BookStack/app/Http/Controllers/Auth/ConfirmEmailController.php

<?php

namespace BookStack\Http\Controllers\Auth;

use BookStack\Auth\Access\EmailConfirmationService;
use BookStack\Auth\Access\LoginService;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\ConfirmationEmailException;
use BookStack\Exceptions\UserTokenExpiredException;
use BookStack\Exceptions\UserTokenNotFoundException;
use BookStack\Http\Controllers\Controller;
use Exception;
use Illuminate\Http\Request;

class ConfirmEmailController extends Controller
{
    protected EmailConfirmationService $emailConfirmationService;
    protected LoginService $loginService;
    protected UserRepo $userRepo;

    /**
     * Create a new controller instance.
     */
    public function __construct(
        EmailConfirmationService $emailConfirmationService,
        LoginService $loginService,
        UserRepo $userRepo
    ) {
        $this->emailConfirmationService = $emailConfirmationService;
        $this->loginService = $loginService;
        $this->userRepo = $userRepo;
    }

    /**
     * Show the page to tell the user to check their email
     * and confirm their address.
     */
    public function show()
    {
        return view('auth.register-confirm');
    }

    /**
     * Shows a notice that a user's email address has not been confirmed,
     * Also has the option to re-send the confirmation email.
     */
    public function showAwaiting()
    {
        $user = $this->loginService->getLastLoginAttemptUser();

        return view('auth.user-unconfirmed', ['user' => $user]);
    }

    /**
     * Confirms an email via a token and logs the user into the system.
     *
     * @throws ConfirmationEmailException
     * @throws Exception
     */
    public function confirm(string $token)
    {
        try {
            $userId = $this->emailConfirmationService->checkTokenAndGetUserId($token);
        } catch (UserTokenNotFoundException $exception) {
            $this->showErrorNotification(trans('errors.email_confirmation_invalid'));

            return redirect('/register');
        } catch (UserTokenExpiredException $exception) {
            $user = $this->userRepo->getById($exception->userId);
            $this->emailConfirmationService->sendConfirmation($user);
            $this->showErrorNotification(trans('errors.email_confirmation_expired'));

            return redirect('/register/confirm');
        }

        $user = $this->userRepo->getById($userId);
        $user->email_confirmed = true;
        $user->save();

        $this->emailConfirmationService->deleteByUser($user);
        $this->showSuccessNotification(trans('auth.email_confirm_success'));

        return redirect('/login');
    }

    /**
     * Resend the confirmation email.
     */
    public function resend(Request $request)
    {
        $this->validate($request, [
            'email' => ['required', 'email', 'exists:users,email'],
        ]);
        $user = $this->userRepo->getByEmail($request->get('email'));

        try {
            $this->emailConfirmationService->sendConfirmation($user);
        } catch (Exception $e) {
            $this->showErrorNotification(trans('auth.email_confirm_send_error'));

            return redirect('/register/confirm');
        }

        $this->showSuccessNotification(trans('auth.email_confirm_resent'));

        return redirect('/register/confirm');
    }
}
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`<?php`

			`namespace BookStack\Http\Controllers\Auth;`

			`use BookStack\Auth\Access\EmailConfirmationService;`
Updated all login events to route through single service 2021-07-17 12:45:00 -04:00			`use BookStack\Auth\Access\LoginService;`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`use BookStack\Auth\UserRepo;`
			`use BookStack\Exceptions\ConfirmationEmailException;`
			`use BookStack\Exceptions\UserTokenExpiredException;`
			`use BookStack\Exceptions\UserTokenNotFoundException;`
			`use BookStack\Http\Controllers\Controller;`
			`use Exception;`
			`use Illuminate\Http\Request;`

			`class ConfirmEmailController extends Controller`
			`{`
Updated auth controllers with property types 2022-09-22 10:12:05 -04:00			`protected EmailConfirmationService $emailConfirmationService;`
			`protected LoginService $loginService;`
			`protected UserRepo $userRepo;`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00
			`/**`
			`* Create a new controller instance.`
			`*/`
Updated all login events to route through single service 2021-07-17 12:45:00 -04:00			`public function __construct(`
			`EmailConfirmationService $emailConfirmationService,`
			`LoginService $loginService,`
			`UserRepo $userRepo`
Apply fixes from StyleCI 2021-08-21 10:49:40 -04:00			`) {`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`$this->emailConfirmationService = $emailConfirmationService;`
Updated all login events to route through single service 2021-07-17 12:45:00 -04:00			`$this->loginService = $loginService;`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`$this->userRepo = $userRepo;`
			`}`

