Fixed required email confirmation with domain restriction

Added test to cover scenario.

Closes #573

diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 1ba8b97db8a7abaadcccffdadaf54eed94db4366..0fa005e1fbe0b77fee9b997c186602121cdc58e9 100644 (file)
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -53,7 +53,7 @@ class RegisterController extends Controller
      */
     public function __construct(SocialAuthService $socialAuthService, EmailConfirmationService $emailConfirmationService, UserRepo $userRepo)
     {
-        $this->middleware('guest')->except(['socialCallback', 'detachSocialAccount']);
+        $this->middleware('guest')->only(['getRegister', 'postRegister', 'socialRegister']);
         $this->socialAuthService = $socialAuthService;
         $this->emailConfirmationService = $emailConfirmationService;
         $this->userRepo = $userRepo;

diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
index b7801668882cd5726c2adad97312228d7c14913b..c9b2726e8c4eca4f9148f7567a035433bf216879 100644 (file)
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -30,8 +30,11 @@ class Authenticate
      */
     public function handle($request, Closure $next)
     {
-        if ($this->auth->check() && setting('registration-confirmation') && !$this->auth->user()->email_confirmed) {
-            return redirect(baseUrl('/register/confirm/awaiting'));
+        if ($this->auth->check()) {
+            $requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict'));
+            if ($requireConfirmation && !$this->auth->user()->email_confirmed) {
+                return redirect('/register/confirm/awaiting');
+            }
         }
 
         if ($this->auth->guest() && !setting('app-public')) {

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index 4de35faff089c500aa6e0c58b475323d7ba37f94..87339344b9843ff317a2c03913ee2f77eb2563e6 100644 (file)
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -124,6 +124,45 @@ class AuthTest extends BrowserKitTest
             ->press('Create Account')
             ->seePageIs('/register/confirm')
             ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
+
+        $this->visit('/')->seePageIs('/login')
+            ->type($user->email, '#email')
+            ->type($user->password, '#password')
+            ->press('Log In')
+            ->seePageIs('/register/confirm/awaiting')
+            ->seeText('Email Address Not Confirmed');
+    }
+
+    public function test_restricted_registration_with_confirmation_disabled()
+    {
+        $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);
+        $user = factory(\BookStack\User::class)->make();
+        // Go through registration process
+        $this->visit('/register')
+            ->type($user->name, '#name')
+            ->type($user->email, '#email')
+            ->type($user->password, '#password')
+            ->press('Create Account')
+            ->seePageIs('/register')
+            ->dontSeeInDatabase('users', ['email' => $user->email])
+            ->see('That email domain does not have access to this application');
+
+        $user->email = '[email protected]';
+
+        $this->visit('/register')
+            ->type($user->name, '#name')
+            ->type($user->email, '#email')
+            ->type($user->password, '#password')
+            ->press('Create Account')
+            ->seePageIs('/register/confirm')
+            ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
+
+        $this->visit('/')->seePageIs('/login')
+            ->type($user->email, '#email')
+            ->type($user->password, '#password')
+            ->press('Log In')
+            ->seePageIs('/register/confirm/awaiting')
+            ->seeText('Email Address Not Confirmed');
     }
 
     public function test_user_creation()