Shiloh/lasthourcloud
Shiloh/lasthourcloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

fix: password reset / invitation link requests

Browse Source
This commit is contained in:
Andras Bacsai 2023-12-13 15:22:37 +01:00
parent 1ff1664b6c
commit 02c8b9f471
7 changed files with 27 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Controllers/Controller.php
View File

@ -137,17 +137,29 @@ class Controller extends BaseController
public function acceptInvitation() public function acceptInvitation()
{ {
try { try {
$invitation = TeamInvitation::whereUuid(request()->route('uuid'))->firstOrFail(); $resetPassword = request()->query('reset-password');
$invitationUuid = request()->route('uuid');
$invitation = TeamInvitation::whereUuid($invitationUuid)->firstOrFail();
$user = User::whereEmail($invitation->email)->firstOrFail(); $user = User::whereEmail($invitation->email)->firstOrFail();
if (auth()->user()->id !== $user->id) {
abort(401);
}
$invitationValid = $invitation->isValid(); $invitationValid = $invitation->isValid();
if ($invitationValid) { if ($invitationValid) {
$user->teams()->attach($invitation->team->id, ['role' => $invitation->role]); if ($resetPassword) {
refreshSession($invitation->team); $user->update([
'password' => Hash::make($invitationUuid),
'force_password_reset' => true
]);
}
if ($user->teams()->where('team_id', $invitation->team->id)->exists()) {
$invitation->delete(); $invitation->delete();
return redirect()->route('team.index'); return redirect()->route('team.index');
}
$user->teams()->attach($invitation->team->id, ['role' => $invitation->role]);
$invitation->delete();
if (auth()->user()?->id !== $user->id) {
return redirect()->route('login');
}
refreshSession($invitation->team);
return redirect()->route('team.index');
} else { } else {
abort(401); abort(401);
} }

2
app/Http/Middleware/CheckForcePasswordReset.php
View File

@ -24,7 +24,7 @@ class CheckForcePasswordReset
} }
$force_password_reset = auth()->user()->force_password_reset; $force_password_reset = auth()->user()->force_password_reset;
if ($force_password_reset) { if ($force_password_reset) {
if ($request->routeIs('auth.force-password-reset') || $request->path() === 'livewire/message/force-password-reset') { if ($request->routeIs('auth.force-password-reset') || $request->path() === 'force-password-reset' || $request->path() === 'livewire/update' || $request->path() === 'logout') {
return $next($request); return $next($request);
} }
return redirect()->route('auth.force-password-reset'); return redirect()->route('auth.force-password-reset');

3
app/Http/Middleware/DecideWhatToDoWithUser.php
View File

@ -11,6 +11,9 @@ class DecideWhatToDoWithUser
{ {
public function handle(Request $request, Closure $next): Response public function handle(Request $request, Closure $next): Response
{ {
if(auth()?->user()?->currentTeam()){
refreshSession(auth()->user()->currentTeam());
}
if (!auth()->user() || !isCloud() || isInstanceAdmin()) { if (!auth()->user() || !isCloud() || isInstanceAdmin()) {
if (!isCloud() && showBoarding() && !in_array($request->path(), allowedPathsForBoardingAccounts())) { if (!isCloud() && showBoarding() && !in_array($request->path(), allowedPathsForBoardingAccounts())) {
return redirect('boarding'); return redirect('boarding');

10
bootstrap/helpers/subscriptions.php
View File

@ -128,11 +128,6 @@ function allowedPathsForUnsubscribedAccounts()
'logout', 'logout',
'waitlist', 'waitlist',
'force-password-reset', 'force-password-reset',
// 'livewire/message/force-password-reset',
// 'livewire/message/check-license',
// 'livewire/message/switch-team',
// 'livewire/message/subscription.pricing-plans',
// 'livewire/message/help',
'livewire/update' 'livewire/update'
]; ];
} }
@ -141,8 +136,6 @@ function allowedPathsForBoardingAccounts()
return [ return [
...allowedPathsForUnsubscribedAccounts(), ...allowedPathsForUnsubscribedAccounts(),
'boarding', 'boarding',
// 'livewire/message/boarding.index',
// 'livewire/message/activity-monitor',
'livewire/update' 'livewire/update'
]; ];
} }
@ -151,9 +144,6 @@ function allowedPathsForInvalidAccounts() {
'logout', 'logout',
'verify', 'verify',
'force-password-reset', 'force-password-reset',
// 'livewire/message/force-password-reset',
// 'livewire/message/verify-email',
// 'livewire/message/help',
'livewire/update' 'livewire/update'
]; ];
} }

4
resources/views/auth/reset-password.blade.php
View File

@ -1,13 +1,13 @@
<x-layout-simple> <x-layout-simple>
<div class="min-h-screen hero"> <div class="min-h-screen hero">
<div> <div>
<div class="flex flex-col items-center pb-8"> <div class="flex flex-col items-center ">
<a href="{{ route('dashboard') }}"> <a href="{{ route('dashboard') }}">
<div class="text-5xl font-bold tracking-tight text-center text-white">Coolify</div> <div class="text-5xl font-bold tracking-tight text-center text-white">Coolify</div>
</a> </a>
</div> </div>
<div class="flex items-center justify-center pb-4 text-center"> <div class="flex items-center justify-center pb-4 text-center">
<h2>{{ __('auth.reset_password') }}</h2> {{ __('auth.reset_password') }}
</div> </div>
<div> <div>
<form action="/reset-password" method="POST" class="flex flex-col gap-2"> <form action="/reset-password" method="POST" class="flex flex-col gap-2">

1
resources/views/layouts/simple.blade.php
View File

@ -1,6 +1,7 @@
@extends('layouts.base') @extends('layouts.base')
@section('body') @section('body')
@parent @parent
<x-navbar-subscription />
<main> <main>
{{ $slot }} {{ $slot }}
</main> </main>

4
resources/views/livewire/force-password-reset.blade.php
View File

@ -1,12 +1,12 @@
<div class="min-h-screen hero"> <div class="min-h-screen hero">
<div class="w-96 min-w-fit"> <div class="w-96 min-w-fit">
<div class="flex flex-col items-center pb-8"> <div class="flex flex-col items-center">
<a href="{{ route('dashboard') }}"> <a href="{{ route('dashboard') }}">
<div class="text-5xl font-bold tracking-tight text-center text-white">Coolify</div> <div class="text-5xl font-bold tracking-tight text-center text-white">Coolify</div>
</a> </a>
</div> </div>
<div class="flex items-center justify-center pb-4 text-center"> <div class="flex items-center justify-center pb-4 text-center">
<h2>Set your initial password</h2> Set your initial password
</div> </div>
<form class="flex flex-col gap-2" wire:submit='submit'> <form class="flex flex-col gap-2" wire:submit='submit'>
<x-forms.input id="email" type="email" placeholder="Email" readonly label="Email" /> <x-forms.input id="email" type="email" placeholder="Email" readonly label="Email" />