Merge pull request #88 from LaswitchTech/dev

General: Version bumped to v0.0.88

Author: LouisOuellet

VERSION

@@ -1 +1 @@
-v0.0.87
+v0.0.88

View/330.php

@@ -22,7 +22,7 @@
                 <h2 class="h4 mb-1"><?= $this->Locale->get('Enter your verification code') ?></h2>
                 <p class="opacity-50 mb-0"><?= $this->Locale->get('We sent you a code to your email') ?></p>
             </div>
-            <form method="POST" action="<?= $this->Request->getHostAddress() . '/' . $this->Request->getUri() ?>" class="needs-validation" autocomplete="off" novalidate>
+            <form method="POST" action="<?= $this->Request->getHostAddress() . $this->Request->getUri() ?>" class="needs-validation" autocomplete="off" novalidate>
                 <?= $this->CSRF->field(); ?>
                 <input type="email" class="d-none" name="username" id="username" autocomplete="off" value="<?=$this->Request->getParams('POST','username')?>">
                 <div class="mb-3">

View/432.php

@@ -4,13 +4,16 @@
             <h2 class="h4 mb-1"><?= $this->Locale->get('Enter your verification code') ?></h2>
             <p class="opacity-50 mb-0"><?= $this->Locale->get('We sent you a code to your email') ?></p>
         </div>
-        <form method="POST" action="<?= $this->Request->getHostAddress() . '/' . $this->Request->getUri() ?>" class="needs-validation" autocomplete="off" novalidate>
+        <form method="POST" action="<?= $this->Request->getHostAddress() . $this->Request->getUri() . '?' . $this->Request->getQueryString()  ?>" class="needs-validation" autocomplete="off" novalidate>
             <?= $this->CSRF->field(); ?>
             <div class="mb-3">
                 <label for="code" class="form-label"><?= $this->Locale->get('Code') ?></label>
                 <input type="text" class="form-control" name="code" id="code" autocomplete="off" placeholder="000000" value="<?=$this->Request->getParams('GET','verify')?>" required>
                 <div class="invalid-feedback"><?= $this->Locale->get('Please enter a valid pin.') ?></div>
             </div>
+            <div class="d-flex justify-content-end align-items-center mb-4">
+                <a href="<?= $this->Request->getHostAddress() . $this->Request->getUri() . '?' . $this->Request->getQueryString() ?>&resend"><?= $this->Locale->get('Request a new code') ?><i class="bi bi-arrow-counterclockwise ms-1"></i></a>
+            </div>
             <div class="d-flex justify-content-between align-items-center gap-3 mt-4 mb-2">
                 <button type="button" class="btn btn-outline-secondary" onclick="window.history.back();"><i class="bi bi-arrow-left me-1"></i><?= $this->Locale->get('Go Back') ?></button>
                 <button type="submit" class="btn btn-primary flex-grow-1" name="reset"><?= $this->Locale->get('Continue') ?></button>

src/Auth.php

@@ -58,35 +58,35 @@ public function isAuthenticated(): bool
         }
 
         // Check Bearer Token
-        if ($this->authenticateBearer()) {
+        if ($this->byBearerToken()) {
             $this->method = 'bearer';
             $this->status = true;
             return $this->status;
         }
 
         // Check Basic Authentication
-        if ($this->authenticateBasic()) {
+        if ($this->byBasicAuth()) {
             $this->method = 'basic';
             $this->status = true;
             return $this->status;
         }
 
         // Check Session Authentication
-        if ($this->authenticateSession()) {
+        if ($this->bySession()) {
             $this->method = 'session';
             $this->status = true;
             return $this->status;
         }
 
         // Check Cookie Authentication
-        if ($this->authenticateCookie()) {
+        if ($this->byCookie()) {
             $this->method = 'cookie';
             $this->status = true;
             return $this->status;
         }
 
         // Check Request Authentication
-        if ($this->authenticateRequest()) {
+        if ($this->byRequest()) {
             $this->method = 'request';
             $this->status = true;
             return $this->status;
@@ -125,25 +125,50 @@ protected function isResetting(): void
             return;
         }
 
-        // echo 'code: '; var_dump($REQUEST->getParams('REQUEST','code'));
-        // echo 'username: '; var_dump($REQUEST->getParams('REQUEST','username'));
-        // echo 'forgot: '; var_dump($REQUEST->getParams('REQUEST','forgot'));
-        // echo 'reset: '; var_dump($REQUEST->getParams('REQUEST','reset'));
-        // echo 'verify: '; var_dump($REQUEST->getParams('REQUEST','verify'));
         if(
             $REQUEST->getParams('REQUEST','code') &&
             $REQUEST->getParams('REQUEST','username') &&
             !is_null($REQUEST->getParams('REQUEST','reset')) &&
             is_null($REQUEST->getParams('REQUEST','forgot')) &&
             is_null($REQUEST->getParams('REQUEST','verify'))
         ) {
-            $this->verifyPin($REQUEST->getParams('REQUEST','username'), $REQUEST->getParams('REQUEST','code'));
+            $this->verifyPin($REQUEST->getParams('REQUEST','username'), $REQUEST->getParams('REQUEST','code'),function(object $user){
+
+                // Reset the user's password
+                $password = $user->backend()->reset();
+
+                // Notify the user of the new password
+                $this->requested = $user->backend()->notify($user,$password);
+            });
         } elseif(
             $REQUEST->getParams('REQUEST','username') &&
             !is_null($REQUEST->getParams('REQUEST','forgot')) &&
             !is_null($REQUEST->getParams('REQUEST','reset'))
         ) {
-            $this->setPin($REQUEST->getParams('REQUEST','username'));
+            $this->setPin($REQUEST->getParams('REQUEST','username'), function(object $user, string $pin){
+
+                // Import Global Variables
+                global $SMTP, $REQUEST;
+
+                // Write the email
+                $body = '';
+                $body .= '<p>Did you request a new password?</p>';
+                $body .= '<p>Here is your verification code:</p>';
+                $body .= '<pre style="background-color: #F5F5F5; font-weight: 700; font-size: 28px; text-align: center; letter-spacing: 16px; margin: 20px 20px; padding: 20px 0; font-family: Courier, monospace">'.($pin ?? 'ERROR!').'</pre>';
+                $body .= '<p>Please follow the link below to reset your password.</p>';
+                $body .= '<p style="text-align:center;margin-top: 40px;margin-bottom:40px;">';
+                $body .= '<a href="'.$REQUEST->getHostAddress().'?forgot&verify='.$pin.'&username='.$user->username.'" target="_blank" style="margin-left: 6px; margin-right: 6px; text-decoration:none; background-color: #528fb3;color: #fff;font-size: 24px;padding: 20px 40px;text-align: center;margin: 20px 20px;border-radius: 8px;">Reset</a>';
+                $body .= '</p>';
+                $body .= '<p>If you did not request this code, please contact your system administrator immediately.</p>';
+
+                // Create a new message
+                $eml = $SMTP->message()
+                    ->subject('Reset your password')
+                    ->body($body);
+
+                // Return the message
+                return $eml;
+            });
         }
     }
 
