Updated email confirmation flow so confirmation is done via POST

[bookstack] / app / Http / Controllers / Auth / ConfirmEmailController.php

diff --git a/app/Http/Controllers/Auth/ConfirmEmailController.php b/app/Http/Controllers/Auth/ConfirmEmailController.php
index c4280448e91c037f04a2e62d1df6a9d50708c7da..b282d0601f31eaab351f971be08d0f0ad6540150 100644 (file)
--- a/app/Http/Controllers/Auth/ConfirmEmailController.php
+++ b/app/Http/Controllers/Auth/ConfirmEmailController.php
@@ -10,16 +10,13 @@ use BookStack\Exceptions\UserTokenExpiredException;
 use BookStack\Exceptions\UserTokenNotFoundException;
 use BookStack\Http\Controllers\Controller;
 use Exception;
-use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
-use Illuminate\Routing\Redirector;
-use Illuminate\View\View;
 
 class ConfirmEmailController extends Controller
 {
-    protected $emailConfirmationService;
-    protected $loginService;
-    protected $userRepo;
+    protected EmailConfirmationService $emailConfirmationService;
+    protected LoginService $loginService;
+    protected UserRepo $userRepo;
 
     /**
      * Create a new controller instance.
@@ -28,8 +25,7 @@ class ConfirmEmailController extends Controller
         EmailConfirmationService $emailConfirmationService,
         LoginService $loginService,
         UserRepo $userRepo
-    )
-    {
+    ) {
         $this->emailConfirmationService = $emailConfirmationService;
         $this->loginService = $loginService;
         $this->userRepo = $userRepo;
@@ -47,44 +43,48 @@ class ConfirmEmailController extends Controller
     /**
      * Shows a notice that a user's email address has not been confirmed,
      * Also has the option to re-send the confirmation email.
-     *
-     * @return View
      */
     public function showAwaiting()
     {
-        return view('auth.user-unconfirmed');
+        $user = $this->loginService->getLastLoginAttemptUser();
+
+        return view('auth.user-unconfirmed', ['user' => $user]);
+    }
+
+    /**
+     * Show the form for a user to provide their positive confirmation of their email.
+     */
+    public function showAcceptForm(string $token)
+    {
+        return view('auth.register-confirm-accept', ['token' => $token]);
     }
 
     /**
      * Confirms an email via a token and logs the user into the system.
      *
-     * @param $token
-     *
      * @throws ConfirmationEmailException
      * @throws Exception
-     *
-     * @return RedirectResponse|Redirector
      */
-    public function confirm($token)
+    public function confirm(Request $request)
     {
-        try {
-            $userId = $this->emailConfirmationService->checkTokenAndGetUserId($token);
-        } catch (Exception $exception) {
-            if ($exception instanceof UserTokenNotFoundException) {
-                $this->showErrorNotification(trans('errors.email_confirmation_invalid'));
+        $validated = $this->validate($request, [
+            'token' => ['required', 'string']
+        ]);
 
-                return redirect('/register');
-            }
+        $token = $validated['token'];
 
-            if ($exception instanceof UserTokenExpiredException) {
-                $user = $this->userRepo->getById($exception->userId);
-                $this->emailConfirmationService->sendConfirmation($user);
-                $this->showErrorNotification(trans('errors.email_confirmation_expired'));
+        try {
+            $userId = $this->emailConfirmationService->checkTokenAndGetUserId($token);
+        } catch (UserTokenNotFoundException $exception) {
+            $this->showErrorNotification(trans('errors.email_confirmation_invalid'));
 
-                return redirect('/register/confirm');
-            }
+            return redirect('/register');
+        } catch (UserTokenExpiredException $exception) {
+            $user = $this->userRepo->getById($exception->userId);
+            $this->emailConfirmationService->sendConfirmation($user);
+            $this->showErrorNotification(trans('errors.email_confirmation_expired'));
 
-            throw $exception;
+            return redirect('/register/confirm');
         }
 
         $user = $this->userRepo->getById($userId);
@@ -93,22 +93,17 @@ class ConfirmEmailController extends Controller
 
         $this->emailConfirmationService->deleteByUser($user);
         $this->showSuccessNotification(trans('auth.email_confirm_success'));
-        $this->loginService->login($user, auth()->getDefaultDriver());
 
-        return redirect('/');
+        return redirect('/login');
     }
 
     /**
      * Resend the confirmation email.
-     *
-     * @param Request $request
-     *
-     * @return View
      */
     public function resend(Request $request)
     {
         $this->validate($request, [
-            'email' => 'required|email|exists:users,email',
+            'email' => ['required', 'email', 'exists:users,email'],
         ]);
         $user = $this->userRepo->getByEmail($request->get('email'));