2021-08-30 16:28:17 -04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
|
|
|
|
use BookStack\Auth\Access\EmailConfirmationService;
|
|
|
|
use BookStack\Auth\User;
|
|
|
|
use Closure;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check that the user's email address is confirmed.
|
|
|
|
*
|
|
|
|
* As of v21.08 this is technically not required but kept as a prevention
|
|
|
|
* to log out any users that may be logged in but in an "awaiting confirmation" state.
|
|
|
|
* We'll keep this for a while until it'd be very unlikely for a user to be upgrading from
|
|
|
|
* a pre-v21.08 version.
|
|
|
|
*
|
|
|
|
* Ideally we'd simply invalidate all existing sessions upon update but that has
|
|
|
|
* proven to be a lot more difficult than expected.
|
|
|
|
*/
|
|
|
|
class CheckEmailConfirmed
|
|
|
|
{
|
|
|
|
protected $confirmationService;
|
|
|
|
|
|
|
|
public function __construct(EmailConfirmationService $confirmationService)
|
|
|
|
{
|
|
|
|
$this->confirmationService = $confirmationService;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle an incoming request.
|
|
|
|
*
|
2021-08-30 16:32:07 -04:00
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
|
* @param \Closure $next
|
|
|
|
*
|
2021-08-30 16:28:17 -04:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function handle($request, Closure $next)
|
|
|
|
{
|
|
|
|
/** @var User $user */
|
|
|
|
$user = auth()->user();
|
|
|
|
if (auth()->check() && !$user->email_confirmed && $this->confirmationService->confirmationRequired()) {
|
|
|
|
auth()->logout();
|
2021-08-30 16:32:07 -04:00
|
|
|
|
2021-08-30 16:28:17 -04:00
|
|
|
return redirect()->to('/');
|
|
|
|
}
|
|
|
|
|
|
|
|
return $next($request);
|
|
|
|
}
|
|
|
|
}
|