github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-05-24 23:59:57 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve email changing/confirmation stuff

Browse Source
This commit is contained in:
Toby Zerner
2015-05-27 16:24:54 +09:30
parent 8f0989fb80
commit 696bfe5a07
18 changed files with 262 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
js/forum/src/components/change-email-modal.js
View File

@ -5,19 +5,37 @@ export default class ChangeEmailModal extends FormModal {
constructor(props) { constructor(props) {
super(props); super(props);
this.success = m.prop(false);
this.email = m.prop(app.session.user().email()); this.email = m.prop(app.session.user().email());
} }
view() { view() {
if (this.success()) {
var emailProviderName = this.email().split('@')[1];
}
var disabled = this.loading();
return super.view({ return super.view({
className: 'modal-sm change-email-modal', className: 'modal-sm change-email-modal',
title: 'Change Email', title: 'Change Email',
body: [ body: this.success()
? [
m('p.help-text', 'We\'ve sent a confirmation email to ', m('strong', this.email()), '. If it doesn\'t arrive soon, check your spam folder.'),
m('div.form-group', [ m('div.form-group', [
m('input.form-control[type=email][name=email][placeholder=Email]', {value: this.email(), onchange: m.withAttr('value', this.email)}) m('a.btn.btn-primary.btn-block', {href: 'http://'+emailProviderName}, 'Go to '+emailProviderName)
])
]
: [
m('div.form-group', [
m('input.form-control[type=email][name=email]', {
placeholder: app.session.user().email(),
value: this.email(),
onchange: m.withAttr('value', this.email),
disabled
})
]), ]),
m('div.form-group', [ m('div.form-group', [
m('button.btn.btn-primary.btn-block[type=submit]', 'Save Changes') m('button.btn.btn-primary.btn-block[type=submit]', {disabled}, 'Save Changes')
]) ])
] ]
}); });
@ -33,12 +51,13 @@ export default class ChangeEmailModal extends FormModal {
this.loading(true); this.loading(true);
app.session.user().save({ email: this.email() }).then(() => { app.session.user().save({ email: this.email() }).then(() => {
this.hide(); this.loading(false);
this.success(true);
this.alert(null);
m.redraw();
}, response => { }, response => {
this.loading(false); this.loading(false);
this.alert = new Alert({ type: 'warning', message: response.errors.map((error, k) => [error.detail, k < response.errors.length - 1 ? m('br') : '']) }); this.handleErrors(response.errors);
m.redraw();
this.$('[name='+response.errors[0].path+']').select();
}); });
} }
} }

25
js/forum/src/components/login-modal.js
View File

@ -3,6 +3,7 @@ import LoadingIndicator from 'flarum/components/loading-indicator';
import ForgotPasswordModal from 'flarum/components/forgot-password-modal'; import ForgotPasswordModal from 'flarum/components/forgot-password-modal';
import SignupModal from 'flarum/components/signup-modal'; import SignupModal from 'flarum/components/signup-modal';
import Alert from 'flarum/components/alert'; import Alert from 'flarum/components/alert';
import ActionButton from 'flarum/components/action-button';
import icon from 'flarum/helpers/icon'; import icon from 'flarum/helpers/icon';
export default class LoginModal extends FormModal { export default class LoginModal extends FormModal {
@ -29,7 +30,11 @@ export default class LoginModal extends FormModal {
]) ])
], ],
footer: [ footer: [
m('p.forgot-password-link', m('a[href=javascript:;]', {onclick: () => app.modal.show(new ForgotPasswordModal({email: this.email()}))}, 'Forgot password?')), m('p.forgot-password-link', m('a[href=javascript:;]', {onclick: () => {
var email = this.email();
var props = email.indexOf('@') !== -1 ? {email} : null;
app.modal.show(new ForgotPasswordModal(props));
}}, 'Forgot password?')),
m('p.sign-up-link', [ m('p.sign-up-link', [
'Don\'t have an account? ', 'Don\'t have an account? ',
m('a[href=javascript:;]', {onclick: () => { m('a[href=javascript:;]', {onclick: () => {
@ -50,12 +55,26 @@ export default class LoginModal extends FormModal {
onsubmit(e) { onsubmit(e) {
e.preventDefault(); e.preventDefault();
this.loading(true); this.loading(true);
app.session.login(this.email(), this.password()).then(() => { var email = this.email();
var password = this.password();
app.session.login(email, password).then(() => {
this.hide(); this.hide();
this.props.callback && this.props.callback(); this.props.callback && this.props.callback();
}, response => { }, response => {
this.loading(false); this.loading(false);
this.alert = new Alert({ type: 'warning', message: 'Your login details were incorrect.' }); if (response && response.code === 'confirm_email') {
var state;
this.alert(Alert.component({
message: ['You need to confirm your email before you can log in. We\'ve sent a confirmation email to ', m('strong', response.email), '. If it doesn\'t arrive soon, check your spam folder.']
}));
} else {
this.alert(Alert.component({
type: 'warning',
message: 'Your login details were incorrect.'
}));
}
m.redraw(); m.redraw();
this.ready(); this.ready();
}); });

