From 890a6925d1f2b0665c0bf9881f87c5a6cacb29db Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Thu, 11 Jan 2024 08:52:30 +0100
Subject: [PATCH] fix: email verification / forgot password

---
 app/Http/Controllers/Controller.php | 19 +++++++++---------
 routes/web.php                      | 31 ++---------------------------
 2 files changed, 11 insertions(+), 39 deletions(-)

diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
index fcc570f30..1241751f0 100644
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@@ -3,14 +3,13 @@
 namespace App\Http\Controllers;
 
 use App\Events\TestEvent;
-use App\Models\InstanceSettings;
-use App\Models\S3Storage;
-use App\Models\StandalonePostgresql;
 use App\Models\TeamInvitation;
 use App\Models\User;
 use App\Providers\RouteServiceProvider;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+use Illuminate\Foundation\Auth\EmailVerificationRequest;
 use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Crypt;
@@ -35,25 +34,25 @@ public function realtime_test() {
     public function verify() {
         return view('auth.verify-email');
     }
-    public function email_verify() {
-        request()->fulfill();
+    public function email_verify(EmailVerificationRequest $request) {
+        $request->fulfill();
         $name = request()->user()?->name;
         send_internal_notification("User {$name} verified their email address.");
         return redirect(RouteServiceProvider::HOME);
     }
-    public function forgot_password() {
+    public function forgot_password(Request $request) {
         if (is_transactional_emails_active()) {
-            $arrayOfRequest = request()->only(Fortify::email());
-            request()->merge([
+            $arrayOfRequest = $request->only(Fortify::email());
+            $request->merge([
                 'email' => Str::lower($arrayOfRequest['email']),
             ]);
             $type = set_transanctional_email_settings();
             if (!$type) {
                 return response()->json(['message' => 'Transactional emails are not active'], 400);
             }
-            request()->validate([Fortify::email() => 'required|email']);
+            $request->validate([Fortify::email() => 'required|email']);
             $status = Password::broker(config('fortify.passwords'))->sendResetLink(
-                request()->only(Fortify::email())
+                $request->only(Fortify::email())
             );
             if ($status == Password::RESET_LINK_SENT) {
                 return app(SuccessfulPasswordResetLinkRequestResponse::class, ['status' => $status]);
diff --git a/routes/web.php b/routes/web.php
index 4418bbbaf..65f5057fc 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -79,38 +79,11 @@
     Route::get('/dev/compose', Compose::class)->name('dev.compose');
 }
 
-Route::post('/forgot-password', function (Request $request) {
-    if (is_transactional_emails_active()) {
-        $arrayOfRequest = $request->only(Fortify::email());
-        $request->merge([
-            'email' => Str::lower($arrayOfRequest['email']),
-        ]);
-        $type = set_transanctional_email_settings();
-        if (!$type) {
-            return response()->json(['message' => 'Transactional emails are not active'], 400);
-        }
-        $request->validate([Fortify::email() => 'required|email']);
-        $status = Password::broker(config('fortify.passwords'))->sendResetLink(
-            $request->only(Fortify::email())
-        );
-        if ($status == Password::RESET_LINK_SENT) {
-            return app(SuccessfulPasswordResetLinkRequestResponse::class, ['status' => $status]);
-        }
-        if ($status == Password::RESET_THROTTLED) {
-            return response('Already requested a password reset in the past minutes.', 400);
-        }
-        return app(FailedPasswordResetLinkRequestResponse::class, ['status' => $status]);
-    }
-    return response()->json(['message' => 'Transactional emails are not active'], 400);
-})->name('password.forgot');
+Route::post('/forgot-password', [Controller::class, 'forgot_password'])->name('password.forgot');
 Route::get('/api/v1/test/realtime', [Controller::class, 'realtime_test'])->middleware('auth');
 Route::get('/waitlist', WaitlistIndex::class)->name('waitlist.index');
 Route::get('/verify', [Controller::class, 'verify'])->middleware('auth')->name('verify.email');
-Route::get('/email/verify/{id}/{hash}', function (EmailVerificationRequest $request) {
-    $request->fulfill();
-    send_internal_notification("User {$request->user()->name} verified their email address.");
-    return redirect(RouteServiceProvider::HOME);
-})->middleware(['auth'])->name('verify.verify');
+Route::get('/email/verify/{id}/{hash}', [Controller::class, 'email_verify'])->middleware(['auth'])->name('verify.verify');
 Route::middleware(['throttle:login'])->group(function () {
     Route::get('/auth/link', [Controller::class, 'link'])->name('auth.link');
 });