { return Redirect::back()->withErrors(['msg'=>'No underlying IP address provided, please try again.'])->withInput(); @@ -60,8 +80,7 @@ public function store(Request $request) - // back compat, at least for now - $data['wiki'] = Wiki::where('id', $data['wiki_id'])->firstOrFail()->database_name; + $key = hash('sha512', $ip . $ua . $lang . (microtime() . rand())); $data['appealsecretkey'] = $key; diff --git a/app/Http/Controllers/AppealController.php b/app/Http/Controllers/AppealController.php index dd16d1e3..4a5e6e9f 100644 --- a/app/Http/Controllers/AppealController.php +++ b/app/Http/Controllers/AppealController.php @@ -227,8 +227,14 @@ public function comment(Request $request, Appeal $appeal) return redirect()->route('appeal.view', $appeal); } - public function respond(Request $request, Appeal $appeal, Template $template) + public function respond(Request $request, Appeal $appeal, Template $template=NULL) { + if(!$template) { + $respondText = $request->input('custom'); + } + else { + $respondText = $template->template; + } $this->authorize('update', $appeal); $user = $request->user(); @@ -263,89 +269,60 @@ public function respond(Request $request, Appeal $appeal, Template $template) 'model_id' => $appeal->id, 'model_type' => Appeal::class, 'action' => 'responded', - 'reason' => $template->template, + 'reason' => $respondText, 'ip' => $ip, 'ua' => $ua . " " . $lang, 'protected' => LogEntry::LOG_PROTECTION_NONE, ]); - if ($appeal->user_verified==1) { + if ($appeal->user_verified==1 && !in_array($appeal->status, Appeal::APPEAL_CLOSED)) { $title = 'UTRS appeal response'; $baseURL = route('home'); $message = <<id, has be reviewed and the following message was left for you: - $template->template + $respondText Please reply by going to the following link and entering your appealkey: $baseURL In case you forgot your appealkey, it is: $appeal->appealsecretkey Thanks, - the UTRS team + $user->username EOF; $result = MediaWikiRepository::getApiForTarget($appeal->wiki)->getMediaWikiExtras()->sendEmail($appeal->getWikiEmailUsername(), $title, $message); } - return redirect()->route('appeal.view', $appeal); - } - - public function respondCustomSubmit(Request $request, Appeal $appeal) - { - $this->authorize('update', $appeal); - $user = $request->user(); - - abort_unless($appeal->handlingadmin === $user->id, 403, 'You are not the handling administrator.'); - - $status = $request->validate([ - 'status' => ['nullable', new PermittedStatusChange($appeal)], - ])['status']; - - $ua = $request->userAgent(); - $ip = $request->ip(); - $lang = $request->header('Accept-Language'); - - if ($status && $status !== $appeal->status) { - $appeal->update([ - 'status' => $status, - ]); - - LogEntry::create([ - 'user_id' => $user->id, - 'model_id' => $appeal->id, - 'model_type' => Appeal::class, - 'action' => 'set status as ' . $status, - 'ip' => $ip, - 'ua' => $ua . ' ' . $lang, - 'protected' => LogEntry::LOG_PROTECTION_NONE, - ]); - } - - LogEntry::create([ - 'user_id' => $user->id, - 'model_id' => $appeal->id, - 'model_type' => Appeal::class, - 'action' => 'responded', - 'reason' => $request->input('custom'), - 'ip' => $ip, - 'ua' => $ua . " " . $lang, - 'protected' => LogEntry::LOG_PROTECTION_NONE, - ]); - - if ($appeal->user_verified==1) { + elseif ($appeal->user_verified==1) { $title = 'UTRS appeal response'; $baseURL = route('home'); + switch (variable) { + case Appeal::STATUS_ACCEPT: + $textStatus = "has been accepted"; + break; + case Appeal::STATUS_DECLINE: + $textStatus = "has been declined"; + break; + case Appeal::STATUS_EXPIRE: + $textStatus = "has expired"; + break; + default: + $textStatus = "has been reviewed"; + break; + } + $message = <<id, has be reviewed and the following message was left for you: + Your appeal, #$appeal->id, $textStatus and the following message was left for you: - $request->input('custom') + $respondText - Please reply by going to the following link and entering your appealkey: $baseURL + Your appeal is now closed. You will need to take time to consider the reply from the administrator. Should you wish to file a new appeal, you will