invoiceninja/app/Http/Controllers/Traits/VerifiesUserEmail.php

<?php

/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://opensource.org/licenses/AAL
 */

namespace App\Http\Controllers\Traits;

use App\Models\User;
use App\Utils\Traits\UserSessionAttributes;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Hash;

/**
 * Class VerifiesUserEmail.
 */
trait VerifiesUserEmail
{
    use UserSessionAttributes;

    /**
     * @return RedirectResponse
     */
    public function confirm()
    {
        $user = User::where('confirmation_code', request()->confirmation_code)->first();

        // if ($user = User::whereRaw("BINARY `confirmation_code`= ?", request()->input('confirmation_code'))->first()) {

        if (! $user) {
            return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);
        }

        if (is_null($user->password) || empty($user->password)) {
            return $this->render('auth.confirmation_with_password', ['root' => 'themes']);
        }

        $user->email_verified_at = now();
        $user->confirmation_code = null;
        $user->save();

        return $this->render('auth.confirmed', [
            'root' => 'themes',
            'message' => ctrans('texts.security_confirmation'),
        ]);
    }

    public function confirmWithPassword()
    {
        $user = User::where('confirmation_code', request()->confirmation_code)->first();

        if (! $user) {
            return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);
        }

        request()->validate([
            'password' => ['required', 'min:6', 'confirmed'],
        ]);

        $user->password = Hash::make(request()->password);

        $user->email_verified_at = now();
        $user->confirmation_code = null;
        $user->save();

        return $this->render('auth.confirmed', [
            'root' => 'themes',
            'message' => ctrans('texts.security_confirmation'),
        ]);
    }
}
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`<?php`
Show page on account confirmation (#3720) 2020-05-19 14:59:44 +02:00
Update copyright 2019-05-11 05:32:07 +02:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright + version bump + set canadian dollar symbol to $ 2021-01-03 22:54:54 +01:00			`* @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @license https://opensource.org/licenses/AAL`
			`*/`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
			`namespace App\Http\Controllers\Traits;`

			`use App\Models\User;`
Set default company on account creation (#2487) * Fixes for tests * fixes for permissions * Set default company on account creation * Ensure default company ID is registered in session variables * Implement a generic resolver to harvest an entity from encoded value * Laravel Telescope 2018-11-03 02:01:40 +01:00			`use App\Utils\Traits\UserSessionAttributes;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use Illuminate\Http\RedirectResponse;`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`use Illuminate\Support\Facades\Hash;`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
DocBlocks 2019-01-27 00:22:57 +01:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Class VerifiesUserEmail.`
DocBlocks 2019-01-27 00:22:57 +01:00			`*/`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`trait VerifiesUserEmail`
			`{`
Set default company on account creation (#2487) * Fixes for tests * fixes for permissions * Set default company on account creation * Ensure default company ID is registered in session variables * Implement a generic resolver to harvest an entity from encoded value * Laravel Telescope 2018-11-03 02:01:40 +01:00			`use UserSessionAttributes;`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
DocBlocks 2019-01-27 00:22:57 +01:00			`/**`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @return RedirectResponse`
DocBlocks 2019-01-27 00:22:57 +01:00			`*/`
Verify user notification (#3474) 2020-03-11 00:40:10 +01:00			`public function confirm()`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`{`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`$user = User::where('confirmation_code', request()->confirmation_code)->first();`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			// if ($user = User::whereRaw("BINARY `confirmation_code`= ?", request()->input('confirmation_code'))->first()) {

Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! $user) {`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);`
			`}`

			`if (is_null($user->password) \|\| empty($user->password)) {`
			`return $this->render('auth.confirmation_with_password', ['root' => 'themes']);`
			`}`

			`$user->email_verified_at = now();`
			`$user->confirmation_code = null;`
			`$user->save();`

			`return $this->render('auth.confirmed', [`
			`'root' => 'themes',`
			`'message' => ctrans('texts.security_confirmation'),`
			`]);`
			`}`

			`public function confirmWithPassword()`
			`{`
			`$user = User::where('confirmation_code', request()->confirmation_code)->first();`

Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`if (! $user) {`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`}`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`request()->validate([`
			`'password' => ['required', 'min:6', 'confirmed'],`
			`]);`

			`$user->password = Hash::make(request()->password);`

			`$user->email_verified_at = now();`
			`$user->confirmation_code = null;`
			`$user->save();`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
Show page on account confirmation (#3720) 2020-05-19 14:59:44 +02:00			`return $this->render('auth.confirmed', [`
			`'root' => 'themes',`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`'message' => ctrans('texts.security_confirmation'),`
Show page on account confirmation (#3720) 2020-05-19 14:59:44 +02:00			`]);`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`}`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`