2019-08-18 20:11:30 +08:00
|
|
|
<?php
|
|
|
|
|
2023-05-18 00:56:55 +08:00
|
|
|
namespace BookStack\Access\Controllers;
|
2019-08-18 20:11:30 +08:00
|
|
|
|
2023-05-18 00:56:55 +08:00
|
|
|
use BookStack\Access\UserInviteService;
|
2019-08-18 20:11:30 +08:00
|
|
|
use BookStack\Exceptions\UserTokenExpiredException;
|
|
|
|
use BookStack\Exceptions\UserTokenNotFoundException;
|
|
|
|
use BookStack\Http\Controllers\Controller;
|
2023-05-18 00:56:55 +08:00
|
|
|
use BookStack\Users\UserRepo;
|
2019-08-18 20:11:30 +08:00
|
|
|
use Exception;
|
|
|
|
use Illuminate\Http\RedirectResponse;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
use Illuminate\Routing\Redirector;
|
2022-09-22 23:54:27 +08:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2021-12-19 00:31:48 +08:00
|
|
|
use Illuminate\Validation\Rules\Password;
|
2019-08-18 20:11:30 +08:00
|
|
|
|
|
|
|
class UserInviteController extends Controller
|
|
|
|
{
|
2022-09-22 22:12:05 +08:00
|
|
|
protected UserInviteService $inviteService;
|
|
|
|
protected UserRepo $userRepo;
|
2019-08-18 20:11:30 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new controller instance.
|
|
|
|
*/
|
2021-11-15 18:50:28 +08:00
|
|
|
public function __construct(UserInviteService $inviteService, UserRepo $userRepo)
|
2019-08-18 20:11:30 +08:00
|
|
|
{
|
2020-02-02 21:10:21 +08:00
|
|
|
$this->middleware('guest');
|
|
|
|
$this->middleware('guard:standard');
|
|
|
|
|
2019-08-18 20:11:30 +08:00
|
|
|
$this->inviteService = $inviteService;
|
|
|
|
$this->userRepo = $userRepo;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the page for the user to set the password for their account.
|
2021-06-26 23:23:15 +08:00
|
|
|
*
|
2019-08-18 20:11:30 +08:00
|
|
|
* @throws Exception
|
|
|
|
*/
|
|
|
|
public function showSetPassword(string $token)
|
|
|
|
{
|
|
|
|
try {
|
|
|
|
$this->inviteService->checkTokenAndGetUserId($token);
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
return $this->handleTokenException($exception);
|
|
|
|
}
|
|
|
|
|
|
|
|
return view('auth.invite-set-password', [
|
|
|
|
'token' => $token,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the password for an invited user and then grants them access.
|
2021-06-26 23:23:15 +08:00
|
|
|
*
|
2019-08-18 20:11:30 +08:00
|
|
|
* @throws Exception
|
|
|
|
*/
|
2019-09-16 01:53:30 +08:00
|
|
|
public function setPassword(Request $request, string $token)
|
2019-08-18 20:11:30 +08:00
|
|
|
{
|
|
|
|
$this->validate($request, [
|
2021-12-19 00:31:48 +08:00
|
|
|
'password' => ['required', Password::default()],
|
2019-08-18 20:11:30 +08:00
|
|
|
]);
|
|
|
|
|
|
|
|
try {
|
|
|
|
$userId = $this->inviteService->checkTokenAndGetUserId($token);
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
return $this->handleTokenException($exception);
|
|
|
|
}
|
|
|
|
|
|
|
|
$user = $this->userRepo->getById($userId);
|
2022-09-22 23:54:27 +08:00
|
|
|
$user->password = Hash::make($request->get('password'));
|
2019-08-18 20:11:30 +08:00
|
|
|
$user->email_confirmed = true;
|
|
|
|
$user->save();
|
|
|
|
|
|
|
|
$this->inviteService->deleteByUser($user);
|
2021-11-15 18:50:28 +08:00
|
|
|
$this->showSuccessNotification(trans('auth.user_invite_success_login', ['appName' => setting('app-name')]));
|
2019-08-18 20:11:30 +08:00
|
|
|
|
2021-11-15 18:50:28 +08:00
|
|
|
return redirect('/login');
|
2019-08-18 20:11:30 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check and validate the exception thrown when checking an invite token.
|
2021-06-26 23:23:15 +08:00
|
|
|
*
|
2019-08-18 20:11:30 +08:00
|
|
|
* @throws Exception
|
2021-06-26 23:23:15 +08:00
|
|
|
*
|
|
|
|
* @return RedirectResponse|Redirector
|
2019-08-18 20:11:30 +08:00
|
|
|
*/
|
|
|
|
protected function handleTokenException(Exception $exception)
|
|
|
|
{
|
|
|
|
if ($exception instanceof UserTokenNotFoundException) {
|
|
|
|
return redirect('/');
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($exception instanceof UserTokenExpiredException) {
|
2019-10-05 19:55:01 +08:00
|
|
|
$this->showErrorNotification(trans('errors.invite_token_expired'));
|
2021-06-26 23:23:15 +08:00
|
|
|
|
2019-08-18 20:11:30 +08:00
|
|
|
return redirect('/password/email');
|
|
|
|
}
|
|
|
|
|
|
|
|
throw $exception;
|
|
|
|
}
|
|
|
|
}
|