need to wait a few days to do so, to ensure that you have thought about the administrator's reply. + You can still view it by going to the following link and entering your appealkey: $baseURL In case you forgot your appealkey, it is: $appeal->appealsecretkey Thanks, - the UTRS team + $user->username EOF; $result = MediaWikiRepository::getApiForTarget($appeal->wiki)->getMediaWikiExtras()->sendEmail($appeal->getWikiEmailUsername(), $title, $message); } diff --git a/app/Jobs/Scheduled/PostGlobalIPBEReqJob.php b/app/Jobs/Scheduled/PostGlobalIPBEReqJob.php index 906ab75f..62f78f1f 100644 --- a/app/Jobs/Scheduled/PostGlobalIPBEReqJob.php +++ b/app/Jobs/Scheduled/PostGlobalIPBEReqJob.php @@ -83,18 +83,7 @@ public function createContents(Collection $appeals) continue; } - $currentAppeal->handlingAdmin = 3823; $currentAppeal->save(); - LogEntry::create([ - 'user_id' => 3823, - 'model_id' => $appeal->id, - 'model_type' => Appeal::class, - 'reason' => NULL, - 'action' => "reserve", - 'ip' => "127.0.0.1", - 'ua' => "DB/Laravel/SRGP Script", - 'protected' => LogEntry::LOG_PROTECTION_NONE, - ]); LogEntry::create([ 'user_id' => 3823, 'model_id' => $appeal->id, diff --git a/app/Models/Appeal.php b/app/Models/Appeal.php index bb5e1c45..2efb22d1 100644 --- a/app/Models/Appeal.php +++ b/app/Models/Appeal.php @@ -20,6 +20,12 @@ class Appeal extends Model self::STATUS_EXPIRE => self::STATUS_EXPIRE, ]; + const APPEAL_CLOSED = [ + self::STATUS_ACCEPT => self::STATUS_ACCEPT, + self::STATUS_DECLINE => self::STATUS_DECLINE, + self::STATUS_EXPIRE => self::STATUS_EXPIRE, + ]; + const REGULAR_NO_VIEW_STATUS = [ self::STATUS_INVALID, self::STATUS_NOTFOUND, diff --git a/routes/web.php b/routes/web.php index 36ba6e93..dd7a800c 100644 --- a/routes/web.php +++ b/routes/web.php @@ -64,7 +64,7 @@ Route::post('/appeal/template/{appeal}/{template}', 'AppealController@respond')->name('appeal.template.submit'); Route::get('/appeal/custom/{appeal}', 'AppealController@respondCustom')->name('appeal.customresponse'); - Route::post('/appeal/custom/{appeal}', 'AppealController@respondCustomSubmit')->name('appeal.customresponse.submit'); + Route::post('/appeal/custom/{appeal}', 'AppealController@respond')->name('appeal.customresponse.submit'); Route::get('/publicappeal', 'Appeal\PublicAppealController@redirectLegacy'); diff --git a/tests/Feature/Appeal/AppealCreateBanTest.php b/tests/Feature/Appeal/AppealCreateBanTest.php index 54e48764..965934cc 100644 --- a/tests/Feature/Appeal/AppealCreateBanTest.php +++ b/tests/Feature/Appeal/AppealCreateBanTest.php @@ -25,7 +25,7 @@ public function test_can_create_appeal_when_not_banned() $response = $this->post('/public/appeal/store', [ 'test_do_not_actually_save_anything' => true, 'appealtext' => 'Example appeal test', - 'appealfor' => 'Not banned user', + 'appealfor' => 'DeltaQuad', 'wiki_id' => $wikiId, 'blocktype' => 1, ]); @@ -40,7 +40,7 @@ public function test_cant_create_appeal_when_account_is_banned() Ban::factory()->create([ 'is_active' => true, - 'target' => 'Banned user 1', + 'target' => 'DeltaQuad', 'reason' => 'Lorem ipsum text', 'wiki_id' => $wikiId, ]); @@ -48,7 +48,7 @@ public function test_cant_create_appeal_when_account_is_banned() $response = $this->post('/public/appeal/store', [ 'test_do_not_actually_save_anything' => true, 'appealtext' => 'Example appeal test', - 'appealfor' => 'Banned user 1', + 'appealfor' => 'DeltaQuad', 'wiki_id' => $wikiId, 'blocktype' => 1, ]); @@ -80,7 +80,7 @@ public function test_cant_create_appeal_when_current_ip_is_banned() $response = $this->post('/public/appeal/store', [ 'test_do_not_actually_save_anything' => true, 'appealtext' => 'Example appeal test', - 'appealfor' => 'Not banned user', + 'appealfor' => 'DeltaQuad', 'wiki_id' => $wikiId, 'blocktype' => 1, ]); @@ -112,7 +112,7 @@ public function test_cant_create_appeal_when_current_ip_range_is_banned() $response = $this->post('/public/appeal/store', [ 'test_do_not_actually_save_anything' => true, 'appealtext' => 'Example appeal test', - 'appealfor' => 'Not banned user', + 'appealfor' => 'DeltaQuad', 'wiki_id' => $wikiId, 'blocktype' => 1, ]);