BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Actions\ActivityType;
   6 use BookStack\Auth\Access\UserInviteService;
   7 use BookStack\Auth\UserRepo;
   8 use BookStack\Exceptions\UserTokenExpiredException;
   9 use BookStack\Exceptions\UserTokenNotFoundException;
  10 use BookStack\Facades\Theme;
  11 use BookStack\Http\Controllers\Controller;
  12 use BookStack\Theming\ThemeEvents;
  13 use Exception;
  14 use Illuminate\Http\RedirectResponse;
  15 use Illuminate\Http\Request;
  16 use Illuminate\Routing\Redirector;
  17
  18 class UserInviteController extends Controller
  19 {
  20     protected $inviteService;
  21     protected $userRepo;
  22
  23     /**
  24      * Create a new controller instance.
  25      */
  26     public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
  27     {
  28         $this->middleware('guest');
  29         $this->middleware('guard:standard');
  30
  31         $this->inviteService = $inviteService;
  32         $this->userRepo = $userRepo;
  33     }
  34
  35     /**
  36      * Show the page for the user to set the password for their account.
  37      *
  38      * @throws Exception
  39      */
  40     public function showSetPassword(string $token)
  41     {
  42         try {
  43             $this->inviteService->checkTokenAndGetUserId($token);
  44         } catch (Exception $exception) {
  45             return $this->handleTokenException($exception);
  46         }
  47
  48         return view('auth.invite-set-password', [
  49             'token' => $token,
  50         ]);
  51     }
  52
  53     /**
  54      * Sets the password for an invited user and then grants them access.
  55      *
  56      * @throws Exception
  57      */
  58     public function setPassword(Request $request, string $token)
  59     {
  60         $this->validate($request, [
  61             'password' => 'required|min:8',
  62         ]);
  63
  64         try {
  65             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  66         } catch (Exception $exception) {
  67             return $this->handleTokenException($exception);
  68         }
  69
  70         $user = $this->userRepo->getById($userId);
  71         $user->password = bcrypt($request->get('password'));
  72         $user->email_confirmed = true;
  73         $user->save();
  74
  75         auth()->login($user);
  76         Theme::dispatch(ThemeEvents::AUTH_LOGIN, auth()->getDefaultDriver(), $user);
  77         $this->logActivity(ActivityType::AUTH_LOGIN, $user);
  78         $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')]));
  79         $this->inviteService->deleteByUser($user);
  80
  81         return redirect('/');
  82     }
  83
  84     /**
  85      * Check and validate the exception thrown when checking an invite token.
  86      *
  87      * @throws Exception
  88      *
  89      * @return RedirectResponse|Redirector
  90      */
  91     protected function handleTokenException(Exception $exception)
  92     {
  93         if ($exception instanceof UserTokenNotFoundException) {
  94             return redirect('/');
  95         }
  96
  97         if ($exception instanceof UserTokenExpiredException) {
  98             $this->showErrorNotification(trans('errors.invite_token_expired'));
  99
 100             return redirect('/password/email');
 101         }
 102
 103         throw $exception;
 104     }
 105 }