BookStack Code Mirror - bookstack/blob - app/Access/Controllers/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Access\Controllers;
   4
   5 use BookStack\Access\UserInviteService;
   6 use BookStack\Exceptions\UserTokenExpiredException;
   7 use BookStack\Exceptions\UserTokenNotFoundException;
   8 use BookStack\Http\Controllers\Controller;
   9 use BookStack\Users\UserRepo;
  10 use Exception;
  11 use Illuminate\Http\RedirectResponse;
  12 use Illuminate\Http\Request;
  13 use Illuminate\Routing\Redirector;
  14 use Illuminate\Support\Facades\Hash;
  15 use Illuminate\Validation\Rules\Password;
  16
  17 class UserInviteController extends Controller
  18 {
  19     protected UserInviteService $inviteService;
  20     protected UserRepo $userRepo;
  21
  22     /**
  23      * Create a new controller instance.
  24      */
  25     public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
  26     {
  27         $this->middleware('guest');
  28         $this->middleware('guard:standard');
  29
  30         $this->inviteService = $inviteService;
  31         $this->userRepo = $userRepo;
  32     }
  33
  34     /**
  35      * Show the page for the user to set the password for their account.
  36      *
  37      * @throws Exception
  38      */
  39     public function showSetPassword(string $token)
  40     {
  41         try {
  42             $this->inviteService->checkTokenAndGetUserId($token);
  43         } catch (Exception $exception) {
  44             return $this->handleTokenException($exception);
  45         }
  46
  47         return view('auth.invite-set-password', [
  48             'token' => $token,
  49         ]);
  50     }
  51
  52     /**
  53      * Sets the password for an invited user and then grants them access.
  54      *
  55      * @throws Exception
  56      */
  57     public function setPassword(Request $request, string $token)
  58     {
  59         $this->validate($request, [
  60             'password' => ['required', Password::default()],
  61         ]);
  62
  63         try {
  64             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  65         } catch (Exception $exception) {
  66             return $this->handleTokenException($exception);
  67         }
  68
  69         $user = $this->userRepo->getById($userId);
  70         $user->password = Hash::make($request->get('password'));
  71         $user->email_confirmed = true;
  72         $user->save();
  73
  74         $this->inviteService->deleteByUser($user);
  75         $this->showSuccessNotification(trans('auth.user_invite_success_login', ['appName' => setting('app-name')]));
  76
  77         return redirect('/login');
  78     }
  79
  80     /**
  81      * Check and validate the exception thrown when checking an invite token.
  82      *
  83      * @throws Exception
  84      *
  85      * @return RedirectResponse|Redirector
  86      */
  87     protected function handleTokenException(Exception $exception)
  88     {
  89         if ($exception instanceof UserTokenNotFoundException) {
  90             return redirect('/');
  91         }
  92
  93         if ($exception instanceof UserTokenExpiredException) {
  94             $this->showErrorNotification(trans('errors.invite_token_expired'));
  95
  96             return redirect('/password/email');
  97         }
  98
  99         throw $exception;
 100     }
 101 }