invoiceninja/app/Http/Controllers/Traits/VerifiesUserEmail.php

<?php

/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://www.elastic.co/licensing/elastic-license
 */

namespace App\Http\Controllers\Traits;

use App\Models\User;
use App\Utils\Traits\MakesHash;
use App\Utils\Traits\UserSessionAttributes;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;

/**
 * Class VerifiesUserEmail.
 */
trait VerifiesUserEmail
{
    use UserSessionAttributes;
    use MakesHash;

    /**
     * @return RedirectResponse
     */
    public function confirm()
    {
        $user = User::where('confirmation_code', request()->confirmation_code)->first();

        if (! $user) {
            return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);
        }

        $user->email_verified_at = now();
        // $user->confirmation_code = null; //this prevented the form from showing validation errors.
        $user->save();

        if (isset($user->oauth_user_id)) {
            return $this->render('auth.confirmed', [
                'root' => 'themes',
                'message' => ctrans('texts.security_confirmation'),
            ]);
        }

        if (is_null($user->password) || empty($user->password) || Hash::check('', $user->password)) {
            return $this->render('auth.confirmation_with_password', ['root' => 'themes', 'user_id' => $user->hashed_id]);
        }

        return $this->render('auth.confirmed', [
            'root' => 'themes',
            'message' => ctrans('texts.security_confirmation'),
        ]);
    }

    public function confirmWithPassword()
    {
        $user = User::where('id', $this->decodePrimaryKey(request()->user_id))->firstOrFail();

        $validator = Validator::make(request()->all(), [
            //'password' => ['required', 'min:6'],
            'password' => 'min:6|required_with:password_confirmation|same:password_confirmation',
            'password_confirmation' => 'min:6'
        ]);

        if ($validator->fails()) {
            return back()
                        ->withErrors($validator)
                        ->withInput();
        }

        $user->password = Hash::make(request()->password);

        $user->email_verified_at = now();
        $user->confirmation_code = null;
        $user->save();

        return $this->render('auth.confirmed', [
            'root' => 'themes',
            'message' => ctrans('texts.security_confirmation'),
        ]);
    }
}
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`<?php`
Show page on account confirmation (#3720) 2020-05-19 14:59:44 +02:00
Update copyright 2019-05-11 05:32:07 +02:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright year 2023-01-28 23:21:40 +01:00			`* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
Update license in codebase 2021-06-16 08:58:16 +02:00			`* @license https://www.elastic.co/licensing/elastic-license`
Update copyright 2019-05-11 05:32:07 +02:00			`*/`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
			`namespace App\Http\Controllers\Traits;`

			`use App\Models\User;`
Set password for new users 2021-04-08 06:35:02 +02:00			`use App\Utils\Traits\MakesHash;`
Set default company on account creation (#2487) * Fixes for tests * fixes for permissions * Set default company on account creation * Ensure default company ID is registered in session variables * Implement a generic resolver to harvest an entity from encoded value * Laravel Telescope 2018-11-03 02:01:40 +01:00			`use App\Utils\Traits\UserSessionAttributes;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use Illuminate\Http\RedirectResponse;`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`use Illuminate\Support\Facades\Hash;`
Fixes for password confirmation validation form 2022-08-10 23:50:45 +02:00			`use Illuminate\Support\Facades\Validator;`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
DocBlocks 2019-01-27 00:22:57 +01:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Class VerifiesUserEmail.`
DocBlocks 2019-01-27 00:22:57 +01:00			`*/`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`trait VerifiesUserEmail`
			`{`
Set default company on account creation (#2487) * Fixes for tests * fixes for permissions * Set default company on account creation * Ensure default company ID is registered in session variables * Implement a generic resolver to harvest an entity from encoded value * Laravel Telescope 2018-11-03 02:01:40 +01:00			`use UserSessionAttributes;`
Set password for new users 2021-04-08 06:35:02 +02:00			`use MakesHash;`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
DocBlocks 2019-01-27 00:22:57 +01:00			`/**`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @return RedirectResponse`
DocBlocks 2019-01-27 00:22:57 +01:00			`*/`
Verify user notification (#3474) 2020-03-11 00:40:10 +01:00			`public function confirm()`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`{`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`$user = User::where('confirmation_code', request()->confirmation_code)->first();`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
			`if (! $user) {`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);`
			`}`

			`$user->email_verified_at = now();`
Fixes for password confirmation validation form 2022-08-10 23:50:45 +02:00			`// $user->confirmation_code = null; //this prevented the form from showing validation errors.`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`$user->save();`

Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`if (isset($user->oauth_user_id)) {`
Adjustments for recurring invoice cron 2021-04-21 05:54:10 +02:00			`return $this->render('auth.confirmed', [`
			`'root' => 'themes',`
			`'message' => ctrans('texts.security_confirmation'),`
			`]);`
			`}`

Set password for new users 2021-04-08 06:35:02 +02:00			`if (is_null($user->password) \|\| empty($user->password) \|\| Hash::check('', $user->password)) {`
			`return $this->render('auth.confirmation_with_password', ['root' => 'themes', 'user_id' => $user->hashed_id]);`
			`}`

Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`return $this->render('auth.confirmed', [`
			`'root' => 'themes',`
			`'message' => ctrans('texts.security_confirmation'),`
			`]);`
			`}`

			`public function confirmWithPassword()`
			`{`
Set password for new users 2021-04-08 06:35:02 +02:00			`$user = User::where('id', $this->decodePrimaryKey(request()->user_id))->firstOrFail();`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Fixes for password confirmation validation form 2022-08-10 23:50:45 +02:00			`$validator = Validator::make(request()->all(), [`
Fixes for confirmation password verification: 2022-08-10 23:36:16 +02:00			`//'password' => ['required', 'min:6'],`
			`'password' => 'min:6\|required_with:password_confirmation\|same:password_confirmation',`
			`'password_confirmation' => 'min:6'`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`]);`

Fixes for password confirmation validation form 2022-08-10 23:50:45 +02:00			`if ($validator->fails()) {`
			`return back()`
			`->withErrors($validator)`
			`->withInput();`
			`}`

Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`$user->password = Hash::make(request()->password);`

			`$user->email_verified_at = now();`
			`$user->confirmation_code = null;`
			`$user->save();`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00
Show page on account confirmation (#3720) 2020-05-19 14:59:44 +02:00			`return $this->render('auth.confirmed', [`
			`'root' => 'themes',`
Require password update if not set when confirming email 2020-06-26 14:20:45 +02:00			`'message' => ctrans('texts.security_confirmation'),`
Show page on account confirmation (#3720) 2020-05-19 14:59:44 +02:00			`]);`
Tests, Multi-DB support for incoming URLs (#2466) * Tests for authentication * Add db field to company table (required if we are doing jobs without an auth()->user() ) * Add Laravel Dusk for browser testing, add ability to set DB by incoming URL Hash 2018-10-24 12:24:09 +02:00			`}`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`}`