From d89440d19879b73b6016ac0fef608f91692e82ca Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sat, 11 Nov 2017 18:09:48 +0000 Subject: [PATCH] Fixed required email confirmation with domain restriction Added test to cover scenario. Closes #573 --- .../Controllers/Auth/RegisterController.php | 2 +- app/Http/Middleware/Authenticate.php | 7 +++- tests/Auth/AuthTest.php | 39 +++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 1ba8b97db..0fa005e1f 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -53,7 +53,7 @@ class RegisterController extends Controller */ public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo) { - $this->middleware('guest')->except(['socialCallback', 'detachSocialAccount']); + $this->middleware('guest')->only(['getRegister', 'postRegister', 'socialRegister']); $this->socialAuthService = $socialAuthService; $this->emailConfirmationService = $emailConfirmationService; $this->userRepo = $userRepo; diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php index b78016688..c9b2726e8 100644 --- a/app/Http/Middleware/Authenticate.php +++ b/app/Http/Middleware/Authenticate.php @@ -30,8 +30,11 @@ class Authenticate */ public function handle($request, Closure $next) { - if ($this->auth->check() && setting('registration-confirmation') && !$this->auth->user()->email_confirmed) { - return redirect(baseUrl('/register/confirm/awaiting')); + if ($this->auth->check()) { + $requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict')); + if ($requireConfirmation && !$this->auth->user()->email_confirmed) { + return redirect('/register/confirm/awaiting'); + } } if ($this->auth->guest() && !setting('app-public')) { diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php index 4de35faff..87339344b 100644 --- a/tests/Auth/AuthTest.php +++ b/tests/Auth/AuthTest.php @@ -124,6 +124,45 @@ class AuthTest extends BrowserKitTest ->press('Create Account') ->seePageIs('/register/confirm') ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]); + + $this->visit('/')->seePageIs('/login') + ->type($user->email, '#email') + ->type($user->password, '#password') + ->press('Log In') + ->seePageIs('/register/confirm/awaiting') + ->seeText('Email Address Not Confirmed'); + } + + public function test_restricted_registration_with_confirmation_disabled() + { + $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']); + $user = factory(\BookStack\User::class)->make(); + // Go through registration process + $this->visit('/register') + ->type($user->name, '#name') + ->type($user->email, '#email') + ->type($user->password, '#password') + ->press('Create Account') + ->seePageIs('/register') + ->dontSeeInDatabase('users', ['email' => $user->email]) + ->see('That email domain does not have access to this application'); + + $user->email = 'barry@example.com'; + + $this->visit('/register') + ->type($user->name, '#name') + ->type($user->email, '#email') + ->type($user->password, '#password') + ->press('Create Account') + ->seePageIs('/register/confirm') + ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]); + + $this->visit('/')->seePageIs('/login') + ->type($user->email, '#email') + ->type($user->password, '#password') + ->press('Log In') + ->seePageIs('/register/confirm/awaiting') + ->seeText('Email Address Not Confirmed'); } public function test_user_creation()