require submitting email when verifying email
This commit is contained in:
parent
171ea171d5
commit
1d82dcb5df
|
|
@ -344,7 +344,7 @@ class AuthController extends Controller
|
|||
return redirect('/user');
|
||||
}
|
||||
|
||||
public function verify(Request $request, $uid)
|
||||
public function verify(Request $request)
|
||||
{
|
||||
if (!option('require_verification')) {
|
||||
throw new PrettyPageException(trans('user.verification.disabled'), 1);
|
||||
|
|
@ -352,15 +352,23 @@ class AuthController extends Controller
|
|||
|
||||
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
|
||||
|
||||
$user = User::find($uid);
|
||||
if (!$user || $user->verified) {
|
||||
throw new PrettyPageException(trans('auth.verify.invalid'), 1);
|
||||
return view('auth.verify');
|
||||
}
|
||||
|
||||
public function handleVerify(Request $request, User $user)
|
||||
{
|
||||
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
|
||||
|
||||
['email' => $email] = $request->validate(['email' => 'required|email']);
|
||||
|
||||
if ($user->email !== $email) {
|
||||
return back()->with('errorMessage', trans('auth.verify.not-matched'));
|
||||
}
|
||||
|
||||
$user->verified = true;
|
||||
$user->save();
|
||||
|
||||
return view('auth.verify', ['site_name' => option_localized('site_name')]);
|
||||
return redirect()->route('user.home');
|
||||
}
|
||||
|
||||
public function jwtLogin(Request $request)
|
||||
|
|
|
|||
|
|
@ -157,7 +157,7 @@ class UserController extends Controller
|
|||
return json(trans('user.verification.verified'), 1);
|
||||
}
|
||||
|
||||
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
|
||||
|
||||
try {
|
||||
Mail::to($user->email)->send(new EmailVerification(url($url)));
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ class SendEmailVerification
|
|||
public function handle(User $user)
|
||||
{
|
||||
if (option('require_verification')) {
|
||||
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user->uid], null, false);
|
||||
|
||||
try {
|
||||
Mail::to($user->email)->send(new EmailVerification(url($url)));
|
||||
|
|
|
|||
|
|
@ -49,10 +49,8 @@ bind:
|
|||
|
||||
verify:
|
||||
title: Email Verification
|
||||
success: Your account was now verified.
|
||||
message: Welcome to :sitename!
|
||||
button: Homepage
|
||||
invalid: Invalid link.
|
||||
not-matched: Email doesn't match.
|
||||
|
||||
validation:
|
||||
user: No such user.
|
||||
|
|
|
|||
|
|
@ -4,12 +4,31 @@
|
|||
|
||||
{% block content %}
|
||||
<p class="login-box-msg">
|
||||
{{ trans('auth.verify.message', {sitename: site_name}) }}
|
||||
{{ trans('auth.bind.message') }}
|
||||
</p>
|
||||
<div class="alert alert-success mb-5">
|
||||
<i class="icon fa fa-check"></i> {{ trans('auth.verify.success') }}
|
||||
</div>
|
||||
<a href="{{ url('/') }}" class="btn btn-primary btn-block">
|
||||
{{ trans('auth.verify.button') }}
|
||||
</a>
|
||||
<form method="post">
|
||||
{{ csrf_field() }}
|
||||
<div class="input-group mb-3">
|
||||
<input type="email" name="email" class="form-control" placeholder={{ trans('auth.email') }} required>
|
||||
<div class="input-group-append">
|
||||
<div class="input-group-text">
|
||||
<i class="fas fa-envelope"></i>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% if errors.any %}
|
||||
<div class="alert alert-danger">
|
||||
<i class="icon fas fa-exclamation-triangle"></i>
|
||||
{{ errors.first }}
|
||||
</div>
|
||||
{% elseif session_has('errorMessage') %}
|
||||
<div class="alert alert-danger">
|
||||
<i class="icon fas fa-exclamation-triangle"></i>
|
||||
{{ session_pull('errorMessage') }}
|
||||
</div>
|
||||
{% endif %}
|
||||
<button type="submit" class="btn btn-primary btn-block">
|
||||
{{ trans('general.submit') }}
|
||||
</button>
|
||||
</form>
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,8 @@ Route::prefix('auth')->name('auth.')->group(function () {
|
|||
Route::post('bind', 'AuthController@fillEmail');
|
||||
});
|
||||
|
||||
Route::get('verify/{uid}', 'AuthController@verify')->name('verify');
|
||||
Route::get('verify/{user}', 'AuthController@verify')->name('verify');
|
||||
Route::post('verify/{user}', 'AuthController@handleVerify');
|
||||
});
|
||||
|
||||
Route::prefix('user')
|
||||
|
|
|
|||
|
|
@ -724,27 +724,39 @@ class AuthControllerTest extends TestCase
|
|||
|
||||
public function testVerify()
|
||||
{
|
||||
$url = URL::signedRoute('auth.verify', ['uid' => 1], null, false);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => 1], null, false);
|
||||
|
||||
// Should be forbidden if account verification is disabled
|
||||
// should be forbidden if account verification is disabled
|
||||
option(['require_verification' => false]);
|
||||
$this->get($url)->assertSee(trans('user.verification.disabled'));
|
||||
option(['require_verification' => true]);
|
||||
|
||||
// Invalid link
|
||||
$this->get(route('auth.verify', ['uid' => 1]))->assertForbidden();
|
||||
|
||||
// Non-existed user
|
||||
$this->get($url)->assertSee(trans('auth.verify.invalid'));
|
||||
|
||||
$user = factory(User::class)->create();
|
||||
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
|
||||
$this->get($url)->assertSee(trans('auth.verify.invalid'));
|
||||
// invalid link
|
||||
$this->get(route('auth.verify', ['user' => 1]))->assertForbidden();
|
||||
|
||||
$user = factory(User::class)->create(['verified' => false]);
|
||||
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
|
||||
$this->get($url)->assertViewIs('auth.verify');
|
||||
$this->assertEquals(1, User::find($user->uid)->verified);
|
||||
}
|
||||
|
||||
public function testHandleVerify()
|
||||
{
|
||||
$user = factory(User::class)->create(['verified' => false]);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
|
||||
|
||||
// empty email
|
||||
$this->post($url, [], ['Referer' => $url])->assertRedirect($url);
|
||||
|
||||
// not an email
|
||||
$this->post($url, ['email' => 't'], ['Referer' => $url])->assertRedirect($url);
|
||||
|
||||
// invalid email
|
||||
$this->post($url, ['email' => 'a@b.c'], ['Referer' => $url])
|
||||
->assertRedirect($url);
|
||||
|
||||
// success
|
||||
$this->post($url, ['email' => $user->email], ['Referer' => $url])
|
||||
->assertRedirect(route('user.home'));
|
||||
}
|
||||
|
||||
public function testApiLogin()
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user