saufi/ratemas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

admin add user, password

Browse Source
This commit is contained in:
Saufi
2026-05-26 12:02:16 +08:00
parent 6ca0bd82fd
commit 5fbededf8f
12 changed files with 531 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
app/Http/Controllers/Admin/UserController.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;
use Illuminate\View\View;
class UserController extends Controller
{
public function index(): View
{
return view('admin.users.index', [
'users' => User::orderBy('name')->get(),
]);
}
public function create(): View
{
return view('admin.users.create');
}
public function store(Request $request): RedirectResponse
{
$validated = $request->validate([
'name' => ['required', 'string', 'max:255'],
'username' => ['required', 'string', 'max:255', 'alpha_dash', Rule::unique('users', 'username')],
'email' => ['required', 'email', 'max:255', Rule::unique('users', 'email')],
'password' => ['required', 'string', 'min:8', 'confirmed'],
'role' => ['nullable', Rule::in(['user', 'admin'])],
]);
User::create([
'name' => $validated['name'],
'username' => $validated['username'],
'email' => $validated['email'],
'password' => Hash::make($validated['password']),
'role' => $validated['role'] ?? 'user',
]);
return redirect()
->route('admin.users.index')
->with('status', 'User baru berjaya ditambah.');
}
}

95
app/Http/Controllers/PasswordResetController.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
namespace App\Http\Controllers;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;
use Illuminate\View\View;
class PasswordResetController extends Controller
{
public function create(): View
{
return view('auth.forgot-password');
}
public function store(Request $request): RedirectResponse
{
$validated = $request->validate([
'email' => ['required', 'email'],
]);
$user = User::where('email', $validated['email'])->first();
if ($user) {
$token = Str::random(64);
DB::table('password_reset_tokens')->updateOrInsert([
'email' => $user->email,
], [
'token' => Hash::make($token),
'created_at' => now(),
]);
$url = route('password.reset', [
'token' => $token,
'email' => $user->email,
]);
Mail::raw("Klik pautan ini untuk reset kata laluan:\n\n{$url}\n\nPautan sah selama 60 minit.", function ($message) use ($user): void {
$message->to($user->email)
->subject('Reset Kata Laluan RateMas');
});
}
return back()->with('status', 'Jika emel wujud, pautan reset kata laluan telah dihantar.');
}
public function edit(Request $request, string $token): View
{
return view('auth.reset-password', [
'token' => $token,
'email' => $request->query('email'),
]);
}
public function update(Request $request): RedirectResponse
{
$validated = $request->validate([
'token' => ['required', 'string'],
'email' => ['required', 'email'],
'password' => ['required', 'string', 'min:8', 'confirmed'],
]);
$record = DB::table('password_reset_tokens')
->where('email', $validated['email'])
->first();
if (! $record || ! Hash::check($validated['token'], $record->token) || Carbon::parse($record->created_at)->lt(now()->subMinutes(60))) {
return back()
->withErrors(['email' => 'Token reset tidak sah atau telah tamat tempoh.'])
->withInput($request->only('email'));
}
$user = User::where('email', $validated['email'])->first();
if (! $user) {
return back()
->withErrors(['email' => 'Emel tidak dijumpai.'])
->withInput($request->only('email'));
}
$user->forceFill([
'password' => Hash::make($validated['password']),
])->save();
DB::table('password_reset_tokens')->where('email', $validated['email'])->delete();
return redirect()->route('login')->with('status', 'Password berjaya ditukar. Sila login semula.');
}
}

48
app/Http/Controllers/ProfileController.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
namespace App\Http\Controllers;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;
use Illuminate\View\View;
class ProfileController extends Controller
{
public function edit(Request $request): View
{
return view('profile.edit', [
'user' => $request->user(),
]);
}
public function updateEmail(Request $request): RedirectResponse
{
$user = $request->user();
$validated = $request->validate([
'email' => ['required', 'email', 'max:255', Rule::unique('users', 'email')->ignore($user->id)],
]);
$user->forceFill([
'email' => $validated['email'],
])->save();
return back()->with('status', 'Emel berjaya dikemaskini.');
}
public function updatePassword(Request $request): RedirectResponse
{
$validated = $request->validate([
'current_password' => ['required', 'current_password'],
'password' => ['required', 'string', 'min:8', 'confirmed'],
]);
$request->user()->forceFill([
'password' => Hash::make($validated['password']),
])->save();
return back()->with('status', 'Password berjaya dikemaskini.');
}
}

