]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Auth/RegisterController.php
Added crude example of captcha usage
[bookstack] / app / Http / Controllers / Auth / RegisterController.php
index a285899ccb9cfc40eb911933591e18e2d6239df0..cbb014bc3cb2dd8cf997ea533444a79db3af1e48 100644 (file)
@@ -13,12 +13,12 @@ use BookStack\Exceptions\SocialSignInException;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Http\Controllers\Controller;
 use Exception;
+use GuzzleHttp\Client;
 use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Routing\Redirector;
-use Illuminate\View\View;
 use Laravel\Socialite\Contracts\User as SocialUser;
 use Validator;
 
@@ -53,7 +53,7 @@ class RegisterController extends Controller
      * Create a new controller instance.
      *
      * @param SocialAuthService $socialAuthService
-     * @param \BookStack\Auth\EmailConfirmationService $emailConfirmationService
+     * @param EmailConfirmationService $emailConfirmationService
      * @param UserRepo $userRepo
      */
     public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
@@ -116,6 +116,20 @@ class RegisterController extends Controller
         $this->checkRegistrationAllowed();
         $this->validator($request->all())->validate();
 
+        $captcha = $request->get('g-recaptcha-response');
+        $resp = (new Client())->post('https://www.google.com/recaptcha/api/siteverify', [
+            'form_params' => [
+                'response' => $captcha,
+                'secret' => '%%secret_key%%',
+            ]
+        ]);
+        $respBody = json_decode($resp->getBody());
+        if (!$respBody->success) {
+            return redirect()->back()->withInput()->withErrors([
+                'g-recaptcha-response' => 'Did not pass captcha',
+            ]);
+        }
+
         $userData = $request->all();
         return $this->registerUser($userData);
     }
@@ -159,7 +173,7 @@ class RegisterController extends Controller
             $newUser->socialAccounts()->save($socialAccount);
         }
 
-        if ((setting('registration-confirmation') || $registrationRestrict) && !$emailVerified) {
+        if ($this->emailConfirmationService->confirmationRequired() && !$emailVerified) {
             $newUser->save();
 
             try {
@@ -176,66 +190,6 @@ class RegisterController extends Controller
         return redirect($this->redirectPath());
     }
 
-    /**
-     * Show the page to tell the user to check their email
-     * and confirm their address.
-     */
-    public function getRegisterConfirmation()
-    {
-        return view('auth.register-confirm');
-    }
-
-    /**
-     * Confirms an email via a token and logs the user into the system.
-     * @param $token
-     * @return RedirectResponse|Redirector
-     * @throws UserRegistrationException
-     */
-    public function confirmEmail($token)
-    {
-        $confirmation = $this->emailConfirmationService->getEmailConfirmationFromToken($token);
-        $user = $confirmation->user;
-        $user->email_confirmed = true;
-        $user->save();
-        auth()->login($user);
-        session()->flash('success', trans('auth.email_confirm_success'));
-        $this->emailConfirmationService->deleteConfirmationsByUser($user);
-        return redirect($this->redirectPath);
-    }
-
-    /**
-     * Shows a notice that a user's email address has not been confirmed,
-     * Also has the option to re-send the confirmation email.
-     * @return View
-     */
-    public function showAwaitingConfirmation()
-    {
-        return view('auth.user-unconfirmed');
-    }
-
-    /**
-     * Resend the confirmation email
-     * @param Request $request
-     * @return View
-     */
-    public function resendConfirmation(Request $request)
-    {
-        $this->validate($request, [
-            'email' => 'required|email|exists:users,email'
-        ]);
-        $user = $this->userRepo->getByEmail($request->get('email'));
-
-        try {
-            $this->emailConfirmationService->sendConfirmation($user);
-        } catch (Exception $e) {
-            session()->flash('error', trans('auth.email_confirm_send_error'));
-            return redirect('/register/confirm');
-        }
-
-        session()->flash('success', trans('auth.email_confirm_resent'));
-        return redirect('/register/confirm');
-    }
-
     /**
      * Redirect to the social site for authentication intended to register.
      * @param $socialDriver