From ff1ee2d71f2adad10060bc36d85453f4044f0456 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sat, 5 Sep 2020 17:26:48 +0100 Subject: [PATCH] Updated flow to ensure /register/confirm route is used where needed Was accidentally skipped during previous updates. Will now be used on saml, ldap & standard registration where required. Uses session to know if the email was just sent and, if so, show the confirmation route. --- app/Auth/Access/RegistrationService.php | 1 + app/Http/Middleware/Authenticate.php | 4 ++++ tests/Auth/AuthTest.php | 9 +++++++++ tests/Auth/LdapTest.php | 2 +- tests/Auth/Saml2Test.php | 4 +++- 5 files changed, 18 insertions(+), 2 deletions(-) diff --git a/app/Auth/Access/RegistrationService.php b/app/Auth/Access/RegistrationService.php index 00ad630be..b85f7ffd8 100644 --- a/app/Auth/Access/RegistrationService.php +++ b/app/Auth/Access/RegistrationService.php @@ -74,6 +74,7 @@ class RegistrationService try { $this->emailConfirmationService->sendConfirmation($newUser); + session()->flash('sent-email-confirmation', true); } catch (Exception $e) { $message = trans('auth.email_confirm_send_error'); throw new UserRegistrationException($message, '/register/confirm'); diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php index 9a8affa88..df8c44d35 100644 --- a/app/Http/Middleware/Authenticate.php +++ b/app/Http/Middleware/Authenticate.php @@ -44,6 +44,10 @@ class Authenticate ], 401); } + if (session()->get('sent-email-confirmation') === true) { + return redirect('/register/confirm'); + } + return redirect('/register/confirm/awaiting'); } } diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php index 92dd22ac4..e2b1e0cd6 100644 --- a/tests/Auth/AuthTest.php +++ b/tests/Auth/AuthTest.php @@ -170,6 +170,11 @@ class AuthTest extends BrowserKitTest ->seePageIs('/register/confirm') ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]); + $this->visit('/') + ->seePageIs('/register/confirm/awaiting'); + + auth()->logout(); + $this->visit('/')->seePageIs('/login') ->type($user->email, '#email') ->type($user->password, '#password') @@ -202,6 +207,10 @@ class AuthTest extends BrowserKitTest ->seePageIs('/register/confirm') ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]); + $this->visit('/') + ->seePageIs('/register/confirm/awaiting'); + + auth()->logout(); $this->visit('/')->seePageIs('/login') ->type($user->email, '#email') ->type($user->password, '#password') diff --git a/tests/Auth/LdapTest.php b/tests/Auth/LdapTest.php index 02b33ecd6..3cb39ca2c 100644 --- a/tests/Auth/LdapTest.php +++ b/tests/Auth/LdapTest.php @@ -620,7 +620,7 @@ class LdapTest extends BrowserKitTest ] ]]); - $this->mockUserLogin()->seePageIs('/register/confirm/awaiting'); + $this->mockUserLogin()->seePageIs('/register/confirm'); $this->seeInDatabase('users', [ 'email' => $user->email, 'email_confirmed' => false, diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php index df0bb81c1..7303d4bd8 100644 --- a/tests/Auth/Saml2Test.php +++ b/tests/Auth/Saml2Test.php @@ -304,7 +304,9 @@ class Saml2Test extends TestCase $this->withPost(['SAMLResponse' => $this->acsPostData], function () use ($memberRole, $adminRole) { $acsPost = $this->followingRedirects()->post('/saml2/acs'); - $acsPost->assertSee('Your email address has not yet been confirmed'); + + $this->assertEquals('http://localhost/register/confirm', url()->current()); + $acsPost->assertSee('Please check your email and click the confirmation button to access BookStack.'); $user = User::query()->where('external_auth_id', '=', 'user')->first(); $userRoleIds = $user->roles()->pluck('id');