42
resources/views/admin/users/create.blade.php Normal file
View File

@@ -0,0 +1,42 @@
@extends('layouts.app')
@section('content')
<main class="page">
<h1>Tambah User</h1>
<p class="subtitle">User baru akan menjadi user biasa secara default. Pilih role admin jika perlu.</p>
@if ($errors->any())
<div class="error">{{ $errors->first() }}</div>
@endif
<form method="POST" action="{{ route('admin.users.store') }}">
@csrf
<label for="name">Nama</label>
<input id="name" type="text" name="name" value="{{ old('name') }}" required autofocus>
<label for="username">Username</label>
<input id="username" type="text" name="username" value="{{ old('username') }}" required>
<label for="email">Emel</label>
<input id="email" type="email" name="email" value="{{ old('email') }}" required>
<label for="password">Password</label>
<input id="password" type="password" name="password" required>
<label for="password_confirmation">Sahkan Password</label>
<input id="password_confirmation" type="password" name="password_confirmation" required>
<label for="role">Role</label>
<select id="role" name="role">
<option value="user" @selected(old('role', 'user') === 'user')>User biasa</option>
<option value="admin" @selected(old('role') === 'admin')>Admin</option>
</select>
<div class="actions">
<button type="submit">Tambah User</button>
<a class="button secondary" href="{{ route('admin.users.index') }}">Kembali</a>
</div>
</form>
</main>
@endsection

39
resources/views/admin/users/index.blade.php Normal file
View File

@@ -0,0 +1,39 @@
@extends('layouts.app')
@section('content')
<main class="page">
<h1>Users</h1>
<p class="subtitle">Senarai akaun pengguna sistem.</p>
@if (session('status'))
<div class="notice">{{ session('status') }}</div>
@endif
<div class="actions" style="margin-bottom: 18px;">
<a class="button" href="{{ route('admin.users.create') }}">Tambah User</a>
</div>
<div style="overflow-x: auto;">
<table class="data-table">
<thead>
<tr>
<th>Nama</th>
<th>Username</th>
<th>Emel</th>
<th>Role</th>
</tr>
</thead>
<tbody>
@foreach ($users as $user)
<tr>
<td>{{ $user->name }}</td>
<td>{{ $user->username }}</td>
<td>{{ $user->email }}</td>
<td>{{ $user->role }}</td>
</tr>
@endforeach
</tbody>
</table>
</div>
</main>
@endsection

28
resources/views/auth/forgot-password.blade.php Normal file
View File

@@ -0,0 +1,28 @@
@extends('layouts.app')
@section('content')
<main class="page">
<h1>Lupa Kata Laluan</h1>
<p class="subtitle">Masukkan emel akaun untuk menerima pautan reset kata laluan.</p>
@if (session('status'))
<div class="notice">{{ session('status') }}</div>
@endif
@if ($errors->any())
<div class="error">{{ $errors->first() }}</div>
@endif
<form method="POST" action="{{ route('password.email') }}">
@csrf
<label for="email">Emel</label>
<input id="email" type="email" name="email" value="{{ old('email') }}" required autofocus>
<div class="actions">
<button type="submit">Hantar Link Reset</button>
<a class="button secondary" href="{{ route('login') }}">Kembali Login</a>
</div>
</form>
</main>
@endsection

8
resources/views/auth/login.blade.php
View File

@@ -4,6 +4,10 @@
<main class="page"> <main class="page">
<h2>LOGIN</h2> <h2>LOGIN</h2>
@if (session('status'))
<div class="notice">{{ session('status') }}</div>
@endif
@error('username') @error('username')
<div class="error">{{ $message }}</div> <div class="error">{{ $message }}</div>
@enderror @enderror
@@ -16,5 +20,9 @@
<button type="submit">LOGIN</button> <button type="submit">LOGIN</button>
</form> </form>
<p class="subtitle" style="margin-top: 18px;">
<a href="{{ route('password.request') }}">Lupa kata laluan?</a>
</p>
</main> </main>
@endsection @endsection

