require submitting email when verifying email

This commit is contained in:
Pig Fang 2020-08-31 19:48:31 +08:00
parent 171ea171d5
commit 1d82dcb5df
No known key found for this signature in database
GPG Key ID: A8198F548DADA9E2
7 changed files with 69 additions and 31 deletions

View File

@ -344,7 +344,7 @@ class AuthController extends Controller
return redirect('/user');
}
public function verify(Request $request, $uid)
public function verify(Request $request)
{
if (!option('require_verification')) {
throw new PrettyPageException(trans('user.verification.disabled'), 1);
@ -352,15 +352,23 @@ class AuthController extends Controller
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
$user = User::find($uid);
if (!$user || $user->verified) {
throw new PrettyPageException(trans('auth.verify.invalid'), 1);
return view('auth.verify');
}
public function handleVerify(Request $request, User $user)
{
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
['email' => $email] = $request->validate(['email' => 'required|email']);
if ($user->email !== $email) {
return back()->with('errorMessage', trans('auth.verify.not-matched'));
}
$user->verified = true;
$user->save();
return view('auth.verify', ['site_name' => option_localized('site_name')]);
return redirect()->route('user.home');
}
public function jwtLogin(Request $request)

View File

@ -157,7 +157,7 @@ class UserController extends Controller
return json(trans('user.verification.verified'), 1);
}
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
try {
Mail::to($user->email)->send(new EmailVerification(url($url)));

View File

@ -12,7 +12,7 @@ class SendEmailVerification
public function handle(User $user)
{
if (option('require_verification')) {
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
$url = URL::signedRoute('auth.verify', ['user' => $user->uid], null, false);
try {
Mail::to($user->email)->send(new EmailVerification(url($url)));

View File

@ -49,10 +49,8 @@ bind:
verify:
title: Email Verification
success: Your account was now verified.
message: Welcome to :sitename!
button: Homepage
invalid: Invalid link.
not-matched: Email doesn't match.
validation:
user: No such user.

View File

@ -4,12 +4,31 @@
{% block content %}
<p class="login-box-msg">
{{ trans('auth.verify.message', {sitename: site_name}) }}
{{ trans('auth.bind.message') }}
</p>
<div class="alert alert-success mb-5">
<i class="icon fa fa-check"></i> {{ trans('auth.verify.success') }}
</div>
<a href="{{ url('/') }}" class="btn btn-primary btn-block">
{{ trans('auth.verify.button') }}
</a>
<form method="post">
{{ csrf_field() }}
<div class="input-group mb-3">
<input type="email" name="email" class="form-control" placeholder={{ trans('auth.email') }} required>
<div class="input-group-append">
<div class="input-group-text">
<i class="fas fa-envelope"></i>
</div>
</div>
</div>
{% if errors.any %}
<div class="alert alert-danger">
<i class="icon fas fa-exclamation-triangle"></i>
{{ errors.first }}
</div>
{% elseif session_has('errorMessage') %}
<div class="alert alert-danger">
<i class="icon fas fa-exclamation-triangle"></i>
{{ session_pull('errorMessage') }}
</div>
{% endif %}
<button type="submit" class="btn btn-primary btn-block">
{{ trans('general.submit') }}
</button>
</form>
{% endblock %}

View File

@ -39,7 +39,8 @@ Route::prefix('auth')->name('auth.')->group(function () {
Route::post('bind', 'AuthController@fillEmail');
});
Route::get('verify/{uid}', 'AuthController@verify')->name('verify');
Route::get('verify/{user}', 'AuthController@verify')->name('verify');
Route::post('verify/{user}', 'AuthController@handleVerify');
});
Route::prefix('user')

View File

@ -724,27 +724,39 @@ class AuthControllerTest extends TestCase
public function testVerify()
{
$url = URL::signedRoute('auth.verify', ['uid' => 1], null, false);
$url = URL::signedRoute('auth.verify', ['user' => 1], null, false);
// Should be forbidden if account verification is disabled
// should be forbidden if account verification is disabled
option(['require_verification' => false]);
$this->get($url)->assertSee(trans('user.verification.disabled'));
option(['require_verification' => true]);
// Invalid link
$this->get(route('auth.verify', ['uid' => 1]))->assertForbidden();
// Non-existed user
$this->get($url)->assertSee(trans('auth.verify.invalid'));
$user = factory(User::class)->create();
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
$this->get($url)->assertSee(trans('auth.verify.invalid'));
// invalid link
$this->get(route('auth.verify', ['user' => 1]))->assertForbidden();
$user = factory(User::class)->create(['verified' => false]);
$url = URL::signedRoute('auth.verify', ['uid' => $user->uid], null, false);
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
$this->get($url)->assertViewIs('auth.verify');
$this->assertEquals(1, User::find($user->uid)->verified);
}
public function testHandleVerify()
{
$user = factory(User::class)->create(['verified' => false]);
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
// empty email
$this->post($url, [], ['Referer' => $url])->assertRedirect($url);
// not an email
$this->post($url, ['email' => 't'], ['Referer' => $url])->assertRedirect($url);
// invalid email
$this->post($url, ['email' => 'a@b.c'], ['Referer' => $url])
->assertRedirect($url);
// success
$this->post($url, ['email' => $user->email], ['Referer' => $url])
->assertRedirect(route('user.home'));
}
public function testApiLogin()