2018-09-25 07:30:50 -04:00
|
|
|
<?php namespace BookStack\Auth\Access;
|
2015-09-05 15:25:57 -04:00
|
|
|
|
2016-09-17 13:22:04 -04:00
|
|
|
use BookStack\Notifications\ConfirmEmail;
|
2018-09-25 07:30:50 -04:00
|
|
|
use BookStack\Auth\UserRepo;
|
2015-09-05 15:25:57 -04:00
|
|
|
use Carbon\Carbon;
|
2015-09-10 14:31:09 -04:00
|
|
|
use BookStack\Exceptions\ConfirmationEmailException;
|
|
|
|
use BookStack\Exceptions\UserRegistrationException;
|
2018-09-25 07:30:50 -04:00
|
|
|
use BookStack\Auth\User;
|
2016-09-17 13:22:04 -04:00
|
|
|
use Illuminate\Database\Connection as Database;
|
2015-09-05 15:25:57 -04:00
|
|
|
|
|
|
|
class EmailConfirmationService
|
|
|
|
{
|
2016-09-17 13:22:04 -04:00
|
|
|
protected $db;
|
|
|
|
protected $users;
|
2015-09-05 15:25:57 -04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* EmailConfirmationService constructor.
|
2016-09-17 13:22:04 -04:00
|
|
|
* @param Database $db
|
2018-09-25 07:30:50 -04:00
|
|
|
* @param \BookStack\Auth\UserRepo $users
|
2015-09-05 15:25:57 -04:00
|
|
|
*/
|
2016-09-17 13:22:04 -04:00
|
|
|
public function __construct(Database $db, UserRepo $users)
|
2015-09-05 15:25:57 -04:00
|
|
|
{
|
2016-09-17 13:22:04 -04:00
|
|
|
$this->db = $db;
|
|
|
|
$this->users = $users;
|
2015-09-05 15:25:57 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create new confirmation for a user,
|
|
|
|
* Also removes any existing old ones.
|
2018-09-25 07:30:50 -04:00
|
|
|
* @param \BookStack\Auth\User $user
|
2015-09-05 15:25:57 -04:00
|
|
|
* @throws ConfirmationEmailException
|
|
|
|
*/
|
|
|
|
public function sendConfirmation(User $user)
|
|
|
|
{
|
2015-09-06 07:14:32 -04:00
|
|
|
if ($user->email_confirmed) {
|
2016-12-04 11:51:39 -05:00
|
|
|
throw new ConfirmationEmailException(trans('errors.email_already_confirmed'), '/login');
|
2015-09-05 15:25:57 -04:00
|
|
|
}
|
2016-09-17 13:22:04 -04:00
|
|
|
|
2015-09-05 15:25:57 -04:00
|
|
|
$this->deleteConfirmationsByUser($user);
|
2016-09-17 13:22:04 -04:00
|
|
|
$token = $this->createEmailConfirmation($user);
|
|
|
|
|
|
|
|
$user->notify(new ConfirmEmail($token));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Creates a new email confirmation in the database and returns the token.
|
|
|
|
* @param User $user
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function createEmailConfirmation(User $user)
|
|
|
|
{
|
2015-09-05 15:25:57 -04:00
|
|
|
$token = $this->getToken();
|
2016-09-17 13:22:04 -04:00
|
|
|
$this->db->table('email_confirmations')->insert([
|
2015-09-05 15:25:57 -04:00
|
|
|
'user_id' => $user->id,
|
2016-09-17 13:22:04 -04:00
|
|
|
'token' => $token,
|
|
|
|
'created_at' => Carbon::now(),
|
|
|
|
'updated_at' => Carbon::now()
|
2015-09-05 15:25:57 -04:00
|
|
|
]);
|
2016-09-17 13:22:04 -04:00
|
|
|
return $token;
|
2015-09-05 15:25:57 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gets an email confirmation by looking up the token,
|
|
|
|
* Ensures the token has not expired.
|
|
|
|
* @param string $token
|
2016-12-04 11:51:39 -05:00
|
|
|
* @return array|null|\stdClass
|
2015-09-05 15:25:57 -04:00
|
|
|
* @throws UserRegistrationException
|
|
|
|
*/
|
|
|
|
public function getEmailConfirmationFromToken($token)
|
|
|
|
{
|
2016-09-17 13:22:04 -04:00
|
|
|
$emailConfirmation = $this->db->table('email_confirmations')->where('token', '=', $token)->first();
|
|
|
|
|
|
|
|
// If not found show error
|
2015-09-05 15:25:57 -04:00
|
|
|
if ($emailConfirmation === null) {
|
2016-12-04 11:51:39 -05:00
|
|
|
throw new UserRegistrationException(trans('errors.email_confirmation_invalid'), '/register');
|
2015-09-05 15:25:57 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// If more than a day old
|
2016-09-17 13:22:04 -04:00
|
|
|
if (Carbon::now()->subDay()->gt(new Carbon($emailConfirmation->created_at))) {
|
|
|
|
$user = $this->users->getById($emailConfirmation->user_id);
|
|
|
|
$this->sendConfirmation($user);
|
2016-12-04 11:51:39 -05:00
|
|
|
throw new UserRegistrationException(trans('errors.email_confirmation_expired'), '/register/confirm');
|
2015-09-05 15:25:57 -04:00
|
|
|
}
|
|
|
|
|
2016-09-17 13:22:04 -04:00
|
|
|
$emailConfirmation->user = $this->users->getById($emailConfirmation->user_id);
|
2015-09-05 15:25:57 -04:00
|
|
|
return $emailConfirmation;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Delete all email confirmations that belong to a user.
|
2018-09-25 07:30:50 -04:00
|
|
|
* @param \BookStack\Auth\User $user
|
2015-09-05 15:25:57 -04:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function deleteConfirmationsByUser(User $user)
|
|
|
|
{
|
2016-09-17 13:22:04 -04:00
|
|
|
return $this->db->table('email_confirmations')->where('user_id', '=', $user->id)->delete();
|
2015-09-05 15:25:57 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Creates a unique token within the email confirmation database.
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function getToken()
|
|
|
|
{
|
|
|
|
$token = str_random(24);
|
2016-09-17 13:22:04 -04:00
|
|
|
while ($this->db->table('email_confirmations')->where('token', '=', $token)->exists()) {
|
2015-09-05 15:25:57 -04:00
|
|
|
$token = str_random(25);
|
|
|
|
}
|
|
|
|
return $token;
|
|
|
|
}
|
2018-01-28 11:58:52 -05:00
|
|
|
}
|