32
migrations/2015_02_24_000000_create_email_tokens_table.php Normal file
View File

@ -0,0 +1,32 @@
<?php
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateEmailTokensTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('email_tokens', function (Blueprint $table) {
$table->string('id', 100)->primary();
$table->integer('user_id')->unsigned();
$table->string('email', 150);
$table->timestamp('created_at');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::drop('email_tokens');
}
}

2
migrations/2015_02_24_000000_create_users_table.php
View File

@ -17,8 +17,6 @@ class CreateUsersTable extends Migration
$table->increments('id'); $table->increments('id');
$table->string('username', 100)->unique(); $table->string('username', 100)->unique();
$table->string('email', 150)->unique(); $table->string('email', 150)->unique();
$table->boolean('is_confirmed')->default(0);
$table->string('confirmation_token', 50)->nullable();
$table->boolean('is_activated')->default(0); $table->boolean('is_activated')->default(0);
$table->string('password', 100); $table->string('password', 100);
$table->text('bio')->nullable(); $table->text('bio')->nullable();

6
src/Api/Actions/TokenAction.php
View File

@ -4,6 +4,7 @@ use Flarum\Api\Request;
use Flarum\Core\Commands\GenerateAccessTokenCommand; use Flarum\Core\Commands\GenerateAccessTokenCommand;
use Flarum\Core\Repositories\UserRepositoryInterface; use Flarum\Core\Repositories\UserRepositoryInterface;
use Flarum\Core\Exceptions\PermissionDeniedException; use Flarum\Core\Exceptions\PermissionDeniedException;
use Flarum\Core\Events\UserEmailChangeWasRequested;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Contracts\Bus\Dispatcher; use Illuminate\Contracts\Bus\Dispatcher;
@ -36,6 +37,11 @@ class TokenAction extends JsonApiAction
throw new PermissionDeniedException; throw new PermissionDeniedException;
} }
if (! $user->is_activated) {
event(new UserEmailChangeWasRequested($user, $user->email));
return new JsonResponse(['code' => 'confirm_email', 'email' => $user->email], 401);
}
$token = $this->bus->dispatch( $token = $this->bus->dispatch(
new GenerateAccessTokenCommand($user->id) new GenerateAccessTokenCommand($user->id)
); );

5
src/Core/Commands/ConfirmEmailCommand.php
View File

@ -2,13 +2,10 @@
class ConfirmEmailCommand class ConfirmEmailCommand
{ {
public $userId;
public $token; public $token;
public function __construct($userId, $token) public function __construct($token)
{ {
$this->userId = $userId;
$this->token = $token; $this->token = $token;
} }
} }

16
src/Core/Events/UserEmailChangeWasRequested.php Normal file
View File

@ -0,0 +1,16 @@
<?php namespace Flarum\Core\Events;
use Flarum\Core\Models\User;
class UserEmailChangeWasRequested
{
public $user;
public $email;
public function __construct(User $user, $email)
{
$this->user = $user;
$this->email = $email;
}
}