31
resources/views/auth/reset-password.blade.php Normal file
View File

@@ -0,0 +1,31 @@
@extends('layouts.app')
@section('content')
<main class="page">
<h1>Reset Kata Laluan</h1>
<p class="subtitle">Masukkan password baru untuk akaun anda.</p>
@if ($errors->any())
<div class="error">{{ $errors->first() }}</div>
@endif
<form method="POST" action="{{ route('password.update') }}">
@csrf
<input type="hidden" name="token" value="{{ $token }}">
<label for="email">Emel</label>
<input id="email" type="email" name="email" value="{{ old('email', $email) }}" required autofocus>
<label for="password">Password Baru</label>
<input id="password" type="password" name="password" required>
<label for="password_confirmation">Sahkan Password Baru</label>
<input id="password_confirmation" type="password" name="password_confirmation" required>
<div class="actions">
<button type="submit">Reset Password</button>
</div>
</form>
</main>
@endsection

5
resources/views/layouts/app.blade.php
View File

@@ -27,6 +27,9 @@
.checkbox-row { display: flex; gap: 8px; align-items: center; margin-bottom: 16px; } .checkbox-row { display: flex; gap: 8px; align-items: center; margin-bottom: 16px; }
.checkbox-row input { width: auto; margin: 0; } .checkbox-row input { width: auto; margin: 0; }
.checkbox-row label { margin: 0; font-weight: 400; } .checkbox-row label { margin: 0; font-weight: 400; }
.data-table { width: 100%; border-collapse: collapse; font-size: 14px; }
.data-table th, .data-table td { text-align: left; padding: 10px 12px; border-bottom: 1px solid #d8dde3; }
.data-table th { background: #eef2f6; font-size: 13px; }
.error { color: #b00020; margin-bottom: 12px; font-size: 14px; } .error { color: #b00020; margin-bottom: 12px; font-size: 14px; }
.logout-form { margin: 0; } .logout-form { margin: 0; }
.logout-form button { background: transparent; padding: 8px 0; font-weight: 700; } .logout-form button { background: transparent; padding: 8px 0; font-weight: 700; }
@@ -45,7 +48,9 @@
@auth @auth
<div class="topbar-actions"> <div class="topbar-actions">
<a class="topbar-link" href="{{ route('tables.index') }}">Carian</a> <a class="topbar-link" href="{{ route('tables.index') }}">Carian</a>
<a class="topbar-link" href="{{ route('profile.edit') }}">Profile</a>
@if (auth()->user()->isAdmin()) @if (auth()->user()->isAdmin())
<a class="topbar-link" href="{{ route('admin.users.index') }}">Users</a>
<a class="topbar-link" href="{{ route('admin.ratemas-upload.create') }}">Upload RateMas</a> <a class="topbar-link" href="{{ route('admin.ratemas-upload.create') }}">Upload RateMas</a>
@endif @endif
<form class="logout-form" method="POST" action="{{ route('logout') }}"> <form class="logout-form" method="POST" action="{{ route('logout') }}">

49
resources/views/profile/edit.blade.php Normal file
View File

@@ -0,0 +1,49 @@
@extends('layouts.app')
@section('content')
<main class="page">
<h1>Profile</h1>
<p class="subtitle">Kemaskini emel dan password akaun.</p>
@if (session('status'))
<div class="notice">{{ session('status') }}</div>
@endif
@if ($errors->any())
<div class="error">{{ $errors->first() }}</div>
@endif
<form method="POST" action="{{ route('profile.email.update') }}">
@csrf
@method('PUT')
<label for="email">Emel</label>
<input id="email" type="email" name="email" value="{{ old('email', $user->email) }}" required>
<div class="actions">
<button type="submit">Kemaskini Emel</button>
</div>
</form>
<hr style="border: 0; border-top: 1px solid #d8dde3; margin: 28px 0;">
<form method="POST" action="{{ route('profile.password.update') }}">
@csrf
@method('PUT')
<label for="current_password">Password Semasa</label>
<input id="current_password" type="password" name="current_password" required>
<label for="password">Password Baru</label>
<input id="password" type="password" name="password" required>
<label for="password_confirmation">Sahkan Password Baru</label>
<input id="password_confirmation" type="password" name="password_confirmation" required>
<div class="actions">
<button type="submit">Tukar Password</button>
<a class="button secondary" href="{{ route('tables.index') }}">Kembali</a>
</div>
</form>
</main>
@endsection

