Change triggering to events and listeners

Author: sicaboy

README.md

@@ -17,28 +17,36 @@ This package can be used to enhance the user security of Laravel projects.
 
 ## Installation
 
-[PHP](https://php.net) 5.5+ or [HHVM](http://hhvm.com) 3.3+, and [Composer](https://getcomposer.org) are required.
+Requirements:
+- [PHP](https://php.net) 5.5+ 
+- [Composer](https://getcomposer.org)
 
-To get the latest version of Laravel Security, simply add the following line to the require block of your `composer.json` file.
+To get the latest version of Laravel Security, simply run:
 
 ```
 composer require sicaboy/laravel-security
+```
+
+Then do vendor publish:
 
+```
 php artisan vendor:publish --provider="Sicaboy\LaravelSecurity\LaravelSecurityServiceProvider"
 ```
 
-- If you're on Laravel 5.5 or above, that's all you need to do! Check out the usage examples below.
 - If you're on Laravel < 5.5, you'll need to register the service provider. Open up `config/app.php` and add the following to the `providers` array:
 
 ```php
-Siaboy\LaravelSecurity\LaravelSecurityServiceProvider::class
+Siaboy\LaravelSecurity\LaravelSecurityServiceProvider::class,
+Siaboy\LaravelSecurity\Providers\EventSecurityServiceProvider::class,
 ```
 
+# Validators
+
 ## Available Rules
 
-- [NotCommonPassword](src/Rules/NotCommonPassword.php)
+- [NotCommonPassword](src/Rules/NotCommonPassword.php) - Avoid user to use a common used password
 
-- [NotAUsedPassword](src/Rules/NotAUsedPassword.php)
+- [NotAUsedPassword](src/Rules/NotAUsedPassword.php) - Avoid user to use a password which has been used before
 
 
 ## Usage
@@ -61,17 +69,29 @@ public function rules()
             //...
             new \Sicaboy\LaravelSecurity\Rules\NotCommonPassword(),
             new \Sicaboy\LaravelSecurity\Rules\NotAUsedPassword(),
-            // or only check used password for a specific user:
+            // or only check used password for a specific user (e.g. on user password change):
             // new \Sicaboy\LaravelSecurity\Rules\NotAUsedPassword($userId),
-            // Also you need to call handler function mentioned in the next section
+            // Also you need to call event, examples in the next section
         ],
     ];
 }
 ```
 
-## Additional method you need to call when you use NotAUsedPassword 
+## Event you need to call 
+
+There are events you should add to coresponding methods. 
+
+- If you use `NotAUsedPassword` validator, you need to call the following events:
+
+```php
+// Call on user regration
+event(new \Sicaboy\LaravelSecurity\Events\UserRegistered($user, $newPlainPassword));
+
+// Call on user password change
+event(new \Sicaboy\LaravelSecurity\Events\UserPasswordChanged($user, $newPlainPassword));
+```
 
-You need to call `NotAUsedPasswordHandler::lodgePassword` when the user is created and changes the password. If you use `NotAUsedPassword` validator.
+Example:
 
 ```php
     protected function create(array $data)
@@ -81,8 +101,8 @@ You need to call `NotAUsedPasswordHandler::lodgePassword` when the user is creat
             'email' => $data['email'],
             'password' => Hash::make($data['password']),
         ]);
-        
-        \Sicaboy\LaravelSecurity\Handlers\NotAUsedPasswordHandler::lodgePassword($user->id, $data['password']);
+                
+        event(new \Sicaboy\LaravelSecurity\Events\UserRegistered($user, $data['password']));
 
         return $user;
     }

composer.json

@@ -44,7 +44,8 @@
         },
         "laravel": {
             "providers": [
-                "Sicaboy\\LaravelSecurity\\LaravelSecurityServiceProvider"
+                "Sicaboy\\LaravelSecurity\\LaravelSecurityServiceProvider",
+                "Sicaboy\\LaravelSecurity\\Providers\\EventServiceProvider"
             ]
         }
     }

config/laravel-security.php

@@ -46,7 +46,7 @@
 
     'database' => [
         'connection' => '',
-        'user_security_table' => 'user_security',
+        'user_security_table' => 'user_extend_security',
         'password_history_table' => 'password_history',
         'password_history_model' => Sicaboy\LaravelSecurity\Model\PasswordHistory::class,
         'user_model' => 'App\User',

routes/web.php

@@ -0,0 +1,12 @@
+<?php
+
+use Illuminate\Http\Middleware\CheckResponseForModifications;
+use Illuminate\Support\Facades\Route;
+
+// Scripts & Styles...
+//Route::get('/scripts/{script}', 'ScriptController@show')->middleware(CheckResponseForModifications::class);
+//Route::get('/styles/{style}', 'StyleController@show')->middleware(CheckResponseForModifications::class);
+
+Route::get('/mfa', function() {return 'hihihi';})->name('mfa');
+Route::post('/mfa', function() {return 'hihihi';});
+Route::post('/d', function() {return 'hihihi';});

