2023-03-17 15:33:48 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
|
|
2024-01-07 16:23:41 +01:00
|
|
|
use App\Events\TestEvent;
|
2023-06-12 12:00:01 +02:00
|
|
|
use App\Models\TeamInvitation;
|
|
|
|
|
use App\Models\User;
|
2024-01-07 16:23:41 +01:00
|
|
|
use App\Providers\RouteServiceProvider;
|
2026-04-20 12:09:17 +02:00
|
|
|
use Illuminate\Auth\Events\Verified;
|
2026-06-02 12:22:27 +02:00
|
|
|
use Illuminate\Contracts\Encryption\DecryptException;
|
2023-03-17 15:33:48 +01:00
|
|
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
|
|
|
|
use Illuminate\Foundation\Validation\ValidatesRequests;
|
2024-01-11 08:52:30 +01:00
|
|
|
use Illuminate\Http\Request;
|
2023-03-17 15:33:48 +01:00
|
|
|
use Illuminate\Routing\Controller as BaseController;
|
2023-09-15 11:19:36 +02:00
|
|
|
use Illuminate\Support\Facades\Auth;
|
2023-09-06 12:07:34 +02:00
|
|
|
use Illuminate\Support\Facades\Crypt;
|
|
|
|
|
use Illuminate\Support\Facades\Hash;
|
2024-06-10 20:43:34 +00:00
|
|
|
use Illuminate\Support\Facades\Password;
|
2023-09-15 11:19:36 +02:00
|
|
|
use Illuminate\Support\Str;
|
2024-01-07 16:23:41 +01:00
|
|
|
use Laravel\Fortify\Contracts\FailedPasswordResetLinkRequestResponse;
|
|
|
|
|
use Laravel\Fortify\Contracts\SuccessfulPasswordResetLinkRequestResponse;
|
2024-06-10 20:43:34 +00:00
|
|
|
use Laravel\Fortify\Fortify;
|
2023-03-17 15:33:48 +01:00
|
|
|
|
|
|
|
|
class Controller extends BaseController
|
|
|
|
|
{
|
|
|
|
|
use AuthorizesRequests, ValidatesRequests;
|
2023-06-07 15:08:35 +02:00
|
|
|
|
2024-06-10 20:43:34 +00:00
|
|
|
public function realtime_test()
|
|
|
|
|
{
|
2024-01-07 16:23:41 +01:00
|
|
|
if (auth()->user()?->currentTeam()->id !== 0) {
|
|
|
|
|
return redirect(RouteServiceProvider::HOME);
|
|
|
|
|
}
|
|
|
|
|
TestEvent::dispatch();
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2024-01-07 16:23:41 +01:00
|
|
|
return 'Look at your other tab.';
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
|
|
|
|
public function verify()
|
|
|
|
|
{
|
2024-01-07 16:23:41 +01:00
|
|
|
return view('auth.verify-email');
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2026-04-20 12:09:17 +02:00
|
|
|
public function email_verify(Request $request)
|
2024-06-10 20:43:34 +00:00
|
|
|
{
|
2026-04-20 12:09:17 +02:00
|
|
|
if (! $request->hasValidSignature()) {
|
|
|
|
|
abort(403);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$user = auth()->user();
|
|
|
|
|
if (! $user) {
|
|
|
|
|
abort(403);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! hash_equals((string) $request->route('id'), (string) $user->getKey())) {
|
|
|
|
|
abort(403);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! hash_equals((string) $request->route('hash'), hash('sha256', $user->getEmailForVerification()))) {
|
|
|
|
|
abort(403);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! $user->hasVerifiedEmail()) {
|
|
|
|
|
$user->markEmailAsVerified();
|
|
|
|
|
event(new Verified($user));
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2024-01-07 16:23:41 +01:00
|
|
|
return redirect(RouteServiceProvider::HOME);
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
|
|
|
|
public function forgot_password(Request $request)
|
|
|
|
|
{
|
2024-12-09 15:34:24 +01:00
|
|
|
if (is_transactional_emails_enabled()) {
|