14
src/Core/Handlers/Commands/ConfirmEmailCommandHandler.php
View File

@ -3,6 +3,8 @@
use Flarum\Core\Repositories\UserRepositoryInterface as UserRepository; use Flarum\Core\Repositories\UserRepositoryInterface as UserRepository;
use Flarum\Core\Events\UserWillBeSaved; use Flarum\Core\Events\UserWillBeSaved;
use Flarum\Core\Support\DispatchesEvents; use Flarum\Core\Support\DispatchesEvents;
use Flarum\Core\Exceptions\InvalidConfirmationTokenException;
use Flarum\Core\Models\EmailToken;
class ConfirmEmailCommandHandler class ConfirmEmailCommandHandler
{ {
@ -17,10 +19,14 @@ class ConfirmEmailCommandHandler
public function handle($command) public function handle($command)
{ {
$user = $this->users->findOrFail($command->userId); $token = EmailToken::find($command->token)->first();
$user->assertConfirmationTokenValid($command->token); if (! $token) {
$user->confirmEmail(); throw new InvalidConfirmationTokenException;
}
$user = $token->user;
$user->changeEmail($token->email);
if (! $user->is_activated) { if (! $user->is_activated) {
$user->activate(); $user->activate();
@ -31,6 +37,8 @@ class ConfirmEmailCommandHandler
$user->save(); $user->save();
$this->dispatchEventsFor($user); $this->dispatchEventsFor($user);
$token->delete();
return $user; return $user;
} }
} }

3
src/Core/Handlers/Commands/EditUserCommandHandler.php
View File

@ -23,11 +23,12 @@ class EditUserCommandHandler
$userToEdit->assertCan($user, 'edit'); $userToEdit->assertCan($user, 'edit');
if (isset($command->data['username'])) { if (isset($command->data['username'])) {
$userToEdit->assertCan($user, 'rename');
$userToEdit->rename($command->data['username']); $userToEdit->rename($command->data['username']);
} }
if (isset($command->data['email'])) { if (isset($command->data['email'])) {
$userToEdit->changeEmail($command->data['email']); $userToEdit->requestEmailChange($command->data['email']);
} }
if (isset($command->data['password'])) { if (isset($command->data['password'])) {

50
src/Core/Handlers/Events/EmailConfirmationMailer.php
View File

@ -2,8 +2,9 @@
use Illuminate\Mail\Mailer; use Illuminate\Mail\Mailer;
use Flarum\Core\Events\UserWasRegistered; use Flarum\Core\Events\UserWasRegistered;
use Flarum\Core\Events\EmailWasChanged; use Flarum\Core\Events\UserEmailChangeWasRequested;
use Config; use Flarum\Core;
use Flarum\Core\Models\EmailToken;
use Illuminate\Contracts\Events\Dispatcher; use Illuminate\Contracts\Events\Dispatcher;
class EmailConfirmationMailer class EmailConfirmationMailer
@ -23,28 +24,47 @@ class EmailConfirmationMailer
public function subscribe(Dispatcher $events) public function subscribe(Dispatcher $events)
{ {
$events->listen('Flarum\Core\Events\UserWasRegistered', __CLASS__.'@whenUserWasRegistered'); $events->listen('Flarum\Core\Events\UserWasRegistered', __CLASS__.'@whenUserWasRegistered');
$events->listen('Flarum\Core\Events\EmailWasChanged', __CLASS__.'@whenEmailWasChanged'); $events->listen('Flarum\Core\Events\UserEmailChangeWasRequested', __CLASS__.'@whenUserEmailChangeWasRequested');
} }
public function whenUserWasRegistered(UserWasRegistered $event) public function whenUserWasRegistered(UserWasRegistered $event)
{ {
$user = $event->user; $user = $event->user;
$data = $this->getPayload($user, $user->email);
$forumTitle = Config::get('flarum::forum_title'); $this->mailer->send(['text' => 'flarum::emails.activateAccount'], $data, function ($message) use ($email) {
$message->to($email);
$data = [ $message->subject('Activate Your New Account');
'username' => $user->username,
'forumTitle' => $forumTitle,
'url' => route('flarum.forum.confirm', ['id' => $user->id, 'token' => $user->confirmation_token])
];
$this->mailer->send(['text' => 'flarum::emails.confirm'], $data, function ($message) use ($user) {
$message->to($user->email);
$message->subject('Confirm Your Email Address');
}); });
} }
public function whenEmailWasChanged(EmailWasChanged $event) public function whenUserEmailChangeWasRequested(UserEmailChangeWasRequested $event)
{ {
$email = $event->email;
$data = $this->getPayload($event->user, $email);
$this->mailer->send(['text' => 'flarum::emails.confirmEmail'], $data, function ($message) use ($email) {
$message->to($email);
$message->subject('Confirm Your New Email Address');
});
}
protected function generateToken($user, $email)
{
$token = EmailToken::generate($user->id, $email);
$token->save();
return $token;
}
protected function getPayload($user, $email)
{
$token = $this->generateToken($user, $email);
return [
'username' => $user->username,
'url' => route('flarum.forum.confirmEmail', ['token' => $token->id]),
'forumTitle' => Core::config('forum_title')
];
} }
} }