			`/**`
			`* Show the page to tell the user to check their email`
			`* and confirm their address.`
			`*/`
			`public function show()`
			`{`
			`return view('auth.register-confirm');`
			`}`

			`/**`
			`* Shows a notice that a user's email address has not been confirmed,`
			`* Also has the option to re-send the confirmation email.`
			`*/`
			`public function showAwaiting()`
			`{`
Added login redirect system to confirm/mfa Also continued a bit on the MFA verification system. Moved some MFA routes to public space using updated login service to get the current user that is either logged in or last attempted login (With correct creds). 2021-07-18 11:52:31 -04:00			`$user = $this->loginService->getLastLoginAttemptUser();`
Apply fixes from StyleCI 2021-08-21 10:49:40 -04:00
Added login redirect system to confirm/mfa Also continued a bit on the MFA verification system. Moved some MFA routes to public space using updated login service to get the current user that is either logged in or last attempted login (With correct creds). 2021-07-18 11:52:31 -04:00			`return view('auth.user-unconfirmed', ['user' => $user]);`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`}`

			`/**`
			`* Confirms an email via a token and logs the user into the system.`
Apply fixes from StyleCI 2021-06-26 11:23:15 -04:00			`*`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`* @throws ConfirmationEmailException`
			`* @throws Exception`
			`*/`
Done a round of phpstan fixes 2021-11-05 20:32:01 -04:00			`public function confirm(string $token)`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`{`
			`try {`
			`$userId = $this->emailConfirmationService->checkTokenAndGetUserId($token);`
Done a round of phpstan fixes 2021-11-05 20:32:01 -04:00			`} catch (UserTokenNotFoundException $exception) {`
			`$this->showErrorNotification(trans('errors.email_confirmation_invalid'));`
Apply fixes from StyleCI 2021-06-26 11:23:15 -04:00
Done a round of phpstan fixes 2021-11-05 20:32:01 -04:00			`return redirect('/register');`
			`} catch (UserTokenExpiredException $exception) {`
			`$user = $this->userRepo->getById($exception->userId);`
			`$this->emailConfirmationService->sendConfirmation($user);`
			`$this->showErrorNotification(trans('errors.email_confirmation_expired'));`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00
Done a round of phpstan fixes 2021-11-05 20:32:01 -04:00			`return redirect('/register/confirm');`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`}`

			`$user = $this->userRepo->getById($userId);`
			`$user->email_confirmed = true;`
			`$user->save();`

			`$this->emailConfirmationService->deleteByUser($user);`
Started moving MFA and email confirmation to new login flow Instead of being soley middleware based. 2021-07-17 13:24:50 -04:00			`$this->showSuccessNotification(trans('auth.email_confirm_success'));`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00
Prevented auto-login from direct email confirmation actions Was done for convenience but could potentially be exploited by an attacker using signing up via one of these routes, then forwarding an email confirmation to another user so they unknowingly utilise an account someone else controls. Tweaks the flow of confirming email, and the user invite flow. For #3050 2021-11-15 05:50:28 -05:00			`return redirect('/login');`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`}`

			`/**`
Apply fixes from StyleCI 2021-06-26 11:23:15 -04:00			`* Resend the confirmation email.`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`*/`
			`public function resend(Request $request)`
			`{`
			`$this->validate($request, [`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-04 20:26:55 -04:00			`'email' => ['required', 'email', 'exists:users,email'],`
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`]);`
			`$user = $this->userRepo->getByEmail($request->get('email'));`

			`try {`
			`$this->emailConfirmationService->sendConfirmation($user);`
			`} catch (Exception $e) {`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showErrorNotification(trans('auth.email_confirm_send_error'));`
Apply fixes from StyleCI 2021-06-26 11:23:15 -04:00
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`return redirect('/register/confirm');`
			`}`

Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showSuccessNotification(trans('auth.email_confirm_resent'));`
Apply fixes from StyleCI 2021-06-26 11:23:15 -04:00
Refactored confirm actions to their own controller 2019-08-18 05:47:59 -04:00			`return redirect('/register/confirm');`
			`}`
			`}`