Auth: Changed email confirmations to use login attempt user

ssddanbrown · ssddanbrown · commit d133f904d369 · 2024-05-20T17:23:15.000+01:00
Negates the need for a public confirmation resend form
since we can instead just send direct to the last session login attempter.
diff --git a/app/Access/Controllers/ConfirmEmailController.php b/app/Access/Controllers/ConfirmEmailController.php
@@ -32,13 +32,17 @@ public function show()
 
     /**
      * Shows a notice that a user's email address has not been confirmed,
-     * Also has the option to re-send the confirmation email.
+     * along with the option to re-send the confirmation email.
      */
     public function showAwaiting()
     {
         $user = $this->loginService->getLastLoginAttemptUser();
+        if ($user === null) {
+            $this->showErrorNotification(trans('errors.login_user_not_found'));
+            return redirect('/login');
+        }
 
-        return view('auth.user-unconfirmed', ['user' => $user]);
+        return view('auth.register-confirm-awaiting');
     }
 
     /**
@@ -90,19 +94,24 @@ public function confirm(Request $request)
     /**
      * Resend the confirmation email.
      */
-    public function resend(Request $request)
+    public function resend()
     {
-        $this->validate($request, [
-            'email' => ['required', 'email', 'exists:users,email'],
-        ]);
-        $user = $this->userRepo->getByEmail($request->get('email'));
+        $user = $this->loginService->getLastLoginAttemptUser();
+        if ($user === null) {
+            $this->showErrorNotification(trans('errors.login_user_not_found'));
+            return redirect('/login');
+        }
 
         try {
             $this->emailConfirmationService->sendConfirmation($user);
+        } catch (ConfirmationEmailException $e) {
+            $this->showErrorNotification($e->getMessage());
+
+            return redirect('/login');
         } catch (Exception $e) {
             $this->showErrorNotification(trans('auth.email_confirm_send_error'));
 
-            return redirect('/register/confirm');
+            return redirect('/register/awaiting');
         }
 
         $this->showSuccessNotification(trans('auth.email_confirm_resent'));
diff --git a/app/Access/Controllers/HandlesPartialLogins.php b/app/Access/Controllers/HandlesPartialLogins.php
@@ -17,7 +17,7 @@ protected function currentOrLastAttemptedUser(): User
         $user = auth()->user() ?? $loginService->getLastLoginAttemptUser();
 
         if (!$user) {
-            throw new NotFoundException('A user for this action could not be found');
+            throw new NotFoundException(trans('errors.login_user_not_found'));
         }
 
         return $user;
diff --git a/app/Access/EmailConfirmationService.php b/app/Access/EmailConfirmationService.php
@@ -17,7 +17,7 @@ class EmailConfirmationService extends UserTokenService
      *
      * @throws ConfirmationEmailException
      */
-    public function sendConfirmation(User $user)
+    public function sendConfirmation(User $user): void
     {
         if ($user->email_confirmed) {
             throw new ConfirmationEmailException(trans('errors.email_already_confirmed'), '/login');
diff --git a/app/Exceptions/StoppedAuthenticationException.php b/app/Exceptions/StoppedAuthenticationException.php
@@ -9,16 +9,10 @@
 
 class StoppedAuthenticationException extends \Exception implements Responsable
 {
-    protected $user;
-    protected $loginService;
-
-    /**
-     * StoppedAuthenticationException constructor.
-     */
-    public function __construct(User $user, LoginService $loginService)
-    {
-        $this->user = $user;
-        $this->loginService = $loginService;
+    public function __construct(
+        protected User $user,
+        protected LoginService $loginService
+    ) {
         parent::__construct();
     }
 
diff --git a/lang/en/errors.php b/lang/en/errors.php
@@ -37,6 +37,7 @@
     'social_driver_not_found' => 'Social driver not found',
     'social_driver_not_configured' => 'Your :socialAccount social settings are not configured correctly.',
     'invite_token_expired' => 'This invitation link has expired. You can instead try to reset your account password.',
+    'login_user_not_found' => 'A user for this action could not be found.',
 
     // System
     'path_not_writable' => 'File path :filePath could not be uploaded to. Ensure it is writable to the server.',
diff --git a/resources/views/auth/register-confirm-awaiting.blade.php b/resources/views/auth/register-confirm-awaiting.blade.php
@@ -14,15 +14,7 @@
             </p>
 
