X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/cd6572b61af2165133468d2562d04dffdca8fca8..refs/pull/1719/head:/app/Http/Controllers/Auth/RegisterController.php diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 8b0ef309a..304d3bed2 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -2,19 +2,26 @@ namespace BookStack\Http\Controllers\Auth; -use BookStack\Exceptions\ConfirmationEmailException; +use BookStack\Auth\Access\EmailConfirmationService; +use BookStack\Auth\Access\SocialAuthService; +use BookStack\Auth\SocialAccount; +use BookStack\Auth\User; +use BookStack\Auth\UserRepo; +use BookStack\Exceptions\SocialDriverNotConfigured; +use BookStack\Exceptions\SocialSignInAccountNotUsed; use BookStack\Exceptions\SocialSignInException; use BookStack\Exceptions\UserRegistrationException; -use BookStack\Repos\UserRepo; -use BookStack\Services\EmailConfirmationService; -use BookStack\Services\SocialAuthService; -use BookStack\User; +use BookStack\Http\Controllers\Controller; use Exception; +use Illuminate\Foundation\Auth\RegistersUsers; +use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; use Illuminate\Http\Response; +use Illuminate\Routing\Redirector; +use Illuminate\Support\Facades\Hash; +use Illuminate\Support\Str; +use Laravel\Socialite\Contracts\User as SocialUser; use Validator; -use BookStack\Http\Controllers\Controller; -use Illuminate\Foundation\Auth\RegistersUsers; class RegisterController extends Controller { @@ -52,12 +59,12 @@ class RegisterController extends Controller */ public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo) { - $this->middleware('guest')->except(['socialCallback', 'detachSocialAccount']); + $this->middleware('guest')->only(['getRegister', 'postRegister', 'socialRegister']); $this->socialAuthService = $socialAuthService; $this->emailConfirmationService = $emailConfirmationService; $this->userRepo = $userRepo; - $this->redirectTo = baseUrl('/'); - $this->redirectPath = baseUrl('/'); + $this->redirectTo = url('/'); + $this->redirectPath = url('/'); parent::__construct(); } @@ -70,9 +77,9 @@ class RegisterController extends Controller protected function validator(array $data) { return Validator::make($data, [ - 'name' => 'required|max:255', + 'name' => 'required|min:2|max:255', 'email' => 'required|email|max:255|unique:users', - 'password' => 'required|min:6', + 'password' => 'required|min:8', ]); } @@ -90,6 +97,7 @@ class RegisterController extends Controller /** * Show the application registration form. * @return Response + * @throws UserRegistrationException */ public function getRegister() { @@ -100,21 +108,14 @@ class RegisterController extends Controller /** * Handle a registration request for the application. - * @param Request|\Illuminate\Http\Request $request - * @return Response + * @param Request|Request $request + * @return RedirectResponse|Redirector * @throws UserRegistrationException - * @throws \Illuminate\Foundation\Validation\ValidationException */ public function postRegister(Request $request) { $this->checkRegistrationAllowed(); - $validator = $this->validator($request->all()); - - if ($validator->fails()) { - $this->throwValidationException( - $request, $validator - ); - } + $this->validator($request->all())->validate(); $userData = $request->all(); return $this->registerUser($userData); @@ -130,7 +131,7 @@ class RegisterController extends Controller return User::create([ 'name' => $data['name'], 'email' => $data['email'], - 'password' => bcrypt($data['password']), + 'password' => Hash::make($data['password']), ]); } @@ -138,107 +139,50 @@ class RegisterController extends Controller * The registrations flow for all users. * @param array $userData * @param bool|false|SocialAccount $socialAccount - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + * @param bool $emailVerified + * @return RedirectResponse|Redirector * @throws UserRegistrationException - * @throws ConfirmationEmailException */ - protected function registerUser(array $userData, $socialAccount = false) + protected function registerUser(array $userData, $socialAccount = false, $emailVerified = false) { - if (setting('registration-restrict')) { - $restrictedEmailDomains = explode(',', str_replace(' ', '', setting('registration-restrict'))); - $userEmailDomain = $domain = substr(strrchr($userData['email'], "@"), 1); + $registrationRestrict = setting('registration-restrict'); + + if ($registrationRestrict) { + $restrictedEmailDomains = explode(',', str_replace(' ', '', $registrationRestrict)); + $userEmailDomain = $domain = mb_substr(mb_strrchr($userData['email'], "@"), 1); if (!in_array($userEmailDomain, $restrictedEmailDomains)) { throw new UserRegistrationException(trans('auth.registration_email_domain_invalid'), '/register'); } } - $newUser = $this->userRepo->registerNew($userData); + $newUser = $this->userRepo->registerNew($userData, $emailVerified); if ($socialAccount) { $newUser->socialAccounts()->save($socialAccount); } - if (setting('registration-confirmation') || setting('registration-restrict')) { + if ($this->emailConfirmationService->confirmationRequired() && !