From 4904e1c2a4f9da429eb8cfadca977befdef301fb Mon Sep 17 00:00:00 2001 From: printempw Date: Sat, 28 Jul 2018 00:58:50 +0800 Subject: [PATCH] Add option to disable email verification --- app/Http/Controllers/AdminController.php | 1 + app/Http/Controllers/AuthController.php | 11 ++++++++--- app/Http/Controllers/UserController.php | 4 ++++ app/Http/Middleware/CheckUserVerified.php | 2 +- config/mail.php | 2 +- config/options.php | 1 + resources/lang/en/auth.yml | 2 +- resources/lang/en/options.yml | 3 +++ resources/lang/en/user.yml | 1 + resources/lang/zh_CN/auth.yml | 2 +- resources/lang/zh_CN/options.yml | 3 +++ resources/lang/zh_CN/user.yml | 1 + resources/views/user/closet.tpl | 2 +- resources/views/user/index.tpl | 2 +- resources/views/user/profile.tpl | 2 +- tests/AuthControllerTest.php | 10 ++++++++-- tests/MiddlewareTest.php | 8 ++++++++ tests/UserControllerTest.php | 16 ++++++++++++++++ 18 files changed, 61 insertions(+), 12 deletions(-) diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index 214607cc..ab5af931 100644 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -171,6 +171,7 @@ class AdminController extends Controller }); $form->checkbox('user_can_register')->label(); + $form->checkbox('require_verification')->label(); $form->text('regs_per_ip'); diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index a13fe772..928e65c4 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -165,7 +165,7 @@ class AuthController extends Controller if (config('mail.driver') != "") { return view('auth.forgot'); } else { - throw new PrettyPageException(trans('auth.forgot.close'), 8); + throw new PrettyPageException(trans('auth.forgot.disabled'), 8); } } @@ -174,8 +174,9 @@ class AuthController extends Controller if (! $this->checkCaptcha($request)) return json(trans('auth.validation.captcha'), 1); - if (config('mail.driver') == "") - return json(trans('auth.forgot.close'), 1); + if (! config('mail.driver')) { + return json(trans('auth.forgot.disabled'), 1); + } $rateLimit = 180; $lastMailCacheKey = sha1('last_mail_'.Utils::getClientIp()); @@ -273,6 +274,10 @@ class AuthController extends Controller public function verify(Request $request, UserRepository $users) { + if (! option('require_verification')) { + throw new PrettyPageException(trans('user.verification.disabled'), 1); + } + // Get user instance from repository $user = $users->get($request->get('uid')); diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index bdd14e60..e5573f03 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -101,6 +101,10 @@ class UserController extends Controller public function sendVerificationEmail() { + if (! option('require_verification')) { + return json(trans('user.verification.disabled'), 1); + } + // Rate limit of 60s $remain = 60 + session('last_mail_time', 0) - time(); diff --git a/app/Http/Middleware/CheckUserVerified.php b/app/Http/Middleware/CheckUserVerified.php index 7f05a053..f28c9011 100644 --- a/app/Http/Middleware/CheckUserVerified.php +++ b/app/Http/Middleware/CheckUserVerified.php @@ -12,7 +12,7 @@ class CheckUserVerified return $result; } - if (! $result->verified) { + if (option('require_verification') && !