Leisuretimedock/blessing-skin-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: generate temporary email verification link with email hash included

Browse Source
This commit is contained in:
hans362 2026-01-26 10:07:38 +08:00
parent d70b39f445
commit ba3cc6fe91
No known key found for this signature in database
GPG Key ID: B186D77ABEC2A785
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/AuthController.php
View File

@ -344,20 +344,20 @@ class AuthController extends Controller
return redirect('/user');
}
public function verify(Request $request)
public function verify(Request $request, User $user)
{
if (!option('require_verification')) {
throw new PrettyPageException(trans('user.verification.disabled'), 1);
}
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), sha1($user->email)), 403, trans('auth.verify.invalid'));
return view('auth.verify');
}
public function handleVerify(Request $request, User $user)
{
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), sha1($user->email)), 403, trans('auth.verify.invalid'));
['email' => $email] = $request->validate(['email' => 'required|email']);

2
app/Http/Controllers/UserController.php
View File

@ -157,7 +157,7 @@ class UserController extends Controller
return json(trans('user.verification.verified'), 1);
}
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => sha1($user->email)], false);
try {
Mail::to($user->email)->send(new EmailVerification(url($url)));

2
app/Listeners/SendEmailVerification.php
View File

@ -12,7 +12,7 @@ class SendEmailVerification
public function handle(User $user)
{
if (option('require_verification')) {
$url = URL::signedRoute('auth.verify', ['user' => $user->uid], null, false);
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => sha1($user->email)], false);
try {
Mail::to($user->email)->send(new EmailVerification(url($url)));

4
routes/web.php
View File

@ -41,8 +41,8 @@ Route::prefix('auth')->name('auth.')->group(function () {
Route::post('bind', 'AuthController@fillEmail')->name('verify');
});
Route::get('verify/{user}', 'AuthController@verify')->name('verify');
Route::post('verify/{user}', 'AuthController@handleVerify')->name('handle.verify');
Route::get('verify/{user}/{hash}', 'AuthController@verify')->name('verify');
Route::post('verify/{user}/{hash}', 'AuthController@handleVerify')->name('handle.verify');
});
Route::prefix('user')