46
src/Core/Models/EmailToken.php Normal file
View File

@ -0,0 +1,46 @@
<?php namespace Flarum\Core\Models;
class EmailToken extends Model
{
/**
* The table associated with the model.
*
* @var string
*/
protected $table = 'email_tokens';
/**
* Use a custom primary key for this model.
*
* @var boolean
*/
public $incrementing = false;
/**
* Generate a reset token for the specified user.
*
* @param int $userId
* @return static
*/
public static function generate($userId, $email)
{
$token = new static;
$token->id = str_random(40);
$token->user_id = $userId;
$token->email = $email;
$token->created_at = time();
return $token;
}
/**
* Define the relationship with the owner of this reset token.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
*/
public function user()
{
return $this->belongsTo('Flarum\Core\Models\User');
}
}

15
src/Core/Models/Model.php
View File

@ -110,14 +110,19 @@ class Model extends Eloquent
*/ */
public function assertValid() public function assertValid()
{ {
$validation = $this->makeValidator(); $validator = $this->makeValidator();
if ($validation->fails()) { if ($validator->fails()) {
throw (new ValidationFailureException) $this->throwValidationFailureException($validator);
->setErrors($validation->errors())
->setInput($validation->getData());
} }
} }
protected function throwValidationFailureException($validator)
{
throw (new ValidationFailureException)
->setErrors($validator->errors())
->setInput($validator->getData());
}
/** /**
* Make a new validator instance for this model. * Make a new validator instance for this model.
* *

60
src/Core/Models/User.php
View File

@ -13,6 +13,7 @@ use Flarum\Core\Events\UserBioWasChanged;
use Flarum\Core\Events\UserAvatarWasChanged; use Flarum\Core\Events\UserAvatarWasChanged;
use Flarum\Core\Events\UserWasActivated; use Flarum\Core\Events\UserWasActivated;
use Flarum\Core\Events\UserEmailWasConfirmed; use Flarum\Core\Events\UserEmailWasConfirmed;
use Flarum\Core\Events\UserEmailChangeWasRequested;
class User extends Model class User extends Model
{ {
@ -94,8 +95,6 @@ class User extends Model
$user->password = $password; $user->password = $password;
$user->join_time = time(); $user->join_time = time();
$user->refreshConfirmationToken();
$user->raise(new UserWasRegistered($user)); $user->raise(new UserWasRegistered($user));
return $user; return $user;
@ -111,6 +110,7 @@ class User extends Model
{ {
if ($username !== $this->username) { if ($username !== $this->username) {
$this->username = $username; $this->username = $username;
$this->raise(new UserWasRenamed($this)); $this->raise(new UserWasRenamed($this));
} }
@ -127,12 +127,31 @@ class User extends Model
{ {
if ($email !== $this->email) { if ($email !== $this->email) {
$this->email = $email; $this->email = $email;
$this->raise(new UserEmailWasChanged($this)); $this->raise(new UserEmailWasChanged($this));
} }
return $this; return $this;
} }
public function requestEmailChange($email)
{
if ($email !== $this->email) {
$validator = static::$validator->make(
compact('email'),
$this->expandUniqueRules(array_only(static::$rules, 'email'))
);
if ($validator->fails()) {
$this->throwValidationFailureException($validator);
}
$this->raise(new UserEmailChangeWasRequested($this, $email));
}
return $this;
}
/** /**
* Change the user's password. * Change the user's password.
* *
@ -257,41 +276,12 @@ class User extends Model
public function activate() public function activate()
{ {
$this->is_activated = true; $this->is_activated = true;
$this->groups()->sync([3]);
$this->raise(new UserWasActivated($this)); $this->raise(new UserWasActivated($this));
return $this; return $this;
} }
/**
* Check if a given confirmation token is valid for this user.
*
* @param string $token
* @return boolean
*/
public function assertConfirmationTokenValid($token)
{
if ($this->is_confirmed ||
! $token ||
$this->confirmation_token !== $token) {
throw new InvalidConfirmationTokenException;
}
}
/**
* Generate a new confirmation token for the user.
*
* @return $this
*/
public function refreshConfirmationToken()
{
$this->is_confirmed = false;
$this->confirmation_token = str_random(30);
return $this;
}
/** /**
* Confirm the user's email. * Confirm the user's email.
* *
@ -461,7 +451,13 @@ class User extends Model
*/ */
public function permissions() public function permissions()
{ {
return Permission::whereIn('group_id', array_merge([Group::GUEST_ID], $this->groups->lists('id'))); $groupIds = [Group::GUEST_ID];
if ($this->is_activated) {
$groupIds = array_merge($groupIds, [Group::MEMBER_ID], $this->groups->lists('id'));
}
return Permission::whereIn('group_id', $groupIds);
} }
/** /**

