BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\UserInviteService;
   6 use BookStack\Auth\UserRepo;
   7 use BookStack\Exceptions\UserTokenExpiredException;
   8 use BookStack\Exceptions\UserTokenNotFoundException;
   9 use BookStack\Http\Controllers\Controller;
  10 use Exception;
  11 use Illuminate\Contracts\View\Factory;
  12 use Illuminate\Http\RedirectResponse;
  13 use Illuminate\Http\Request;
  14 use Illuminate\Routing\Redirector;
  15 use Illuminate\View\View;
  16
  17 class UserInviteController extends Controller
  18 {
  19     protected $inviteService;
  20     protected $userRepo;
  21
  22     /**
  23      * Create a new controller instance.
  24      *
  25      * @param UserInviteService $inviteService
  26      * @param UserRepo $userRepo
  27      */
  28     public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
  29     {
  30         $this->inviteService = $inviteService;
  31         $this->userRepo = $userRepo;
  32         $this->middleware('guest');
  33         parent::__construct();
  34     }
  35
  36     /**
  37      * Show the page for the user to set the password for their account.
  38      * @param string $token
  39      * @return Factory|View|RedirectResponse
  40      * @throws Exception
  41      */
  42     public function showSetPassword(string $token)
  43     {
  44         try {
  45             $this->inviteService->checkTokenAndGetUserId($token);
  46         } catch (Exception $exception) {
  47             return $this->handleTokenException($exception);
  48         }
  49
  50         return view('auth.invite-set-password', [
  51             'token' => $token,
  52         ]);
  53     }
  54
  55     /**
  56      * Sets the password for an invited user and then grants them access.
  57      * @param string $token
  58      * @param Request $request
  59      * @return RedirectResponse|Redirector
  60      * @throws Exception
  61      */
  62     public function setPassword(string $token, Request $request)
  63     {
  64         $this->validate($request, [
  65             'password' => 'required|min:6'
  66         ]);
  67
  68         try {
  69             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  70         } catch (Exception $exception) {
  71             return $this->handleTokenException($exception);
  72         }
  73
  74         $user = $this->userRepo->getById($userId);
  75         $user->password = bcrypt($request->get('password'));
  76         $user->email_confirmed = true;
  77         $user->save();
  78
  79         auth()->login($user);
  80         session()->flash('success', trans('auth.user_invite_success', ['appName' => setting('app-name')]));
  81         $this->inviteService->deleteByUser($user);
  82
  83         return redirect('/');
  84     }
  85
  86     /**
  87      * Check and validate the exception thrown when checking an invite token.
  88      * @param Exception $exception
  89      * @return RedirectResponse|Redirector
  90      * @throws Exception
  91      */
  92     protected function handleTokenException(Exception $exception)
  93     {
  94         if ($exception instanceof UserTokenNotFoundException) {
  95             return redirect('/');
  96         }
  97
  98         if ($exception instanceof UserTokenExpiredException) {
  99             session()->flash('error', trans('errors.invite_token_expired'));
 100             return redirect('/password/email');
 101         }
 102
 103         throw $exception;
 104     }
 105
 106 }