13
routes/web.php
View File

@@ -2,12 +2,19 @@
use App\Http\Controllers\AuthController; use App\Http\Controllers\AuthController;
use App\Http\Controllers\Admin\RateMasUploadController; use App\Http\Controllers\Admin\RateMasUploadController;
use App\Http\Controllers\Admin\UserController;
use App\Http\Controllers\PasswordResetController;
use App\Http\Controllers\ProfileController;
use App\Http\Controllers\RateMasController; use App\Http\Controllers\RateMasController;
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
Route::middleware('guest')->group(function () { Route::middleware('guest')->group(function () {
Route::get('/login', [AuthController::class, 'showLogin'])->name('login'); Route::get('/login', [AuthController::class, 'showLogin'])->name('login');
Route::post('/login', [AuthController::class, 'login'])->name('login.store'); Route::post('/login', [AuthController::class, 'login'])->name('login.store');
Route::get('/forgot-password', [PasswordResetController::class, 'create'])->name('password.request');
Route::post('/forgot-password', [PasswordResetController::class, 'store'])->name('password.email');
Route::get('/reset-password/{token}', [PasswordResetController::class, 'edit'])->name('password.reset');
Route::post('/reset-password', [PasswordResetController::class, 'update'])->name('password.update');
}); });
Route::post('/logout', [AuthController::class, 'logout']) Route::post('/logout', [AuthController::class, 'logout'])
@@ -16,6 +23,9 @@ Route::post('/logout', [AuthController::class, 'logout'])
Route::middleware('auth')->group(function () { Route::middleware('auth')->group(function () {
Route::redirect('/', '/tables'); Route::redirect('/', '/tables');
Route::get('/profile', [ProfileController::class, 'edit'])->name('profile.edit');
Route::put('/profile/email', [ProfileController::class, 'updateEmail'])->name('profile.email.update');
Route::put('/profile/password', [ProfileController::class, 'updatePassword'])->name('profile.password.update');
Route::get('/tables', [RateMasController::class, 'index'])->name('tables.index'); Route::get('/tables', [RateMasController::class, 'index'])->name('tables.index');
Route::get('/records/search', [RateMasController::class, 'lookup'])->name('ratemas.lookup'); Route::get('/records/search', [RateMasController::class, 'lookup'])->name('ratemas.lookup');
Route::get('/tables/{table}/search', [RateMasController::class, 'search'])->name('ratemas.search'); Route::get('/tables/{table}/search', [RateMasController::class, 'search'])->name('ratemas.search');
@@ -24,5 +34,8 @@ Route::middleware('auth')->group(function () {
Route::middleware('admin')->prefix('admin')->name('admin.')->group(function () { Route::middleware('admin')->prefix('admin')->name('admin.')->group(function () {
Route::get('/ratemas/upload', [RateMasUploadController::class, 'create'])->name('ratemas-upload.create'); Route::get('/ratemas/upload', [RateMasUploadController::class, 'create'])->name('ratemas-upload.create');
Route::post('/ratemas/upload', [RateMasUploadController::class, 'store'])->name('ratemas-upload.store'); Route::post('/ratemas/upload', [RateMasUploadController::class, 'store'])->name('ratemas-upload.store');
Route::get('/users', [UserController::class, 'index'])->name('users.index');
Route::get('/users/create', [UserController::class, 'create'])->name('users.create');
Route::post('/users', [UserController::class, 'store'])->name('users.store');
}); });
}); });