src/Events/UserLoggedIn.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Sicaboy\LaravelSecurity\Events;
+
+use Illuminate\Broadcasting\Channel;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Broadcasting\PresenceChannel;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+
+class UserLoggedIn
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    /**
+     * Create a new event instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Get the channels the event should broadcast on.
+     *
+     * @return \Illuminate\Broadcasting\Channel|array
+     */
+    public function broadcastOn()
+    {
+        return new PrivateChannel('channel-name');
+    }
+}

src/Events/UserPasswordChanged.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace Sicaboy\LaravelSecurity\Events;
+
+use Illuminate\Broadcasting\Channel;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Broadcasting\PrivateChannel;
+use Illuminate\Broadcasting\PresenceChannel;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
+
+class UserPasswordChanged
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public $user;
+    public $plainPassword;
+
+    /**
+     * Create a new event instance.
+     *
+     * @return void
+     */
+    public function __construct($user, $plainPassword)
+    {
+        $this->user = $user;
+        $this->plainPassword = $plainPassword;
+    }
+
+    /**
+     * Get the channels the event should broadcast on.
+     *
+     * @return \Illuminate\Broadcasting\Channel|array
+     */
+    /*public function broadcastOn()
+    {
+        return new PrivateChannel('channel-name');
+    }*/
+}

src/Events/UserRegistered.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace Sicaboy\LaravelSecurity\Events;
+
+class UserRegistered extends UserPasswordChanged
+{
+}

src/Handlers/NotAUsedPasswordHandler.php

@@ -11,8 +11,10 @@
 
 namespace Sicaboy\LaravelSecurity;
 
+use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Facades\Cache;
+use Sicaboy\LaravelSecurity\Providers\EventServiceProvider;
 use Validator;
 
 class LaravelSecurityServiceProvider extends ServiceProvider
@@ -23,7 +25,23 @@ class LaravelSecurityServiceProvider extends ServiceProvider
      */
     public function boot()
     {
+        $this->app->register(EventServiceProvider::class);
+
+        $this->loadViewsFrom(__DIR__.'/../resources/views', 'laravel-security');
+
+        $this->loadTranslationsFrom(__DIR__.'/../resources/lang/', 'laravel-security');
+
+        $this->loadMigrationsFrom(__DIR__.'/../database/migrations');
+        
+        $this->commands([
+//                FooCommand::class,
+//                BarCommand::class,
+        ]);
+
+        $this->registerRoutes();
+
         $this->registerPublishing();
+
     }
 
 
@@ -37,13 +55,40 @@ protected function registerPublishing()
         if ($this->app->runningInConsole()) {
             $this->publishes([
                 __DIR__.'/../config' => config_path(),
-                __DIR__.'/../database/migrations' => database_path('migrations'),
+//                __DIR__.'/../database/migrations' => database_path('migrations'),
                 __DIR__.'/../resources/lang' => resource_path('lang'),
-                __DIR__.'/../resources/views' => resource_path('views/laravel-security')
+                __DIR__.'/../resources/views' => resource_path('views/vendor/laravel-security'),
             ], 'laravel-security');
-
-            $this->loadTranslationsFrom(__DIR__.'/../resources/lang/', 'security');
         }
     }
 
+
+    /**
+     * Register the package routes.
+     *
+     * @return void
+     */
+    protected function registerRoutes()
+    {
+        Route::group($this->routeConfiguration(), function () {
+//            $this->loadRoutesFrom(__DIR__.'/../routes/api.php');
+            $this->loadRoutesFrom(__DIR__.'/../routes/web.php');
+        });
+    }
+
+    /**
+     * Get the Nova route group configuration array.
+     *
+     * @return array
+     */
+    protected function routeConfiguration()
+    {
+        return [
+            'namespace' => 'Sicaboy\LaravelSecurity\Http\Controllers',
+            'prefix' => 'security',
+            'as' => 'security.',
+            'middleware' => 'web',
+        ];
+    }
+
 }

src/LaravelSecurityServiceProvider.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Sicaboy\LaravelSecurity\Listeners;
+
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Contracts\Queue\ShouldQueue;
+
+class InsertUsedPassword
+{
+    /**
+     * Create the event listener.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Handle the event.
+     *
+     * @param  object  $event
+     * @return void
+     */
+    public function handle($event)
+    {
+        $userId = $event->user->id;
+        $password = $event->plainPassword;
+        $modelClassName = config('laravel-security.database.password_history_model');
+        return $modelClassName::create([
+            'user_id' => $userId,
+            'password' => bcrypt($password)
+        ]);
+    }
+}