Rhino/WebAPP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stand: SMTP-Test, Admin-Mail-Tab, Notifiable-Fix, Lazy-Quill

Browse Source 
- Fix: Notifiable-Trait zum User-Model hinzugefuegt (behebt notify()-500er)
- Installer: SMTP-Verbindungstest mit EsmtpTransport + Ueberspringen-Link
- Admin: Neuer E-Mail-Tab mit SMTP-Konfiguration + Verbindungstest
- Admin: Lazy Quill-Initialisierung (nur sichtbare Locale wird geladen)
- Uebersetzungen: 17 neue Mail-Keys in allen 6 Sprachen

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Rhino
2026-03-02 07:30:37 +01:00
commit 2e24a40d68
9633 changed files with 1300799 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
app/Http/Controllers/Auth/ForgotPasswordController.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Password;
use Illuminate\View\View;
class ForgotPasswordController extends Controller
{
public function showForm(): View
{
return view('auth.forgot-password');
}
public function sendResetLink(Request $request): RedirectResponse
{
$request->validate([
'email' => ['required', 'email'],
]);
// Deaktivierte Benutzer: keinen Reset-Link senden, aber generische Meldung zurückgeben (V01)
$user = User::where('email', $request->email)->first();
if ($user && !$user->is_active) {
return back()->with('status', __('passwords.sent'));
}
try {
$status = Password::sendResetLink(
$request->only('email')
);
if ($status === Password::RESET_LINK_SENT) {
ActivityLog::log('password_reset_requested', __('admin.log_password_reset_requested'));
}
} catch (\Exception $e) {
Log::error('Password reset mail failed', ['error' => $e->getMessage()]);
// Pruefen ob Mail ueberhaupt konfiguriert ist
$mailer = config('mail.default');
if ($mailer === 'smtp') {
$hint = 'SMTP-Zugangsdaten in der .env-Datei pruefen (MAIL_HOST, MAIL_PORT, MAIL_USERNAME, MAIL_PASSWORD).';
} elseif ($mailer === 'log') {
$hint = 'MAIL_MAILER=log — E-Mails werden nur ins Log geschrieben, nicht versendet. Fuer echten Versand SMTP konfigurieren.';
} else {
$hint = 'Mail-Konfiguration pruefen (MAIL_MAILER=' . $mailer . ').';
}
return back()->withErrors([
'email' => 'E-Mail konnte nicht gesendet werden: ' . $e->getMessage() . ' — ' . $hint,
]);
}
// Immer dieselbe Erfolgsmeldung zurueckgeben (Email-Enumeration verhindern)
return back()->with('status', __('passwords.sent'));
}
}

84
app/Http/Controllers/Auth/LoginController.php Executable file
View File

@@ -0,0 +1,84 @@
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
public function showForm()
{
return view('auth.login');
}
public function login(Request $request)
{
// Honeypot — Bots füllen versteckte Felder aus
if ($request->filled('website')) {
ActivityLog::log('bot_blocked', 'Bot blocked on login (honeypot triggered)');
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('auth_ui.login_failed')]);
}
$credentials = $request->validate([
'email' => ['required', 'email'],
'password' => ['required'],
]);
// Deaktivierte Benutzer dürfen sich nicht einloggen (V01)
$user = User::where('email', $request->email)->first();
if ($user && !$user->is_active) {
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('auth_ui.login_failed')]);
}
if (!Auth::attempt($credentials, $request->boolean('remember'))) {
$maskedEmail = $this->maskEmail($request->email);
ActivityLog::log('login_failed', __('admin.log_login_failed', ['email' => $maskedEmail]));
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('auth_ui.login_failed')]);
}
$request->session()->regenerate();
$request->user()->last_login_at = now();
$request->user()->save();
ActivityLog::log('login', __('admin.log_login', ['name' => $request->user()->name]), 'User', $request->user()->id);
return redirect()->intended(route('dashboard'));
}
public function logout(Request $request)
{
ActivityLog::log('logout', __('admin.log_logout', ['name' => $request->user()->name]), 'User', $request->user()->id);
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect()->route('login');
}
private function maskEmail(string $email): string
{
$parts = explode('@', $email, 2);
if (count($parts) !== 2) {
return '***';
}
$local = $parts[0];
$masked = mb_substr($local, 0, 2) . str_repeat('*', max(mb_strlen($local) - 2, 2));
return $masked . '@' . $parts[1];
}
}

71
app/Http/Controllers/Auth/RegisterController.php Executable file
View File

@@ -0,0 +1,71 @@
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\Invitation;
use App\Services\InvitationService;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\Rules\Password;
use Illuminate\View\View;
class RegisterController extends Controller
{
public function __construct(private InvitationService $invitationService) {}
public function showForm(string $token): View|RedirectResponse
{
$invitation = Invitation::with('players.team')->where('token', hash('sha256', $token))->first();
if (!$invitation || !$invitation->isValid()) {
return redirect()->route('login')
->with('error', __('auth_ui.invalid_invitation'));
}
return view('auth.register', compact('invitation'));
}
public function register(Request $request, string $token): RedirectResponse
{
$invitation = Invitation::with('players')->where('token', hash('sha256', $token))->first();
if (!$invitation || !$invitation->isValid()) {
return redirect()->route('login')
->with('error', __('auth_ui.invalid_invitation'));
}
// Honeypot — Bots füllen versteckte Felder aus
if ($request->filled('website')) {
return redirect()->route('login');
}
// E-Mail-Normalisierung vor Validierung (V17)
$request->merge(['email' => strtolower(trim($request->input('email')))]);
$validated = $request->validate([
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'email', 'max:255', 'unique:users,email'],
'password' => ['required', 'string', Password::min(8)->letters()->numbers(), 'confirmed'],
]);
// E-Mail muss mit Einladung übereinstimmen (falls eingeschränkt)
if ($invitation->email && strtolower($validated['email']) !== strtolower($invitation->email)) {
return back()->withInput()->withErrors([
'email' => __('auth_ui.email_must_match_invitation', ['email' => $invitation->email]),
]);
}
$user = $this->invitationService->redeemInvitation($invitation, $validated);
Auth::login($user);
$request->session()->regenerate();
ActivityLog::log('registered', __('admin.log_registered', ['name' => $user->name]), 'User', $user->id);
return redirect()->route('dashboard')
->with('success', __('auth_ui.welcome'));
}
}

63
app/Http/Controllers/Auth/ResetPasswordController.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\User;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Validation\Rules\Password as PasswordRule;
use Illuminate\View\View;
class ResetPasswordController extends Controller
{
public function showResetForm(Request $request, string $token): View
{
return view('auth.reset-password', [
'token' => $token,
'email' => $request->query('email', ''),
]);
}
public function reset(Request $request): RedirectResponse
{
$request->validate([
'token' => ['required'],
'email' => ['required', 'email'],
'password' => ['required', 'confirmed', PasswordRule::min(8)->letters()->numbers()],
]);
$status = Password::reset(
$request->only('email', 'password', 'password_confirmation', 'token'),
function (User $user, string $password) {
$user->forceFill([
'password' => $password,
'remember_token' => Str::random(60),
])->save();
event(new PasswordReset($user));
ActivityLog::log(
'password_changed',
__('admin.log_password_changed_self', ['name' => $user->name]),
'User',
$user->id
);
}
);
if ($status === Password::PASSWORD_RESET) {
return redirect()->route('login')
->with('status', __($status));
}
// Generische Fehlermeldung — verhindert Email-Enumeration (T03)
return back()
->withInput($request->only('email'))
->withErrors(['email' => __('passwords.token')]);
}
}