BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/UserInviteController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Auth\Access\UserInviteService;
   6 use BookStack\Auth\UserRepo;
   7 use BookStack\Exceptions\UserTokenExpiredException;
   8 use BookStack\Exceptions\UserTokenNotFoundException;
   9 use BookStack\Http\Controllers\Controller;
  10 use Exception;
  11 use Illuminate\Http\RedirectResponse;
  12 use Illuminate\Http\Request;
  13 use Illuminate\Routing\Redirector;
  14
  15 class UserInviteController extends Controller
  16 {
  17     protected $inviteService;
  18     protected $userRepo;
  19
  20     /**
  21      * Create a new controller instance.
  22      */
  23     public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
  24     {
  25         $this->middleware('guest');
  26         $this->middleware('guard:standard');
  27
  28         $this->inviteService = $inviteService;
  29         $this->userRepo = $userRepo;
  30     }
  31
  32     /**
  33      * Show the page for the user to set the password for their account.
  34      * @throws Exception
  35      */
  36     public function showSetPassword(string $token)
  37     {
  38         try {
  39             $this->inviteService->checkTokenAndGetUserId($token);
  40         } catch (Exception $exception) {
  41             return $this->handleTokenException($exception);
  42         }
  43
  44         return view('auth.invite-set-password', [
  45             'token' => $token,
  46         ]);
  47     }
  48
  49     /**
  50      * Sets the password for an invited user and then grants them access.
  51      * @throws Exception
  52      */
  53     public function setPassword(Request $request, string $token)
  54     {
  55         $this->validate($request, [
  56             'password' => 'required|min:8'
  57         ]);
  58
  59         try {
  60             $userId = $this->inviteService->checkTokenAndGetUserId($token);
  61         } catch (Exception $exception) {
  62             return $this->handleTokenException($exception);
  63         }
  64
  65         $user = $this->userRepo->getById($userId);
  66         $user->password = bcrypt($request->get('password'));
  67         $user->email_confirmed = true;
  68         $user->save();
  69
  70         auth()->login($user);
  71         $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')]));
  72         $this->inviteService->deleteByUser($user);
  73
  74         return redirect('/');
  75     }
  76
  77     /**
  78      * Check and validate the exception thrown when checking an invite token.
  79      * @return RedirectResponse|Redirector
  80      * @throws Exception
  81      */
  82     protected function handleTokenException(Exception $exception)
  83     {
  84         if ($exception instanceof UserTokenNotFoundException) {
  85             return redirect('/');
  86         }
  87
  88         if ($exception instanceof UserTokenExpiredException) {
  89             $this->showErrorNotification(trans('errors.invite_token_expired'));
  90             return redirect('/password/email');
  91         }
  92
  93         throw $exception;
  94     }
  95 }