From bbfd833b033111fab3d3db48073c5fd77f794ee5 Mon Sep 17 00:00:00 2001 From: Louis Jeckel Date: Thu, 27 Aug 2020 11:45:02 +0200 Subject: [PATCH] verify email on register + recaptcha --- .idea/lettre-pharma.iml | 1 + .idea/php.xml | 1 + app/Http/Controllers/AccountController.php | 4 +- .../Controllers/Auth/RegisterController.php | 5 + app/Http/Controllers/FlowpaperController.php | 1 + app/User.php | 3 +- composer.json | 1 + composer.lock | 68 +++++++- config/recaptcha.php | 148 ++++++++++++++++++ resources/lang/fr.json | 2 +- resources/lang/fr/validation.php | 2 + resources/views/auth/register.blade.php | 12 ++ resources/views/home/index.blade.php | 17 ++ resources/views/layouts/app.blade.php | 2 + routes/web.php | 4 +- 15 files changed, 266 insertions(+), 5 deletions(-) create mode 100644 config/recaptcha.php diff --git a/.idea/lettre-pharma.iml b/.idea/lettre-pharma.iml index 9e477f9..3f51641 100644 --- a/.idea/lettre-pharma.iml +++ b/.idea/lettre-pharma.iml @@ -12,6 +12,7 @@ + diff --git a/.idea/php.xml b/.idea/php.xml index e5244e6..6332590 100644 --- a/.idea/php.xml +++ b/.idea/php.xml @@ -199,6 +199,7 @@ + diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index d6c2ef9..a734479 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -62,9 +62,11 @@ class AccountController extends Controller 'first_name' => $request->input('first_name'), 'last_name' => $request->input('last_name'), 'password' => \Hash::make($request->input('password')), - 'reg_complete' => true + 'reg_complete' => true, ]); + $user->markEmailAsVerified(); + LoginToken::where('token', $request->input('login_token'))->delete(); diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index be50aa3..04f9afc 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -65,6 +65,7 @@ class RegisterController extends Controller ->where(fn(Builder $builder) => $builder->where('type', User::TYPE_USER)) ], 'password' => ['required', 'string', 'min:8', 'confirmed'], + recaptchaFieldName() => recaptchaRuleName(), ]); } @@ -100,5 +101,9 @@ class RegisterController extends Controller } + protected function registered(Request $request, $user) + { + \Session::flash('message', 'Votre inscription à bien été prise en compte ! Veuillez vérifier vos emails.'); + } } diff --git a/app/Http/Controllers/FlowpaperController.php b/app/Http/Controllers/FlowpaperController.php index bfb0d16..e423d52 100644 --- a/app/Http/Controllers/FlowpaperController.php +++ b/app/Http/Controllers/FlowpaperController.php @@ -24,6 +24,7 @@ class FlowpaperController extends Controller { $this->authorize('view', $file); + AccessLog::log($request, $file); return $file->view(); } diff --git a/app/User.php b/app/User.php index d665743..b8d907e 100644 --- a/app/User.php +++ b/app/User.php @@ -10,6 +10,7 @@ use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Relations\BelongsTo; use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Foundation\Auth\User as Authenticatable; +use Illuminate\Foundation\Auth\VerifiesEmails; use Illuminate\Notifications\Notifiable; use Illuminate\Support\Arr; use Illuminate\Support\Carbon; @@ -33,7 +34,7 @@ use Laravel\Scout\Searchable; * @property bool $reg_complete * @property string $status */ -class User extends Authenticatable +class User extends Authenticatable implements MustVerifyEmail { use Notifiable; use Searchable; diff --git a/composer.json b/composer.json index 6eeb9fb..405c60b 100644 --- a/composer.json +++ b/composer.json @@ -14,6 +14,7 @@ "algolia/algoliasearch-client-php": "^2.6", "anaseqal/nova-import": "^0.0.3", "area17/twill": "^2.0", + "biscolab/laravel-recaptcha": "^4.1", "caouecs/laravel-lang": "~6.0", "coderello/laravel-nova-lang": "^1.4", "fideloper/proxy": "^4.2", diff --git a/composer.lock b/composer.lock index 