$result->verified) { abort(403, trans('auth.check.verified')); } diff --git a/config/mail.php b/config/mail.php index da2ebb73..e6f2f414 100644 --- a/config/mail.php +++ b/config/mail.php @@ -16,7 +16,7 @@ return [ | */ - 'driver' => menv('MAIL_DRIVER', 'smtp'), + 'driver' => menv('MAIL_DRIVER'), /* |-------------------------------------------------------------------------- diff --git a/config/options.php b/config/options.php index 3684b09c..dccfc3b6 100644 --- a/config/options.php +++ b/config/options.php @@ -5,6 +5,7 @@ return [ 'site_name' => 'Blessing Skin', 'site_description' => 'Open-source PHP Minecraft Skin Hosting Service', 'user_can_register' => 'true', + 'require_verification' => 'false', 'regs_per_ip' => '3', 'ip_get_method' => '0', 'api_type' => 'false', diff --git a/resources/lang/en/auth.yml b/resources/lang/en/auth.yml index a3de962b..43530a5d 100644 --- a/resources/lang/en/auth.yml +++ b/resources/lang/en/auth.yml @@ -28,7 +28,7 @@ forgot: button: Send message: We will send you an E-mail to verify. login-link: I do remember it - close: Password resetting is not available now. + disabled: Password resetting is not available. frequent-mail: You click the send button too fast. Wait for some minutes, guy. unregistered: The email address is not registered. success: Mail sent, please check your inbox. The link will be expired in 1 hour. diff --git a/resources/lang/en/options.yml b/resources/lang/en/options.yml index 40409f7c..6438d00b 100644 --- a/resources/lang/en/options.yml +++ b/resources/lang/en/options.yml @@ -75,6 +75,9 @@ general: user_can_register: title: Open Registration label: Everyone is allowed to register. + require_verification: + title: Account Verification + label: Users must verify their email address first. regs_per_ip: Max accounts of one IP ip_get_method: title: Get IP via diff --git a/resources/lang/en/user.yml b/resources/lang/en/user.yml index 8014be98..372356e8 100644 --- a/resources/lang/en/user.yml +++ b/resources/lang/en/user.yml @@ -15,6 +15,7 @@ sign-remain-time: Available after :time :unit announcement: Announcement verification: + disabled: Email verification is not available. frequent-mail: You click the send button too fast. Wait for 60 secs, guy. verified: Your account is already verified. success: Verification link was sent, please check your inbox. diff --git a/resources/lang/zh_CN/auth.yml b/resources/lang/zh_CN/auth.yml index 2c97c1af..76ee96b6 100644 --- a/resources/lang/zh_CN/auth.yml +++ b/resources/lang/zh_CN/auth.yml @@ -28,7 +28,7 @@ forgot: button: 发送 message: 我们将会向您发送一封验证邮件 login-link: 我又想起来了 - close: 本站已关闭重置密码功能 + disabled: 本站已关闭重置密码功能 frequent-mail: 你邮件发送得太频繁啦,过会儿再点发送吧 unregistered: 该邮箱尚未注册 success: 邮件已发送,一小时内有效,请注意查收。 diff --git a/resources/lang/zh_CN/options.yml b/resources/lang/zh_CN/options.yml index e6d3c7dc..ea62b69c 100644 --- a/resources/lang/zh_CN/options.yml +++ b/resources/lang/zh_CN/options.yml @@ -75,6 +75,9 @@ general: user_can_register: title: 开放注册 label: 任何人都可以注册 + require_verification: + title: 邮箱验证 + label: 用户必须验证邮箱后才能使用皮肤托管等功能 regs_per_ip: 每个 IP 限制注册数 ip_get_method: title: IP 获取方式 diff --git a/resources/lang/zh_CN/user.yml b/resources/lang/zh_CN/user.yml index e304bdbc..3999f9bf 100644 --- a/resources/lang/zh_CN/user.yml +++ b/resources/lang/zh_CN/user.yml @@ -15,6 +15,7 @@ sign-remain-time: :time :unit 后可签到 announcement: 公告 verification: + disabled: 本站已关闭邮箱验证功能 frequent-mail: 你邮件发送得太频繁啦,过 60 秒后再点发送吧 verified: 你已经验证过邮箱了 success: 验证邮件已发送,请检查你的收件箱。 diff --git a/resources/views/user/closet.tpl b/resources/views/user/closet.tpl index 393d11ab..24e76aec 100644 --- a/resources/views/user/closet.tpl +++ b/resources/views/user/closet.tpl @@ -20,7 +20,7 @@
