High priority fixes: PayPal env(), RadioApiKey Bearer-only, User restrict, SettingsService TTL, PHPStan config, + fix 7 broke points (forceFill)

2026-06-04 20:17:45 +02:00
parent b2bb1811d0
commit 9b5c655c68
10 changed files with 36 additions and 19 deletions
@@ -15,7 +15,7 @@ class DisableTwoFactorAuthentication extends \Laravel\Fortify\Actions\DisableTwo
            $user->forceFill([
                'two_factor_secret' => null,
                'two_factor_recovery_codes' => null,
-                'two_factor_confirmed' => false,
+                'two_factor_confirmed_at' => null,
            ])->save();
        }
    }
@@ -196,7 +196,7 @@ final class PointsSettings extends Page implements HasForms

    public function resetLeaderboard(): void
    {
-        User::where('radio_points', '>', 0)->update(['radio_points' => 0]);
+        User::query()->where('radio_points', '>', 0)->each(fn (User $u) => $u->forceFill(['radio_points' => 0])->save());
        RadioListenerPoint::query()->delete();

        $this->pointsService->clearLeaderboardCache();
@@ -129,7 +129,7 @@ class StaffApplicationResource extends Resource
                        }

                        if ((int) $user->team_id !== (int) $team->id) {
-                            $user->update(['team_id' => $team->id]);
+                            $user->forceFill(['team_id' => $team->id])->save();
                        }

                        $r->update([
@@ -177,7 +177,7 @@ class StaffApplicationResource extends Resource
                        }

                        if ($r->status === 'approved' && (int) $user->team_id === (int) $team->id) {
-                            $user->update(['team_id' => null]);
+                            $user->forceFill(['team_id' => null])->save();
                        }

                        $r->update([
@@ -189,7 +189,7 @@ class EditUser extends EditRecord
        }

        if (! $user->online) {
-            $user->update(['rank' => $data['rank']]);
+            $user->forceFill(['rank' => $data['rank']])->save();

            return;
        }
@@ -13,11 +13,11 @@ class RadioApiKey
 {
    public function handle(Request $request, Closure $next, string $permission = '*'): Response
    {
-        $key = $request->bearerToken() ?? $request->query('api_key');
+        $key = $request->bearerToken();

        if (empty($key)) {
            return response()->json([
-                'error' => 'API key is required. Use Authorization: Bearer <key> or ?api_key=<key>',
+                'error' => 'API key is required. Use Authorization: Bearer <key>',
            ], 401);
        }

@@ -125,7 +125,7 @@ class User extends Authenticatable implements FilamentUser, HasName
    public $timestamps = false;

    #[\Override]
-    protected $fillable = ['username', 'mail', 'password', 'account_created', 'last_login', 'motto', 'look', 'credits', 'last_username_change', 'auth_ticket', 'home_room', 'ip_register', 'ip_current', 'referral_code', 'preferences', 'team_id', 'avatar_background', 'home_background', 'pincode', 'secret_key', 'extra_rank', 'is_hidden', 'background_id', 'background_stand_id', 'background_overlay_id', 'radio_points', 'pixels', 'points', 'online', 'gender', 'rank', 'mail_verified', 'two_factor_secret', 'two_factor_recovery_codes', 'two_factor_confirmed_at'];
+    protected $fillable = ['username', 'mail', 'password', 'account_created', 'last_login', 'motto', 'look', 'credits', 'last_username_change', 'auth_ticket', 'home_room', 'ip_register', 'ip_current', 'referral_code', 'preferences', 'avatar_background', 'home_background', 'background_id', 'background_stand_id', 'background_overlay_id', 'gender'];

    #[\Override]
    protected $hidden = ['password', 'remember_token'];
@@ -361,7 +361,7 @@ class User extends Authenticatable implements FilamentUser, HasName
            return false;
        }

-        $this->update(['two_factor_confirmed' => true]);
+        $this->forceFill(['two_factor_confirmed_at' => now()])->save();

        return true;
    }
@@ -49,7 +49,7 @@ class PurchaseService
            $this->rconService->setRank($user, $package->give_rank);
            $this->rconService->disconnectUser($user);
        } else {
-            $user->update(['rank' => $package->give_rank]);
+            $user->forceFill(['rank' => $package->give_rank])->save();
        }
    }

@@ -32,7 +32,7 @@ class SettingsService

    public function getLanguages(): Collection
    {
-        return Cache::rememberForever(self::LANGUAGES_CACHE_KEY, function (): Collection {
+        return Cache::remember(self::LANGUAGES_CACHE_KEY, 86400, function (): Collection {
            try {
                if (! Schema::hasTable('website_languages')) {
                    return collect();
@@ -75,7 +75,7 @@ class SettingsService
            return $this->fetchSettings();
        }

-        $this->cachedSettings = collect(Cache::rememberForever(self::CACHE_KEY, fn () => $this->fetchSettings()->toArray()));
+        $this->cachedSettings = collect(Cache::remember(self::CACHE_KEY, 86400, fn () => $this->fetchSettings()->toArray()));

        return $this->cachedSettings;
    }