fix: password reset / invitation link requests

2023-12-13 15:22:37 +01:00
parent 1ff1664b6c
commit 02c8b9f471
7 changed files with 27 additions and 21 deletions
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@@ -39,7 +39,7 @@ class Controller extends BaseController
                } else {
                    $team = $user->teams()->first();
                }
-                if (is_null(data_get($user, 'email_verified_at'))){
+                if (is_null(data_get($user, 'email_verified_at'))) {
                    $user->email_verified_at = now();
                    $user->save();
                }
@@ -137,16 +137,28 @@ class Controller extends BaseController
    public function acceptInvitation()
    {
        try {
-            $invitation = TeamInvitation::whereUuid(request()->route('uuid'))->firstOrFail();
+            $resetPassword = request()->query('reset-password');
+            $invitationUuid = request()->route('uuid');
+            $invitation = TeamInvitation::whereUuid($invitationUuid)->firstOrFail();
            $user = User::whereEmail($invitation->email)->firstOrFail();
-            if (auth()->user()->id !== $user->id) {
-                abort(401);
-            }
            $invitationValid = $invitation->isValid();
            if ($invitationValid) {
+                if ($resetPassword) {
+                    $user->update([
+                        'password' => Hash::make($invitationUuid),
+                        'force_password_reset' => true
+                    ]);
+                }
+                if ($user->teams()->where('team_id', $invitation->team->id)->exists()) {
+                    $invitation->delete();
+                    return redirect()->route('team.index');
+                }
                $user->teams()->attach($invitation->team->id, ['role' => $invitation->role]);
-                refreshSession($invitation->team);
                $invitation->delete();
+                if (auth()->user()?->id !== $user->id) {
+                    return redirect()->route('login');
+                }
+                refreshSession($invitation->team);
                return redirect()->route('team.index');
            } else {
                abort(401);
--- a/app/Http/Middleware/CheckForcePasswordReset.php
+++ b/app/Http/Middleware/CheckForcePasswordReset.php
@@ -24,7 +24,7 @@ class CheckForcePasswordReset
            }
            $force_password_reset = auth()->user()->force_password_reset;
            if ($force_password_reset) {
-                if ($request->routeIs('auth.force-password-reset') || $request->path() === 'livewire/message/force-password-reset') {
+                if ($request->routeIs('auth.force-password-reset') || $request->path() === 'force-password-reset' || $request->path() === 'livewire/update' ||  $request->path() === 'logout') {
                    return $next($request);
                }
                return redirect()->route('auth.force-password-reset');
--- a/app/Http/Middleware/DecideWhatToDoWithUser.php
+++ b/app/Http/Middleware/DecideWhatToDoWithUser.php
@@ -11,6 +11,9 @@ class DecideWhatToDoWithUser
 {
    public function handle(Request $request, Closure $next): Response
    {
+        if(auth()?->user()?->currentTeam()){
+            refreshSession(auth()->user()->currentTeam());
+        }
        if (!auth()->user() || !isCloud() || isInstanceAdmin()) {
            if (!isCloud() && showBoarding() && !in_array($request->path(), allowedPathsForBoardingAccounts())) {
                return redirect('boarding');