8
src/Forum/Actions/ConfirmAction.php → src/Forum/Actions/ConfirmEmailAction.php
View File

@ -5,16 +5,15 @@ use Flarum\Core\Commands\ConfirmEmailCommand;
use Flarum\Core\Commands\GenerateAccessTokenCommand; use Flarum\Core\Commands\GenerateAccessTokenCommand;
use Flarum\Core\Exceptions\InvalidConfirmationTokenException; use Flarum\Core\Exceptions\InvalidConfirmationTokenException;
class ConfirmAction extends BaseAction class ConfirmEmailAction extends BaseAction
{ {
use MakesRememberCookie; use MakesRememberCookie;
public function handle(Request $request, $routeParams = []) public function handle(Request $request, $routeParams = [])
{ {
try { try {
$userId = array_get($routeParams, 'id');
$token = array_get($routeParams, 'token'); $token = array_get($routeParams, 'token');
$command = new ConfirmEmailCommand($userId, $token); $command = new ConfirmEmailCommand($token);
$user = $this->dispatch($command); $user = $this->dispatch($command);
} catch (InvalidConfirmationTokenException $e) { } catch (InvalidConfirmationTokenException $e) {
return 'Invalid confirmation token'; return 'Invalid confirmation token';
@ -24,7 +23,6 @@ class ConfirmAction extends BaseAction
$token = $this->dispatch($command); $token = $this->dispatch($command);
return redirect('/') return redirect('/')
->withCookie($this->makeRememberCookie($token->id)) ->withCookie($this->makeRememberCookie($token->id));
->with('alert', ['type' => 'success', 'message' => 'Thanks for confirming!']);
} }
} }

6
src/Forum/routes.php
View File

@ -28,9 +28,9 @@ Route::post('login', [
'uses' => $action('Flarum\Forum\Actions\LoginAction') 'uses' => $action('Flarum\Forum\Actions\LoginAction')
]); ]);
Route::get('confirm/{id}/{token}', [ Route::get('confirm/{token}', [
'as' => 'flarum.forum.confirm', 'as' => 'flarum.forum.confirmEmail',
'uses' => $action('Flarum\Forum\Actions\ConfirmAction') 'uses' => $action('Flarum\Forum\Actions\ConfirmEmailAction')
]); ]);
Route::get('reset/{token}', [ Route::get('reset/{token}', [

8
views/emails/activateAccount.blade.php Normal file
View File

@ -0,0 +1,8 @@
Hey {{ $username }}!
Someone (hopefully you!) has signed up to {{ $forumTitle }} with this email address.
If this was you, simply click the following link and your account will be activated:
{{ $url }}
If you did not sign up, please ignore this email.

9
views/emails/confirm.blade.php
View File

@ -1,9 +0,0 @@
Hey {{ $username }}!
Someone (hopefully you!) has signed up to the forum '{{ $forumTitle }}' with this email address.
If this was you, simply visit the following link and your account will be activated:
{{ $url }}
If you did not sign up, please ignore this email.

8
views/emails/confirmEmail.blade.php Normal file
View File

@ -0,0 +1,8 @@
Hey {{ $username }}!
Someone (hopefully you!) has changed their email address on {{ $forumTitle }} to this one.
If this was you, simply click the following link and your email will be confirmed:
{{ $url }}
If this was not you, please ignore this email.