BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\UserInviteService;
   6 use BookStack\Auth\UserRepo;
   7 use BookStack\Exceptions\UserTokenExpiredException;
   8 use BookStack\Exceptions\UserTokenNotFoundException;
   9 use BookStack\Http\Controllers\Controller;
  10 use Exception;
  11 use Illuminate\Http\RedirectResponse;
  12 use Illuminate\Http\Request;
  13 use Illuminate\Routing\Redirector;
  14
  15 class UserInviteController extends Controller
  16 {
  17     protected $inviteService;
  18     protected $userRepo;
  19
  20     /**
  21      * Create a new controller instance.
  22      */
  23     public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
  24     {
  25         $this->middleware('guest');
  26         $this->middleware('guard:standard');
  27
  28         $this->inviteService = $inviteService;
  29         $this->userRepo = $userRepo;
  30
  31         parent::__construct();
  32     }
  33
  34     /**
  35      * Show the page for the user to set the password for their account.
  36      * @throws Exception
  37      */
  38     public function showSetPassword(string $token)
  39     {
  40         try {
  41             $this->inviteService->checkTokenAndGetUserId($token);
  42         } catch (Exception $exception) {
  43             return $this->handleTokenException($exception);
  44         }
  45
  46         return view('auth.invite-set-password', [
  47             'token' => $token,
  48         ]);
  49     }
  50
  51     /**
  52      * Sets the password for an invited user and then grants them access.
  53      * @throws Exception
  54      */
  55     public function setPassword(Request $request, string $token)
  56     {
  57         $this->validate($request, [
  58             'password' => 'required|min:8'
  59         ]);
  60
  61         try {
  62             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  63         } catch (Exception $exception) {
  64             return $this->handleTokenException($exception);
  65         }
  66
  67         $user = $this->userRepo->getById($userId);
  68         $user->password = bcrypt($request->get('password'));
  69         $user->email_confirmed = true;
  70         $user->save();
  71
  72         auth()->login($user);
  73         $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')]));
  74         $this->inviteService->deleteByUser($user);
  75
  76         return redirect('/');
  77     }
  78
  79     /**
  80      * Check and validate the exception thrown when checking an invite token.
  81      * @return RedirectResponse|Redirector
  82      * @throws Exception
  83      */
  84     protected function handleTokenException(Exception $exception)
  85     {
  86         if ($exception instanceof UserTokenNotFoundException) {
  87             return redirect('/');
  88         }
  89
  90         if ($exception instanceof UserTokenExpiredException) {
  91             $this->showErrorNotification(trans('errors.invite_token_expired'));
  92             return redirect('/password/email');
  93         }
  94
  95         throw $exception;
  96     }
  97 }