$emailVerified) { $newUser->save(); try { $this->emailConfirmationService->sendConfirmation($newUser); } catch (Exception $e) { - session()->flash('error', trans('auth.email_confirm_send_error')); + $this->showErrorNotification(trans('auth.email_confirm_send_error')); } return redirect('/register/confirm'); } auth()->login($newUser); - session()->flash('success', trans('auth.register_success')); + $this->showSuccessNotification(trans('auth.register_success')); return redirect($this->redirectPath()); } - /** - * Show the page to tell the user to check their email - * and confirm their address. - */ - public function getRegisterConfirmation() - { - return view('auth/register-confirm'); - } - - /** - * Confirms an email via a token and logs the user into the system. - * @param $token - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector - * @throws UserRegistrationException - */ - public function confirmEmail($token) - { - $confirmation = $this->emailConfirmationService->getEmailConfirmationFromToken($token); - $user = $confirmation->user; - $user->email_confirmed = true; - $user->save(); - auth()->login($user); - session()->flash('success', trans('auth.email_confirm_success')); - $this->emailConfirmationService->deleteConfirmationsByUser($user); - return redirect($this->redirectPath); - } - - /** - * Shows a notice that a user's email address has not been confirmed, - * Also has the option to re-send the confirmation email. - * @return \Illuminate\View\View - */ - public function showAwaitingConfirmation() - { - return view('auth/user-unconfirmed'); - } - - /** - * Resend the confirmation email - * @param Request $request - * @return \Illuminate\View\View - */ - public function resendConfirmation(Request $request) - { - $this->validate($request, [ - 'email' => 'required|email|exists:users,email' - ]); - $user = $this->userRepo->getByEmail($request->get('email')); - - try { - $this->emailConfirmationService->sendConfirmation($user); - } catch (Exception $e) { - session()->flash('error', trans('auth.email_confirm_send_error')); - return redirect('/register/confirm'); - } - - $this->emailConfirmationService->sendConfirmation($user); - session()->flash('success', trans('auth.email_confirm_resent')); - return redirect('/register/confirm'); - } - /** * Redirect to the social site for authentication intended to register. * @param $socialDriver * @return mixed + * @throws UserRegistrationException + * @throws SocialDriverNotConfigured */ public function socialRegister($socialDriver) { @@ -249,29 +193,53 @@ class RegisterController extends Controller /** * The callback for social login services. - * @param $socialDriver - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + * @param Request $request + * @param string $socialDriver + * @return RedirectResponse|Redirector * @throws SocialSignInException + * @throws UserRegistrationException + * @throws SocialDriverNotConfigured */ - public function socialCallback($socialDriver) + public function socialCallback(Request $request, string $socialDriver) { - if (session()->has('social-callback')) { - $action = session()->pull('social-callback'); - if ($action == 'login') { - return $this->socialAuthService->handleLoginCallback($socialDriver); - } elseif ($action == 'register') { - return $this->socialRegisterCallback($socialDriver); - } - } else { + if (!session()->has('social-callback')) { throw new SocialSignInException(trans('errors.social_no_action_defined'), '/login'); } + + // Check request for error information + if ($request->has('error') && $request->has('error_description')) { + throw new SocialSignInException(trans('errors.social_login_bad_response', [ + 'socialAccount' => $socialDriver, + 'error' => $request->get('error_description'), + ]), '/login'); + } + + $action = session()->pull('social-callback'); + + // Attempt login or fall-back to register if allowed. + $socialUser = $this->socialAuthService->getSocialUser($socialDriver); + if ($action == 'login') { + try { + return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser); + } catch (SocialSignInAccountNotUsed $exception) { + if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) { + return $this->socialRegisterCallback($socialDriver, $socialUser); + } + throw $exception; + } + } + + if ($action == 'register') { + return $this->socialRegisterCallback($socialDriver, $socialUser); + } + return redirect()->back(); } /** * Detach a social account from a user. * @param $socialDriver - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + * @return RedirectResponse|Redirector */ public function detachSocialAccount($socialDriver) { @@ -280,22 +248,23 @@ class RegisterController extends Controller /** * Register a new user after a registration callback. - * @param $socialDriver - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + * @param string $socialDriver + * @param SocialUser $socialUser + * @return RedirectResponse|Redirector * @throws UserRegistrationException */ - protected function socialRegisterCallback($socialDriver) + protected function socialRegisterCallback(string $socialDriver, SocialUser $socialUser) { - $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver); + $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser); $socialAccount = $this->socialAuthService->fillSocialAccount($socialDriver, $socialUser); + $emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver); // Create an array of the user data to create a new user instance $userData = [ 'name' => $socialUser->getName(), 'email' => $socialUser->getEmail(), - 'password' => str_random(30) + 'password' => Str::random(30) ]; - return $this->registerUser($userData, $socialAccount); + return $this->registerUser($userData, $socialAccount, $emailVerified); } - -} \ No newline at end of file +}