2024-01-11 08:52:30 +01:00
|
|
|
$arrayOfRequest = $request->only(Fortify::email());
|
|
|
|
|
$request->merge([
|
2024-01-07 16:23:41 +01:00
|
|
|
'email' => Str::lower($arrayOfRequest['email']),
|
|
|
|
|
]);
|
|
|
|
|
$type = set_transanctional_email_settings();
|
2025-02-27 12:56:37 +01:00
|
|
|
if (blank($type)) {
|
2024-01-07 16:23:41 +01:00
|
|
|
return response()->json(['message' => 'Transactional emails are not active'], 400);
|
|
|
|
|
}
|
2024-01-11 08:52:30 +01:00
|
|
|
$request->validate([Fortify::email() => 'required|email']);
|
2024-01-07 16:23:41 +01:00
|
|
|
$status = Password::broker(config('fortify.passwords'))->sendResetLink(
|
2024-01-11 08:52:30 +01:00
|
|
|
$request->only(Fortify::email())
|
2024-01-07 16:23:41 +01:00
|
|
|
);
|
|
|
|
|
if ($status == Password::RESET_LINK_SENT) {
|
|
|
|
|
return app(SuccessfulPasswordResetLinkRequestResponse::class, ['status' => $status]);
|
|
|
|
|
}
|
|
|
|
|
if ($status == Password::RESET_THROTTLED) {
|
|
|
|
|
return response('Already requested a password reset in the past minutes.', 400);
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2024-01-07 16:23:41 +01:00
|
|
|
return app(FailedPasswordResetLinkRequestResponse::class, ['status' => $status]);
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2024-01-07 16:23:41 +01:00
|
|
|
return response()->json(['message' => 'Transactional emails are not active'], 400);
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2023-09-06 12:07:34 +02:00
|
|
|
public function link()
|
|
|
|
|
{
|
|
|
|
|
$token = request()->get('token');
|
|
|
|
|
if ($token) {
|
2026-06-02 12:22:27 +02:00
|
|
|
try {
|
|
|
|
|
$decrypted = Crypt::decryptString($token);
|
|
|
|
|
} catch (DecryptException) {
|
|
|
|
|
return redirect()->route('login')->with('error', 'Invalid credentials.');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! str_contains($decrypted, '@@@')) {
|
|
|
|
|
return redirect()->route('login')->with('error', 'Invalid credentials.');
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-02 12:57:30 +02:00
|
|
|
$payload = explode('@@@', $decrypted, 3);
|
|
|
|
|
if (count($payload) === 3) {
|
|
|
|
|
[$email, $invitationUuid, $password] = $payload;
|
|
|
|
|
} else {
|
|
|
|
|
[$email, $password] = $payload;
|
|
|
|
|
$invitationUuid = null;
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-02 12:22:27 +02:00
|
|
|
$email = Str::lower($email);
|
2023-09-06 12:07:34 +02:00
|
|
|
$user = User::whereEmail($email)->first();
|
2024-06-10 20:43:34 +00:00
|
|
|
if (! $user) {
|
2023-09-06 12:07:34 +02:00
|
|
|
return redirect()->route('login');
|
|
|
|
|
}
|
2026-06-02 12:22:27 +02:00
|
|
|
|
2026-06-02 12:57:30 +02:00
|
|
|
$invitation = TeamInvitation::query()
|
|
|
|
|
->where('email', $email)
|
|
|
|
|
->when($invitationUuid, fn ($query) => $query->where('uuid', $invitationUuid))
|
|
|
|
|
->where('link', request()->fullUrl())
|
|
|
|
|
->first();
|
2026-06-02 12:22:27 +02:00
|
|
|
if (! $invitation || ! $invitation->isValid()) {
|
|
|
|
|
return redirect()->route('login')->with('error', 'Invitation has expired or been revoked.');
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-06 12:07:34 +02:00
|
|
|
if (Hash::check($password, $user->password)) {
|
2026-06-02 12:22:27 +02:00
|
|
|
$team = $invitation->team;
|
|
|
|
|
