Merge branch '10-user-confirm-email-when-creating-new-password'

2018-06-12 23:51:52 +02:00 · 2018-06-12 23:51:52 +02:00 · daa8803f5e
commit daa8803f5e
parent 313ba55098 a2abf940b5
10 changed files with 418 additions and 6 deletions
--- a/app/controllers/UserController.php
+++ b/app/controllers/UserController.php
@ -4,7 +4,9 @@ namespace App\Controller;

 use App\Controller\ControllerBase,
    App\Form\UserSettings as UserSettingsForm,
-    App\Model\Data\ActivityLog;
+    App\Model\Data\ActivityLog,
+    App\Model\Data\PasswordLink,
+    SendGrid\Mail\Mail as SendGridMail;

 class UserController extends ControllerBase
 {
@ -28,9 +30,42 @@ class UserController extends ControllerBase

                $new_pw = $form->getValue('passwordNew');
                if (strlen($new_pw) > 0) {
+
                    $hash = password_hash($new_pw, PASSWORD_BCRYPT);
-                    $user->setPassword($hash);
+
+                    // User had a password before. just update.
+                    if (strlen($user->getPassword()) > 0) {
+                        $user->setPassword($hash);
+                    }
+                    // Else we create a password link and email.
+                    else {
+                        $link = new PasswordLink();
+                        $link->setUserId($user->getId())
+                            ->setPassword($hash)
+                            ->save();
+
+                        $tpl = $this->di->get('template');
+                        $body = $tpl->render('mail/password_activation', [
+                            'link' => $link->getPublicId()
+                        ]);
+
+                        $mail = new SendGridMail();
+                        $mail->setFrom('noreply@shufflingpixels.com');
+                        $mail->setSubject('Httpcb password activation');
+                        $mail->addTo($user->getEmail());
+                        $mail->addContent('text/html', $body);
+
+                        $sendgrid = $this->di->get('sendgrid');
+                        $sendgrid->send($mail);
+
+                        $msg = "For security reasons. Before a password can be created "
+                            . "a email has been sent to <strong>{$user->getEmail()}</strong> with "
+                            . "a activation link.";
+
+                        $this->flash->notice($msg);
+                    }
                }
+
                $user->save();
                $form->initialize();

@ -44,6 +79,35 @@ class UserController extends ControllerBase
        $this->view->form = $form;
    }

+    /**
+     * Activate a password.
+     *
+     * @param $id
+     */
+    public function activationLinkAction($id)
+    {
+        $link = PasswordLink::findFirst(['public_id = ?0', 'bind' => [ $id ]]);
+
+        if ($link) {
+            if ($link->isValid()) {
+
+                // Save the password.
+                $link->getUser()
+                    ->setPassword($link->getPassword())
+                    ->save();
+
+                $this->flash->success('Your password has been activated.');
+            } else {
+                $this->flash->error('This link has expired or has already been used.');
+            }
+
+            // Make sure the link is deleted.
+            $link->delete();
+        } else {
+            $this->flash->error('This does not seem to be an active link');
+        }
+    }
+
    public function activityAction($page = 1)
    {
        $user = $this->_getAuth()->getUser();