BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Actions\ActivityType;
   6 use BookStack\Auth\Access\UserInviteService;
   7 use BookStack\Auth\UserRepo;
   8 use BookStack\Exceptions\UserTokenExpiredException;
   9 use BookStack\Exceptions\UserTokenNotFoundException;
  10 use BookStack\Facades\Theme;
  11 use BookStack\Http\Controllers\Controller;
  12 use BookStack\Theming\ThemeEvents;
  13 use Exception;
  14 use Illuminate\Http\RedirectResponse;
  15 use Illuminate\Http\Request;
  16 use Illuminate\Routing\Redirector;
  17
  18 class UserInviteController extends Controller
  19 {
  20     protected $inviteService;
  21     protected $userRepo;
  22
  23     /**
  24      * Create a new controller instance.
  25      */
  26     public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
  27     {
  28         $this->middleware('guest');
  29         $this->middleware('guard:standard');
  30
  31         $this->inviteService = $inviteService;
  32         $this->userRepo = $userRepo;
  33     }
  34
  35     /**
  36      * Show the page for the user to set the password for their account.
  37      * @throws Exception
  38      */
  39     public function showSetPassword(string $token)
  40     {
  41         try {
  42             $this->inviteService->checkTokenAndGetUserId($token);
  43         } catch (Exception $exception) {
  44             return $this->handleTokenException($exception);
  45         }
  46
  47         return view('auth.invite-set-password', [
  48             'token' => $token,
  49         ]);
  50     }
  51
  52     /**
  53      * Sets the password for an invited user and then grants them access.
  54      * @throws Exception
  55      */
  56     public function setPassword(Request $request, string $token)
  57     {
  58         $this->validate($request, [
  59             'password' => 'required|min:8'
  60         ]);
  61
  62         try {
  63             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  64         } catch (Exception $exception) {
  65             return $this->handleTokenException($exception);
  66         }
  67
  68         $user = $this->userRepo->getById($userId);
  69         $user->password = bcrypt($request->get('password'));
  70         $user->email_confirmed = true;
  71         $user->save();
  72
  73         auth()->login($user);
  74         Theme::dispatch(ThemeEvents::AUTH_LOGIN, auth()->getDefaultDriver(), $user);
  75         $this->logActivity(ActivityType::AUTH_LOGIN, $user);
  76         $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')]));
  77         $this->inviteService->deleteByUser($user);
  78
  79         return redirect('/');
  80     }
  81
  82     /**
  83      * Check and validate the exception thrown when checking an invite token.
  84      * @return RedirectResponse|Redirector
  85      * @throws Exception
  86      */
  87     protected function handleTokenException(Exception $exception)
  88     {
  89         if ($exception instanceof UserTokenNotFoundException) {
  90             return redirect('/');
  91         }
  92
  93         if ($exception instanceof UserTokenExpiredException) {
  94             $this->showErrorNotification(trans('errors.invite_token_expired'));
  95             return redirect('/password/email');
  96         }
  97
  98         throw $exception;
  99     }
 100 }