BookStack Code Mirror - bookstack/blob - app/Http/Middleware/CheckEmailConfirmed.php

   1 <?php
   2
   3 namespace BookStack\Http\Middleware;
   4
   5 use BookStack\Auth\Access\EmailConfirmationService;
   6 use BookStack\Auth\User;
   7 use Closure;
   8
   9 /**
  10  * Check that the user's email address is confirmed.
  11  *
  12  * As of v21.08 this is technically not required but kept as a prevention
  13  * to log out any users that may be logged in but in an "awaiting confirmation" state.
  14  * We'll keep this for a while until it'd be very unlikely for a user to be upgrading from
  15  * a pre-v21.08 version.
  16  *
  17  * Ideally we'd simply invalidate all existing sessions upon update but that has
  18  * proven to be a lot more difficult than expected.
  19  */
  20 class CheckEmailConfirmed
  21 {
  22     protected $confirmationService;
  23
  24     public function __construct(EmailConfirmationService $confirmationService)
  25     {
  26         $this->confirmationService = $confirmationService;
  27     }
  28
  29     /**
  30      * Handle an incoming request.
  31      *
  32      * @param \Illuminate\Http\Request $request
  33      * @param \Closure                 $next
  34      *
  35      * @return mixed
  36      */
  37     public function handle($request, Closure $next)
  38     {
  39         /** @var User $user */
  40         $user = auth()->user();
  41         if (auth()->check() && !$user->email_confirmed && $this->confirmationService->confirmationRequired()) {
  42             auth()->logout();
  43
  44             return redirect()->to('/');
  45         }
  46
  47         return $next($request);
  48     }
  49 }