             <form action="{{ url("/register/confirm/resend") }}" method="POST" class="stretch-inputs">
-                {!! csrf_field() !!}
-                <div class="form-group">
-                    <label for="email">{{ trans('auth.email') }}</label>
-                    @if($user)
-                        @include('form.text', ['name' => 'email', 'model' => $user])
-                    @else
-                        @include('form.text', ['name' => 'email'])
-                    @endif
-                </div>
+                {{ csrf_field() }}
                 <div class="form-group text-right mt-m">
                     <button type="submit" class="button">{{ trans('auth.email_not_confirmed_resend_button') }}</button>
                 </div>
diff --git a/tests/Auth/RegistrationTest.php b/tests/Auth/RegistrationTest.php
@@ -25,6 +25,9 @@ public function test_confirmed_registration()
         $resp->assertRedirect('/register/confirm');
         $this->assertDatabaseHas('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
 
+        $resp = $this->get('/register/confirm');
+        $resp->assertSee('Thanks for registering!');
+
         // Ensure notification sent
         /** @var User $dbUser */
         $dbUser = User::query()->where('email', '=', $user->email)->first();
@@ -232,4 +235,59 @@ public function test_registration_confirmation_throttled()
 
         $response->assertStatus(429);
     }
+
+    public function test_registration_confirmation_resend()
+    {
+        Notification::fake();
+        $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
+        $user = User::factory()->make();
+
+        $resp = $this->post('/register', $user->only('name', 'email', 'password'));
+        $resp->assertRedirect('/register/confirm');
+        $dbUser = User::query()->where('email', '=', $user->email)->first();
+
+        $resp = $this->post('/login', ['email' => $user->email, 'password' => $user->password]);
+        $resp->assertRedirect('/register/confirm/awaiting');
+
+        $resp = $this->post('/register/confirm/resend');
+        $resp->assertRedirect('/register/confirm');
+        Notification::assertSentToTimes($dbUser, ConfirmEmailNotification::class, 2);
+    }
+
+    public function test_registration_confirmation_expired_resend()
+    {
+        Notification::fake();
+        $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
+        $user = User::factory()->make();
+
+        $resp = $this->post('/register', $user->only('name', 'email', 'password'));
+        $resp->assertRedirect('/register/confirm');
+        $dbUser = User::query()->where('email', '=', $user->email)->first();
+
+        $resp = $this->post('/login', ['email' => $user->email, 'password' => $user->password]);
+        $resp->assertRedirect('/register/confirm/awaiting');
+
+        $emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();
+        $this->travel(2)->days();
+
+        $resp = $this->post("/register/confirm/accept", [
+            'token' => $emailConfirmation->token,
+        ]);
+        $resp->assertRedirect('/register/confirm');
+        $this->assertSessionError('The confirmation token has expired, A new confirmation email has been sent.');
+
+        Notification::assertSentToTimes($dbUser, ConfirmEmailNotification::class, 2);
+    }
+
+    public function test_registration_confirmation_awaiting_and_resend_returns_to_log_if_no_login_attempt_user_found()
+    {
+        $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
+
+        $this->get('/register/confirm/awaiting')->assertRedirect('/login');
+        $this->assertSessionError('A user for this action could not be found.');
+        $this->flushSession();
+
+        $this->post('/register/confirm/resend')->assertRedirect('/login');
+        $this->assertSessionError('A user for this action could not be found.');
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ protected function currentOrLastAttemptedUser(): User`
`17`	`17`	`$user = auth()->user() ?? $loginService->getLastLoginAttemptUser();`
`18`	`18`
`19`	`19`	`if (!$user) {`
`20`		`- throw new NotFoundException('A user for this action could not be found');`
	`20`	`+ throw new NotFoundException(trans('errors.login_user_not_found'));`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`return $user;`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ class EmailConfirmationService extends UserTokenService`
`17`	`17`	`*`
`18`	`18`	`* @throws ConfirmationEmailException`
`19`	`19`	`*/`
`20`		`- public function sendConfirmation(User $user)`
	`20`	`+ public function sendConfirmation(User $user): void`
`21`	`21`	`{`
`22`	`22`	`if ($user->email_confirmed) {`
`23`	`23`	`throw new ConfirmationEmailException(trans('errors.email_already_confirmed'), '/login');`