Merge 3439917b33 into 52f6fefed0
This commit is contained in:
Hans362
GitHub
commit
fd10a596b6
|
|
@ -344,20 +344,20 @@ class AuthController extends Controller
|
|||
return redirect('/user');
|
||||
}
|
||||
|
||||
public function verify(Request $request)
|
||||
public function verify(Request $request, User $user)
|
||||
{
|
||||
if (!option('require_verification')) {
|
||||
throw new PrettyPageException(trans('user.verification.disabled'), 1);
|
||||
}
|
||||
|
||||
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
|
||||
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), hash('sha256', $user->email)), 403, trans('auth.verify.invalid'));
|
||||
|
||||
return view('auth.verify');
|
||||
}
|
||||
|
||||
public function handleVerify(Request $request, User $user)
|
||||
{
|
||||
abort_unless($request->hasValidSignature(false), 403, trans('auth.verify.invalid'));
|
||||
abort_unless($request->hasValidSignature(false) && hash_equals((string)$request->route('hash'), hash('sha256', $user->email)), 403, trans('auth.verify.invalid'));
|
||||
|
||||
['email' => $email] = $request->validate(['email' => 'required|email']);
|
||||
|
||||
|
|
|
|||
|
|
@ -157,7 +157,7 @@ class UserController extends Controller
|
|||
return json(trans('user.verification.verified'), 1);
|
||||
}
|
||||
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
|
||||
try {
|
||||
Mail::to($user->email)->send(new EmailVerification(url($url)));
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ namespace App\Listeners;
|
|||
|
||||
use App\Mail\EmailVerification;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
|
||||
|
|
@ -12,7 +13,7 @@ class SendEmailVerification
|
|||
public function handle(User $user)
|
||||
{
|
||||
if (option('require_verification')) {
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user->uid], null, false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
|
||||
try {
|
||||
Mail::to($user->email)->send(new EmailVerification(url($url)));
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ Route::prefix('auth')->name('auth.')->group(function () {
|
|||
Route::post('bind', 'AuthController@fillEmail')->name('verify');
|
||||
});
|
||||
|
||||
Route::get('verify/{user}', 'AuthController@verify')->name('verify');
|
||||
Route::post('verify/{user}', 'AuthController@handleVerify')->name('handle.verify');
|
||||
Route::get('verify/{user}/{hash}', 'AuthController@verify')->name('verify');
|
||||
Route::post('verify/{user}/{hash}', 'AuthController@handleVerify')->name('handle.verify');
|
||||
});
|
||||
|
||||
Route::prefix('user')
|
||||
|
|
|
|||
|
|
@ -724,7 +724,7 @@ class AuthControllerTest extends TestCase
|
|||
|
||||
public function testVerify()
|
||||
{
|
||||
$url = URL::signedRoute('auth.verify', ['user' => 1], null, false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => 1, 'hash' => hash('sha256', 'a@b.c')], false);
|
||||
|
||||
// should be forbidden if account verification is disabled
|
||||
option(['require_verification' => false]);
|
||||
|
|
@ -732,17 +732,17 @@ class AuthControllerTest extends TestCase
|
|||
option(['require_verification' => true]);
|
||||
|
||||
// invalid link
|
||||
$this->get(route('auth.verify', ['user' => 1]))->assertForbidden();
|
||||
$this->get(route('auth.verify', ['user' => 1, 'hash' => hash('sha256', 'a@b.c')]))->assertForbidden();
|
||||
|
||||
$user = User::factory()->create(['verified' => false]);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
$this->get($url)->assertViewIs('auth.verify');
|
||||
}
|
||||
|
||||
public function testHandleVerify()
|
||||
{
|
||||
$user = User::factory()->create(['verified' => false]);
|
||||
$url = URL::signedRoute('auth.verify', ['user' => $user], null, false);
|
||||
$url = URL::temporarySignedRoute('auth.verify', Carbon::now()->addHour(), ['user' => $user, 'hash' => hash('sha256', $user->email)], false);
|
||||
|
||||
// empty email
|
||||
$this->post($url, [], ['Referer' => $url])->assertRedirect($url);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user