Require password update if not set when confirming email

2025-05-24 02:14:21 -04:00 · 2020-06-26 14:20:45 +02:00 · 2020-06-26 14:20:45 +02:00 · c2904d0c92
commit c2904d0c92
parent 0103251534
4 changed files with 84 additions and 9 deletions
--- a/app/Http/Controllers/Traits/VerifiesUserEmail.php
+++ b/app/Http/Controllers/Traits/VerifiesUserEmail.php
@ -15,6 +15,7 @@ namespace App\Http\Controllers\Traits;
 use App\Models\User;
 use App\Utils\Traits\UserSessionAttributes;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;

 /**
 * Class VerifiesUserEmail
@ -30,7 +31,18 @@ trait VerifiesUserEmail
     */
    public function confirm()
    {
-        if ($user = User::whereRaw("BINARY `confirmation_code`= ?", request()->route('confirmation_code'))->first()) {
+        $user = User::where('confirmation_code', request()->confirmation_code)->first();
+        
+        // if ($user = User::whereRaw("BINARY `confirmation_code`= ?", request()->input('confirmation_code'))->first()) {
+
+        if (!$user) {
+            return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);
+        }
+
+        if (is_null($user->password) || empty($user->password)) {
+            return $this->render('auth.confirmation_with_password', ['root' => 'themes']);
+        }
+
        $user->email_verified_at = now();
        $user->confirmation_code = null;
        $user->save();
@ -41,9 +53,27 @@ trait VerifiesUserEmail
        ]);
    }

+    public function confirmWithPassword()
+    {
+        $user = User::where('confirmation_code', request()->confirmation_code)->first();
+
+        if (!$user) {
+            return $this->render('auth.confirmed', ['root' => 'themes', 'message' => ctrans('texts.wrong_confirmation')]);
+        }
+        
+        request()->validate([
+            'password' => ['required', 'min:6', 'confirmed'],
+        ]);
+
+        $user->password = Hash::make(request()->password);
+
+        $user->email_verified_at = now();
+        $user->confirmation_code = null;
+        $user->save();
+
        return $this->render('auth.confirmed', [
            'root' => 'themes',
-            'message' => ctrans('texts.wrong_confirmation'),
+            'message' => ctrans('texts.security_confirmation'),
        ]);
    }
 }
--- a/resources/lang/en/texts.php
+++ b/resources/lang/en/texts.php
@ -3224,4 +3224,5 @@ return [
    'year_invalid' => 'Provided year is not valid.',

    'if_you_need_help' => 'If you need help you can either post to our',
+    'update_password_on_confirm' => 'After updating your password, your account will be confirmed.',
 ];
--- a/resources/views/themes/ninja2020/auth/confirmation_with_password.blade.php
+++ b/resources/views/themes/ninja2020/auth/confirmation_with_password.blade.php
@ -0,0 +1,43 @@
+@extends('portal.ninja2020.layout.clean')
+@section('meta_title', ctrans('texts.set_password'))
+
+@section('body')
+    <div class="flex h-screen">
+        <div class="m-auto md:w-1/3 lg:w-1/5">
+            <div class="flex flex-col">
+                <img src="{{ asset('images/invoiceninja-black-logo-2.png') }}" class="border-b border-gray-100 h-18 pb-4" alt="Invoice Ninja logo">
+                <h1 class="text-center text-3xl mt-10">{{ ctrans('texts.set_password') }}</h1>
+                <span class="text-gray-900 text-sm text-center">{{ ctrans('texts.update_password_on_confirm') }}</span>
+
+                <form action="{{ url()->current() }}" method="post" class="mt-6">
+                    @csrf
+                    <div class="flex flex-col mt-4">
+                        <label for="password" class="input-label">{{ ctrans('texts.password') }}</label>
+                        <input type="password" name="password" id="password"
+                               class="input"
+                               autofocus>
+                        @error('password')
+                        <div class="validation validation-fail">
+                            {{ $message }}
+                        </div>
+                        @enderror
+                    </div>
+                    <div class="flex flex-col mt-4">
+                        <label for="password" class="input-label">{{ ctrans('texts.password') }}</label>
+                        <input type="password" name="password_confirmation" id="password_confirmation"
+                               class="input"
+                               autofocus>
+                        @error('password_confirmation')
+                        <div class="validation validation-fail">
+                            {{ $message }}
+                        </div>
+                        @enderror
+                    </div>
+                    <div class="mt-5">
+                        <button class="button button-primary button-block">{{ ctrans('texts.update') }}</button>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+@endsection
--- a/routes/web.php
+++ b/routes/web.php
@ -30,4 +30,5 @@ Route::post('password/reset', 'Auth\ResetPasswordController@reset')->name('passw
 */
 Route::group(['middleware' => ['url_db']], function () {
    Route::get('/user/confirm/{confirmation_code}', 'UserController@confirm');
+    Route::post('/user/confirm/{confirmation_code}', 'UserController@confirmWithPassword');
 });