Updated flow to ensure /register/confirm route is used where needed

Was accidentally skipped during previous updates. Will now be used on saml, ldap & standard registration where required. Uses session to know if the email was just sent and, if so, show the confirmation route.
2025-04-16 17:47:52 +00:00 · 2020-09-05 17:26:48 +01:00 · 2020-09-05 17:26:48 +01:00 · ff1ee2d71f
commit ff1ee2d71f
parent c029741a17
5 changed files with 18 additions and 2 deletions
--- a/app/Auth/Access/RegistrationService.php
+++ b/app/Auth/Access/RegistrationService.php
@ -74,6 +74,7 @@ class RegistrationService

            try {
                $this->emailConfirmationService->sendConfirmation($newUser);
+                session()->flash('sent-email-confirmation', true);
            } catch (Exception $e) {
                $message = trans('auth.email_confirm_send_error');
                throw new UserRegistrationException($message, '/register/confirm');
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@ -44,6 +44,10 @@ class Authenticate
            ], 401);
        }

+        if (session()->get('sent-email-confirmation') === true) {
+            return redirect('/register/confirm');
+        }
+
        return redirect('/register/confirm/awaiting');
    }
 }
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@ -170,6 +170,11 @@ class AuthTest extends BrowserKitTest
            ->seePageIs('/register/confirm')
            ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

+        $this->visit('/')
+            ->seePageIs('/register/confirm/awaiting');
+
+        auth()->logout();
+
        $this->visit('/')->seePageIs('/login')
            ->type($user->email, '#email')
            ->type($user->password, '#password')
@ -202,6 +207,10 @@ class AuthTest extends BrowserKitTest
            ->seePageIs('/register/confirm')
            ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

+        $this->visit('/')
+            ->seePageIs('/register/confirm/awaiting');
+
+        auth()->logout();
        $this->visit('/')->seePageIs('/login')
            ->type($user->email, '#email')
            ->type($user->password, '#password')
--- a/tests/Auth/LdapTest.php
+++ b/tests/Auth/LdapTest.php
@ -620,7 +620,7 @@ class LdapTest extends BrowserKitTest
                ]
            ]]);

-        $this->mockUserLogin()->seePageIs('/register/confirm/awaiting');
+        $this->mockUserLogin()->seePageIs('/register/confirm');
        $this->seeInDatabase('users', [
            'email' => $user->email,
            'email_confirmed' => false,
--- a/tests/Auth/Saml2Test.php
+++ b/tests/Auth/Saml2Test.php
@ -304,7 +304,9 @@ class Saml2Test extends TestCase

        $this->withPost(['SAMLResponse' => $this->acsPostData], function () use ($memberRole, $adminRole) {
            $acsPost = $this->followingRedirects()->post('/saml2/acs');
-            $acsPost->assertSee('Your email address has not yet been confirmed');
+
+            $this->assertEquals('http://localhost/register/confirm', url()->current());
+            $acsPost->assertSee('Please check your email and click the confirmation button to access BookStack.');
            $user = User::query()->where('external_auth_id', '=', 'user')->first();

            $userRoleIds = $user->roles()->pluck('id');