X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/4099/head:/app/Http/Controllers/Auth/UserInviteController.php

diff --git a/app/Http/Controllers/Auth/UserInviteController.php b/app/Http/Controllers/Auth/UserInviteController.php
index 926458fa6..5b3bba6ff 100644
--- a/app/Http/Controllers/Auth/UserInviteController.php
+++ b/app/Http/Controllers/Auth/UserInviteController.php
@@ -11,11 +11,13 @@ use Exception;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Redirector;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\Rules\Password;
 
 class UserInviteController extends Controller
 {
-    protected $inviteService;
-    protected $userRepo;
+    protected UserInviteService $inviteService;
+    protected UserRepo $userRepo;
 
     /**
      * Create a new controller instance.
@@ -31,6 +33,7 @@ class UserInviteController extends Controller
 
     /**
      * Show the page for the user to set the password for their account.
+     *
      * @throws Exception
      */
     public function showSetPassword(string $token)
@@ -48,12 +51,13 @@ class UserInviteController extends Controller
 
     /**
      * Sets the password for an invited user and then grants them access.
+     *
      * @throws Exception
      */
     public function setPassword(Request $request, string $token)
     {
         $this->validate($request, [
-            'password' => 'required|min:8'
+            'password' => ['required', Password::default()],
         ]);
 
         try {
@@ -63,21 +67,22 @@ class UserInviteController extends Controller
         }
 
         $user = $this->userRepo->getById($userId);
-        $user->password = bcrypt($request->get('password'));
+        $user->password = Hash::make($request->get('password'));
         $user->email_confirmed = true;
         $user->save();
 
-        auth()->login($user);
-        $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')]));
         $this->inviteService->deleteByUser($user);
+        $this->showSuccessNotification(trans('auth.user_invite_success_login', ['appName' => setting('app-name')]));
 
-        return redirect('/');
+        return redirect('/login');
     }
 
     /**
      * Check and validate the exception thrown when checking an invite token.
-     * @return RedirectResponse|Redirector
+     *
      * @throws Exception
+     *
+     * @return RedirectResponse|Redirector
      */
     protected function handleTokenException(Exception $exception)
     {
@@ -87,6 +92,7 @@ class UserInviteController extends Controller
 
         if ($exception instanceof UserTokenExpiredException) {
             $this->showErrorNotification(trans('errors.invite_token_expired'));
+
             return redirect('/password/email');
         }