if (! $user->teams()->where('team_id', $team->id)->exists()) {
|
|
|
|
|
$user->teams()->attach($team->id, ['role' => $invitation->role]);
|
2023-09-15 11:19:36 +02:00
|
|
|
}
|
2026-06-02 12:22:27 +02:00
|
|
|
$invitation->delete();
|
|
|
|
|
|
2023-09-06 12:07:34 +02:00
|
|
|
Auth::login($user);
|
2026-06-02 12:22:27 +02:00
|
|
|
$user->forceFill([
|
|
|
|
|
'password' => Hash::make(Str::random(64)),
|
|
|
|
|
])->save();
|
2023-09-06 12:07:34 +02:00
|
|
|
session(['currentTeam' => $team]);
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2023-09-06 12:07:34 +02:00
|
|
|
return redirect()->route('dashboard');
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-06-10 20:43:34 +00:00
|
|
|
|
2023-09-06 12:07:34 +02:00
|
|
|
return redirect()->route('login')->with('error', 'Invalid credentials.');
|
|
|
|
|
}
|
2023-08-08 11:51:36 +02:00
|
|
|
|
2026-03-26 14:30:27 +01:00
|
|
|
public function showInvitation()
|
2023-06-12 12:00:01 +02:00
|
|
|
{
|
2024-10-28 14:37:00 +01:00
|
|
|
$invitationUuid = request()->route('uuid');
|
|
|
|
|
$invitation = TeamInvitation::whereUuid($invitationUuid)->firstOrFail();
|
|
|
|
|
$user = User::whereEmail($invitation->email)->firstOrFail();
|
2024-11-07 12:32:23 +01:00
|
|
|
|
|
|
|
|
if (Auth::id() !== $user->id) {
|
|
|
|
|
abort(400, 'You are not allowed to accept this invitation.');
|
|
|
|
|
}
|
2024-10-28 14:37:00 +01:00
|
|
|
|
2026-03-26 14:30:27 +01:00
|
|
|
if (! $invitation->isValid()) {
|
2025-01-07 15:31:43 +01:00
|
|
|
abort(400, 'Invitation expired.');
|
2023-06-12 12:00:01 +02:00
|
|
|
}
|
2026-03-26 14:30:27 +01:00
|
|
|
|
|
|
|
|
$alreadyMember = $user->teams()->where('team_id', $invitation->team->id)->exists();
|
|
|
|
|
|
|
|
|
|
return view('invitation.accept', [
|
|
|
|
|
'invitation' => $invitation,
|
|
|
|
|
'team' => $invitation->team,
|
|
|
|
|
'alreadyMember' => $alreadyMember,
|
|
|
|
|
]);
|
2023-06-12 12:00:01 +02:00
|
|
|
}
|
2023-08-08 11:51:36 +02:00
|
|
|
|
2026-03-26 14:30:27 +01:00
|
|
|
public function acceptInvitation()
|
2023-06-12 12:00:01 +02:00
|
|
|
{
|
2026-03-26 14:30:27 +01:00
|
|
|
$invitationUuid = request()->route('uuid');
|
|
|
|
|
|
|
|
|
|
$invitation = TeamInvitation::whereUuid($invitationUuid)->firstOrFail();
|
2024-10-28 14:37:00 +01:00
|
|
|
$user = User::whereEmail($invitation->email)->firstOrFail();
|
2026-03-26 14:30:27 +01:00
|
|
|
|
2024-11-04 14:18:16 +01:00
|
|
|
if (Auth::id() !== $user->id) {
|
2026-03-26 14:30:27 +01:00
|
|
|
abort(400, 'You are not allowed to accept this invitation.');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! $invitation->isValid()) {
|
|
|
|
|
abort(400, 'Invitation expired.');
|
2024-10-28 14:37:00 +01:00
|
|
|
}
|
2026-03-26 14:30:27 +01:00
|
|
|
|
|
|
|
|
if ($user->teams()->where('team_id', $invitation->team->id)->exists()) {
|
|
|
|
|
$invitation->delete();
|
|
|
|
|
|
|
|
|
|
return redirect()->route('team.index');
|
|
|
|
|
}
|
|
|
|
|
$user->teams()->attach($invitation->team->id, ['role' => $invitation->role]);
|
2024-10-28 14:37:00 +01:00
|
|
|
$invitation->delete();
|
|
|
|
|
|
2026-03-26 14:30:27 +01:00
|
|
|
refreshSession($invitation->team);
|
|
|
|
|
|
2024-10-28 14:37:00 +01:00
|
|
|
return redirect()->route('team.index');
|
2023-06-12 12:00:01 +02:00
|
|
|
}
|
2023-08-08 11:51:36 +02:00
|
|
|
}
|
