From 5538b40b77401ebf6389a3a3a04ad85a88d711d6 Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Mon, 15 May 2023 12:44:04 -0400
Subject: [PATCH] feat: user password resets

---
 includes/Helpers/AbilityHelper.php |  4 ++++
 public/theme/bulma/css/paste.css   |  8 ++++++++
 public/user.php                    | 16 ++++++++++++++++
 theme/bulma/user_profile.php       | 19 +++++++++++++++++--
 4 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/includes/Helpers/AbilityHelper.php b/includes/Helpers/AbilityHelper.php
index 167c11f..c45c5df 100644
--- a/includes/Helpers/AbilityHelper.php
+++ b/includes/Helpers/AbilityHelper.php
@@ -53,6 +53,10 @@ class AbilityHelper {
                 return $user !== null
                     && $user->id === $subject->id; // Users can edit their own profiles
             },
+            'administrate' => function(User | null $user, User $subject) {
+                return $user !== null
+                    && $user->role >= User::ROLE_ADMIN; // Admins can edit all users
+            }
         ];
     }
 }
diff --git a/public/theme/bulma/css/paste.css b/public/theme/bulma/css/paste.css
index eb71967..b9e5c19 100644
--- a/public/theme/bulma/css/paste.css
+++ b/public/theme/bulma/css/paste.css
@@ -274,3 +274,11 @@ code {
 .content .purpletext {
     color: #9f14ae;
 }
+
+.flex {
+    display: flex;
+}
+
+.flex--space-between {
+    justify-content: space-between;
+}
\ No newline at end of file
diff --git a/public/user.php b/public/user.php
index 4137f7e..cb57569 100644
--- a/public/user.php
+++ b/public/user.php
@@ -26,6 +26,22 @@ if (!$profile_info) {
     goto Render;
 }
 
+$can_administrate = can('administrate', $profile_info);
+
+if ($can_administrate) {
+    if (isset($_POST['reset_password'])) {
+        if (!verifyCsrfToken()) {
+            flashError('Invalid CSRF token (do you have cookies enabled?)');
+        } else {
+            $new_password = pp_random_password();
+            $profile_info->password = pp_password_hash($new_password);
+            $profile_info->save();
+
+            flashSuccess('Password reset to ' . $new_password);
+        }
+    }
+}
+
 $p_title = $profile_username . "'s Public Pastes";
 
 // There has to be a way to do the sum in SQL rather than PHP, but I can't figure out ho to do it in Eloquent.
diff --git a/theme/bulma/user_profile.php b/theme/bulma/user_profile.php
index 7ec2088..29fda0c 100644
--- a/theme/bulma/user_profile.php
+++ b/theme/bulma/user_profile.php
@@ -37,8 +37,23 @@
     <div class="bd-main-container container">
         <div class="bd-duo">
             <div class="bd-lead">
-                <h1 class="title is-5"><?= pp_html_escape($profile_username) ?>'s Pastes</h1>
-                <h1 class="subtitle is-6">joined: <?= $profile_join_date ?></h1>
+                <div class="flex flex--space-between">
+                    <div>
+                        <h1 class="title is-5"><?= pp_html_escape($profile_username) ?>'s Pastes</h1>
+                        <h1 class="subtitle is-6">Joined: <?= $profile_join_date ?></h1>
+                    </div>
+
+                    <?php if ($can_administrate): ?>
+                        <div>
+                            <p>Admin Actions:</p>
+                            <form method="post">
+                                <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
+                                <button class="button is-small is-success" type="submit" name="reset_password">Reset Password</button>
+                            </form>
+                        </div>
+                    <?php endif; ?>
+                </div>
+
                 <!-- Badges system -->
                 <div class="box">
                     <h2 class="title is-5">Badges</h2>