- @if (! $user->verified) + @if (option('require_verification') && !$user->verified) @include('common.email-verification') @endif diff --git a/resources/views/user/index.tpl b/resources/views/user/index.tpl index 7d4eaee8..ea79d57d 100644 --- a/resources/views/user/index.tpl +++ b/resources/views/user/index.tpl @@ -16,7 +16,7 @@
- @if (! $user->verified) + @if (option('require_verification') && !$user->verified) @include('common.email-verification') @endif diff --git a/resources/views/user/profile.tpl b/resources/views/user/profile.tpl index eba4cdf0..9ba93b4e 100644 --- a/resources/views/user/profile.tpl +++ b/resources/views/user/profile.tpl @@ -16,7 +16,7 @@
- @if (! $user->verified) + @if (option('require_verification') && !$user->verified) @include('common.email-verification') @endif diff --git a/tests/AuthControllerTest.php b/tests/AuthControllerTest.php index 5f59c0c3..5d649d58 100644 --- a/tests/AuthControllerTest.php +++ b/tests/AuthControllerTest.php @@ -402,7 +402,7 @@ class AuthControllerTest extends TestCase $this->visit('/auth/forgot')->see('Forgot Password'); config(['mail.driver' => '']); - $this->visit('/auth/forgot')->see(trans('auth.forgot.close')); + $this->visit('/auth/forgot')->see(trans('auth.forgot.disabled')); } public function testHandleForgot() @@ -421,7 +421,7 @@ class AuthControllerTest extends TestCase 'captcha' => 'a' ])->seeJson([ 'errno' => 1, - 'msg' => trans('auth.forgot.close') + 'msg' => trans('auth.forgot.disabled') ]); config(['mail.driver' => 'smtp']); @@ -649,6 +649,12 @@ class AuthControllerTest extends TestCase { $user = factory(User::class, 'unverified')->create(); + // Should be forbidden if account verification is disabled + option(['require_verification' => false]); + $this->visit('/auth/verify') + ->see(trans('user.verification.disabled')); + option(['require_verification' => true]); + // Should be forbidden if `uid` or `token` is empty $this->visit('/auth/verify') ->see(trans('auth.verify.invalid')); diff --git a/tests/MiddlewareTest.php b/tests/MiddlewareTest.php index c2ac8309..0cecfe5f 100644 --- a/tests/MiddlewareTest.php +++ b/tests/MiddlewareTest.php @@ -64,6 +64,14 @@ class MiddlewareTest extends TestCase public function testCheckUserVerified() { + option(['require_verification' => false]); + + $this->actAs('unverified') + ->get('/skinlib/upload') + ->assertResponseOk(); + + option(['require_verification' => true]); + $this->actAs('unverified') ->get('/skinlib/upload') ->assertResponseStatus(403) diff --git a/tests/UserControllerTest.php b/tests/UserControllerTest.php index f066f928..fa1e345e 100644 --- a/tests/UserControllerTest.php +++ b/tests/UserControllerTest.php @@ -32,6 +32,12 @@ class UserControllerTest extends TestCase ->see($user->score); $unverified = factory(User::class, 'unverified')->create(); + + $this->actAs($unverified) + ->visit('/user') + ->dontSee(trans('user.verification.notice.title')); + + option(['require_verification' => true]); $this->actAs($unverified) ->visit('/user') ->see(trans('user.verification.notice.title')); @@ -106,6 +112,16 @@ class UserControllerTest extends TestCase $user = factory(User::class, 'unverified')->create(); $verified = factory(User::class)->create(); + // Should be forbidden if account verification is disabled + option(['require_verification' => false]); + $this->actAs($user) + ->post('/user/email-verification') + ->seeJson([ + 'errno' => 1, + 'msg' => trans('user.verification.disabled') + ]); + option(['require_verification' => true]); + // Too fast $this->actAs($user) ->withSession([