6f1b88a6a6
Email confirmation middleware caused more mess than good, As caused priority issues and it depended on auth actions. Instead its now a trai used on auth middlewares. Also used 'EncryptCookies' middleware on API instead of custom decryption in custom middleware since we'd need to do replicate all the same actions anyway. Shouldn't have too much effect since it only actions over cookies that exist, of which none should be there for most API requests. Also split out some large guard functions to be a little more readable and appease codeclimate.
42 lines
No EOL
1.1 KiB
PHP
42 lines
No EOL
1.1 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
trait ChecksForEmailConfirmation
|
|
{
|
|
|
|
/**
|
|
* Check if email confirmation is required and the current user is awaiting confirmation.
|
|
*/
|
|
protected function awaitingEmailConfirmation(): bool
|
|
{
|
|
if (auth()->check()) {
|
|
$requireConfirmation = (setting('registration-confirmation') || setting('registration-restrict'));
|
|
if ($requireConfirmation && !auth()->user()->email_confirmed) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Provide an error response for when the current user's email is not confirmed
|
|
* in a system which requires it.
|
|
*/
|
|
protected function emailConfirmationErrorResponse(Request $request)
|
|
{
|
|
if ($request->wantsJson()) {
|
|
return response()->json([
|
|
'error' => [
|
|
'code' => 401,
|
|
'message' => trans('errors.email_confirmation_awaiting')
|
|
]
|
|
], 401);
|
|
}
|
|
|
|
return redirect('/register/confirm/awaiting');
|
|
}
|
|
} |