3b5ee1f..f0bd77d 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "619658d66882bcbce2ed61728005dc01", + "content-hash": "5c282ec3e2dd3c868fc7681ebeedb9f5", "packages": [ { "name": "algolia/algoliasearch-client-php", @@ -447,6 +447,72 @@ "homepage": "https://github.com/Bacon/BaconQrCode", "time": "2018-04-25T17:53:56+00:00" }, + { + "name": "biscolab/laravel-recaptcha", + "version": "4.1.0", + "source": { + "type": "git", + "url": "https://github.com/biscolab/laravel-recaptcha.git", + "reference": "9bfe22ffb78efaff005659af68867d1ba52c0a00" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/biscolab/laravel-recaptcha/zipball/9bfe22ffb78efaff005659af68867d1ba52c0a00", + "reference": "9bfe22ffb78efaff005659af68867d1ba52c0a00", + "shasum": "" + }, + "require": { + "laravel/framework": "^5.5|^6.0|^7.0", + "php": "^7.1" + }, + "require-dev": { + "orchestra/testbench": "~3.0", + "phpunit/phpunit": "6.*|7.*" + }, + "suggest": { + "biscolab/laravel-authlog": "Allows logged-in users management and forced log-out" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Biscolab\\ReCaptcha\\ReCaptchaServiceProvider" + ], + "aliases": { + "ReCaptcha": "Biscolab\\ReCaptcha\\Facades\\ReCaptcha" + } + } + }, + "autoload": { + "psr-4": { + "Biscolab\\ReCaptcha\\": "src/" + }, + "files": [ + "src/helpers.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Roberto Belotti", + "email": "roby.belotti@gmail.com", + "homepage": "https://biscolab.com", + "role": "Developer" + } + ], + "description": "Simple and painless Google reCAPTCHA package for Laravel 5, 6 and 7", + "homepage": "https://biscolab.com/laravel-recaptcha", + "keywords": [ + "captcha", + "laravel", + "recaptcha", + "validation" + ], + "time": "2020-03-06T23:25:41+00:00" + }, { "name": "brick/math", "version": "0.8.14", diff --git a/config/recaptcha.php b/config/recaptcha.php new file mode 100644 index 0000000..8817b5d --- /dev/null +++ b/config/recaptcha.php @@ -0,0 +1,148 @@ + env('RECAPTCHA_SITE_KEY', ''), + + /** + * + * The secret key + * get secret key @ www.google.com/recaptcha/admin + * + */ + 'api_secret_key' => env('RECAPTCHA_SECRET_KEY', ''), + + /** + * + * ReCATCHA version + * Supported: "v2", "invisible", "v3", + * + * get more info @ https://developers.google.com/recaptcha/docs/versions + * + */ + 'version' => 'v2', + + /** + * + * The curl timout in seconds to validate a recaptcha token + * @since v3.5.0 + * + */ + 'curl_timeout' => 10, + + /** + * + * IP addresses for which validation will be skipped + * + */ + 'skip_ip' => [], + + /** + * + * Default route called to check the Google reCAPTCHA token + * @since v3.2.0 + * + */ + 'default_validation_route' => 'recaptcha/validate', + + /** + * + * The name of the parameter used to send Google reCAPTCHA token to verify route + * @since v3.2.0 + * + */ + 'default_token_parameter_name' => 'token', + + /** + * + * The default Google reCAPTCHA language code + * It has no effect with v3 + * @see https://developers.google.com/recaptcha/docs/language + * @since v3.6.0 + * + */ + 'default_language' => 'fr', + + /** + * + * The default form ID. Only for "invisible" reCAPTCHA + * @since v4.0.0 + * + */ + 'default_form_id' => 'recaptcha-invisible-form', + + /** + * + * Deferring the render can be achieved by specifying your onload callback function and adding parameters to the JavaScript resource. + * It has no effect with v3 and invisible + * @see https://developers.google.com/recaptcha/docs/display#explicit_render + * @since v4.0.0 + * Supported true, false + * + */ + 'explicit' => false, + + /** + * + * g-recaptcha tag attributes and grecaptcha.render parameters (v2 only) + * @see https://developers.google.com/recaptcha/docs/display#render_param + * @since v4.0.0 + */ + 'tag_attributes' => [ + + /** + * The color theme of the widget. + * Supported "light", "dark" + */ + 'theme' => 'light', + + /** + * The size of the widget. + * Supported "normal", "compact" + */ + 'size' => 'normal', + + /** + * The tabindex of the widget and challenge. + * If other elements in your page use tabindex, it should be set to make user navigation easier. + */ + 'tabindex' => 0, + + /** + * The name of your callback function, executed when the user submits a successful response. + * The g-recaptcha-response token is passed to your callback. + * DO NOT SET "biscolabOnloadCallback" + */ + 'callback' => null, + + /** + * The name of your callback function, executed when the reCAPTCHA response expires and the user needs to re-verify. + * DO NOT SET "biscolabOnloadCallback" + */ + 'expired-callback' => null, + + /** + * The name of your callback function, executed when reCAPTCHA encounters an error (usually network connectivity) and cannot continue until connectivity is restored. + * If you specify a function here, you are responsible for informing the user that they should retry. + * DO NOT SET "biscolabOnloadCallback" + */ + 'error-callback' => null, + ] +]; diff --git a/resources/lang/fr.json b/resources/lang/fr.json index ecb1ced..6e6c009 100644 --- a/resources/lang/fr.json +++ b/resources/lang/fr.json @@ -2,7 +2,7 @@ "A fresh verification link has been sent to your email address.": "Un nouveau lien de vérification a été envoyé à votre adresse email.", "All rights reserved.": "Tous droits réservés.", "Before proceeding, please check your email for a verification link.": "Avant de continuer, veuillez vérifier votre courrier électronique pour un lien de vérification.", - "click here to request another": "cliquer ici pour faire une autre demande", + "click here to request another": "cliquez ici pour faire une autre demande", "Confirm Password": "Confirmez le mot de passe", "E-Mail Address": "Adresse email", "Error": "Erreur", diff --git a/resources/lang/fr/validation.php b/resources/lang/fr/validation.php index 44f9397..30b20fc 100644 --- a/resources/lang/fr/validation.php +++ b/resources/lang/fr/validation.php @@ -134,6 +134,8 @@ return [ ], ], + 'recaptcha' => "Merci de cocher la case 'je ne suis pas un robot'", + /* |-------------------------------------------------------------------------- | Custom Validation Attributes diff --git a/resources/views/auth/register.blade.php b/resources/views/auth/register.blade.php index a3bf374..b4332ca 100644 --- a/resources/views/auth/register.blade.php +++ b/resources/views/auth/register.blade.php @@ -98,6 +98,18 @@ +
+
+
+ @error(recaptchaFieldName()) + + {{ $message }} + + @enderror + {!! ReCaptcha::htmlFormSnippet() !!} +
+
+
@endif + + + @if (session('resent')) + + @elseif(\Auth::check() && !\Auth::user()->hasVerifiedEmail()) +
+ {{ __('Before proceeding, please check your email for a verification link.') }} + {{ __('If you did not receive the email') }}, +
+ @csrf + . +
+
+ @endif +

L'actualité à la une de notre quotidien

diff --git a/resources/views/layouts/app.blade.php b/resources/views/layouts/app.blade.php index 2f13d11..b2d2bc3 100644 --- a/resources/views/layouts/app.blade.php +++ b/resources/views/layouts/app.blade.php @@ -15,6 +15,8 @@ @yield('scripts') + {!! ReCaptcha::htmlScriptTagJsApi() !!} + diff --git a/routes/web.php b/routes/web.php index cb31d9f..a9769ba 100644 --- a/routes/web.php +++ b/routes/web.php @@ -45,7 +45,9 @@ Route::domain(env('CLIENT_DOMAIN_NAME'))->group(function() { /** Flowpaper viewer */ Route::middleware('login.token') ->get('/view/{file:slug}', 'FlowpaperController@view') - ->name('flowpaper.view'); + ->name('flowpaper.view') + ->middleware('verified'); + Route::get('edition/{file:slug}', 'FileController@show'); -- 2.39.5