BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\LoginService;
   6 use BookStack\Auth\Access\UserInviteService;
   7 use BookStack\Auth\UserRepo;
   8 use BookStack\Exceptions\UserTokenExpiredException;
   9 use BookStack\Exceptions\UserTokenNotFoundException;
  10 use BookStack\Http\Controllers\Controller;
  11 use Exception;
  12 use Illuminate\Http\RedirectResponse;
  13 use Illuminate\Http\Request;
  14 use Illuminate\Routing\Redirector;
  15
  16 class UserInviteController extends Controller
  17 {
  18     protected $inviteService;
  19     protected $loginService;
  20     protected $userRepo;
  21
  22     /**
  23      * Create a new controller instance.
  24      */
  25     public function __construct(UserInviteService $inviteService, LoginService $loginService, UserRepo $userRepo)
  26     {
  27         $this->middleware('guest');
  28         $this->middleware('guard:standard');
  29
  30         $this->inviteService = $inviteService;
  31         $this->loginService = $loginService;
  32         $this->userRepo = $userRepo;
  33     }
  34
  35     /**
  36      * Show the page for the user to set the password for their account.
  37      *
  38      * @throws Exception
  39      */
  40     public function showSetPassword(string $token)
  41     {
  42         try {
  43             $this->inviteService->checkTokenAndGetUserId($token);
  44         } catch (Exception $exception) {
  45             return $this->handleTokenException($exception);
  46         }
  47
  48         return view('auth.invite-set-password', [
  49             'token' => $token,
  50         ]);
  51     }
  52
  53     /**
  54      * Sets the password for an invited user and then grants them access.
  55      *
  56      * @throws Exception
  57      */
  58     public function setPassword(Request $request, string $token)
  59     {
  60         $this->validate($request, [
  61             'password' => 'required|min:8',
  62         ]);
  63
  64         try {
  65             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  66         } catch (Exception $exception) {
  67             return $this->handleTokenException($exception);
  68         }
  69
  70         $user = $this->userRepo->getById($userId);
  71         $user->password = bcrypt($request->get('password'));
  72         $user->email_confirmed = true;
  73         $user->save();
  74
  75         $this->inviteService->deleteByUser($user);
  76         $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')]));
  77         $this->loginService->login($user, auth()->getDefaultDriver());
  78
  79         return redirect('/');
  80     }
  81
  82     /**
  83      * Check and validate the exception thrown when checking an invite token.
  84      *
  85      * @throws Exception
  86      *
  87      * @return RedirectResponse|Redirector
  88      */
  89     protected function handleTokenException(Exception $exception)
  90     {
  91         if ($exception instanceof UserTokenNotFoundException) {
  92             return redirect('/');
  93         }
  94
  95         if ($exception instanceof UserTokenExpiredException) {
  96             $this->showErrorNotification(trans('errors.invite_token_expired'));
  97
  98             return redirect('/password/email');
  99         }
 100
 101         throw $exception;
 102     }
 103 }