124
tests/Feature/RateMasWorkflowTest.php
View File

@@ -6,7 +6,9 @@ use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase; use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Http\UploadedFile; use Illuminate\Http\UploadedFile;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Schema; use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Str;
use Tests\TestCase; use Tests\TestCase;
class RateMasWorkflowTest extends TestCase class RateMasWorkflowTest extends TestCase
@@ -87,6 +89,18 @@ class RateMasWorkflowTest extends TestCase
$this->get('/admin/ratemas/upload')->assertForbidden(); $this->get('/admin/ratemas/upload')->assertForbidden();
} }
public function test_regular_user_cannot_open_admin_user_management(): void
{
$this->actingAs(User::create([
'name' => 'User Cukai',
'username' => 'cukai',
'email' => 'cukai@example.local',
'password' => '123',
]));
$this->get('/admin/users')->assertForbidden();
}
public function test_admin_can_upload_csv_and_create_year_table(): void public function test_admin_can_upload_csv_and_create_year_table(): void
{ {
$this->actingAs(User::create([ $this->actingAs(User::create([
@@ -116,6 +130,116 @@ class RateMasWorkflowTest extends TestCase
->assertSee('Siti Aminah'); ->assertSee('Siti Aminah');
} }
public function test_authenticated_user_can_update_email_and_password(): void
{
$user = User::create([
'name' => 'User Cukai',
'username' => 'cukai',
'email' => 'cukai@example.local',
'password' => '12345678',
]);
$this->actingAs($user);
$this->put('/profile/email', [
'email' => 'baru@example.local',
])->assertRedirect();
$this->assertSame('baru@example.local', $user->fresh()->email);
$this->put('/profile/password', [
'current_password' => '12345678',
'password' => 'password-baru',
'password_confirmation' => 'password-baru',
])->assertRedirect();
$this->assertTrue(Hash::check('password-baru', $user->fresh()->password));
}
public function test_guest_can_request_and_complete_password_reset(): void
{
$user = User::create([
'name' => 'User Cukai',
'username' => 'cukai',
'email' => 'cukai@example.local',
'password' => '12345678',
]);
$this->post('/forgot-password', [
'email' => $user->email,
])->assertRedirect();
$this->assertDatabaseHas('password_reset_tokens', [
'email' => $user->email,
]);
$token = Str::random(64);
DB::table('password_reset_tokens')->updateOrInsert([
'email' => $user->email,
], [
'token' => Hash::make($token),
'created_at' => now(),
]);
$this->post('/reset-password', [
'token' => $token,
'email' => $user->email,
'password' => 'reset-baru',
'password_confirmation' => 'reset-baru',
])->assertRedirect('/login');
$this->assertTrue(Hash::check('reset-baru', $user->fresh()->password));
$this->assertDatabaseMissing('password_reset_tokens', [
'email' => $user->email,
]);
}
public function test_admin_can_create_regular_user_by_default(): void
{
$this->actingAs(User::create([
'name' => 'Admin',
'username' => 'admin',
'role' => 'admin',
'email' => 'admin@example.local',
'password' => 'admin123',
]));
$this->post('/admin/users', [
'name' => 'User Baru',
'username' => 'userbaru',
'email' => 'userbaru@example.local',
'password' => 'password123',
'password_confirmation' => 'password123',
])->assertRedirect('/admin/users');
$user = User::where('username', 'userbaru')->firstOrFail();
$this->assertSame('user', $user->role);
$this->assertTrue(Hash::check('password123', $user->password));
}
public function test_admin_can_create_new_admin_user(): void
{
$this->actingAs(User::create([
'name' => 'Admin',
'username' => 'admin',
'role' => 'admin',
'email' => 'admin@example.local',
'password' => 'admin123',
]));
$this->post('/admin/users', [
'name' => 'Admin Baru',
'username' => 'adminbaru',
'email' => 'adminbaru@example.local',
'password' => 'password123',
'password_confirmation' => 'password123',
'role' => 'admin',
])->assertRedirect('/admin/users');
$this->assertTrue(User::where('username', 'adminbaru')->firstOrFail()->isAdmin());
}
private function createRateMasTable(string $table): void private function createRateMasTable(string $table): void
{ {
Schema::create($table, function ($table) { Schema::create($table, function ($table) {