@@ -153,7 +178,7 @@ protected function isResetting(): void
      * @param string $username
      * @return bool
      */
-    protected function setPin(string $username): void
+    protected function setPin(string $username, callable $fn): void
     {
         // Retrieve User
         $user = $this->user($username);
@@ -171,7 +196,7 @@ protected function setPin(string $username): void
             $Pin->save($user->id,$pin);
 
             // Send the pin to the user email
-            $this->requested = $Pin->notify($user,$pin);
+            $this->requested = $Pin->notify($user,$pin,$fn);
         }
     }
 
@@ -182,7 +207,7 @@ protected function setPin(string $username): void
      * @param string $code
      * @return bool
      */
-    protected function verifyPin(string $username, string $code): void
+    protected function verifyPin(string $username, string $code, callable $fn): void
     {
         // Retrieve User
         $user = $this->user($username);
@@ -196,11 +221,8 @@ protected function verifyPin(string $username, string $code): void
             // Verify the pin
             if($Pin->verify($code)){
 
-                // Reset the user's password
-                $password = $user->backend()->reset();
-
-                // Notify the user of the new password
-                $this->requested = $user->backend()->notify($user,$password);
+                // Execute the callable function
+                $fn($user);
             }
         }
     }
@@ -240,7 +262,7 @@ public function method(): string
      *
      * @return bool
      */
-    protected function authenticateBearer(): bool
+    protected function byBearerToken(): bool
     {
         // Import Global Variables
         global $REQUEST;
@@ -303,7 +325,7 @@ protected function authenticateBearer(): bool
      *
      * @return bool
      */
-    protected function authenticateBasic(): bool
+    protected function byBasicAuth(): bool
     {
         // Import Global Variables
         global $REQUEST;
@@ -337,7 +359,7 @@ protected function authenticateBasic(): bool
      *
      * @return bool
      */
-    protected function authenticateCookie(): bool
+    protected function byCookie(): bool
     {
         // Import Global Variables
         global $REQUEST;
@@ -354,7 +376,7 @@ protected function authenticateCookie(): bool
      *
      * @return bool
      */
-    protected function authenticateSession(): bool
+    protected function bySession(): bool
     {
         // Import Global Variables
         global $REQUEST, $UUID;
@@ -387,7 +409,7 @@ protected function authenticateSession(): bool
      *
      * @return bool
      */
-    protected function authenticateRequest(): bool
+    protected function byRequest(): bool
     {
         // Import Global Variables
         global $REQUEST;
@@ -438,12 +460,6 @@ protected function authenticate(mixed $user, ?string $password = null): bool
                     // Check if the user is deleted
                     $status = !$this->user->deleted();
 
-                    // Check if the user is banned
-                    $status = ($status && !$this->user->banned());
-
-                    // Check if the user is verified
-                    $status = ($status && $this->user->verified());
-
                     // Check if the user's organization is active
                     $status = ($status && $this->user->organization['isActive'] > 0);
 
@@ -456,6 +472,65 @@ protected function authenticate(mixed $user, ?string $password = null): bool
                         // Set Session
                         $this->user->session()->create();
 
+                        // Check if the user is verified
+                        if(!$this->user->verified()){
+
+                            // Check if username is in request params
+                            if(is_null($REQUEST->getParams('REQUEST','username'))){
+
+                                // Redirect to verification page (?username='.$user->username.')
+                                header('Location: ?username='.$user->username);
+                            } else {
+
+                                // Check if we should resend the verification pin
+                                if(is_null($user->pin['id']) || !is_null($REQUEST->getParams('REQUEST','resend'))){
+
+                                    // Set a new pin
+                                    $this->setPin($user->username, function(object $user, string $pin){
+
+                                        // Import Global Variables
+                                        global $SMTP, $REQUEST;
+
+                                        // Write the email
+                                        $body = '';
+                                        $body .= '<p>Here is your verification code:</p>';
+                                        $body .= '<pre style="background-color: #F5F5F5; font-weight: 700; font-size: 28px; text-align: center; letter-spacing: 16px; margin: 20px 20px; padding: 20px 0; font-family: Courier, monospace">'.($pin ?? 'ERROR!').'</pre>';
+                                        $body .= '<p>Please follow the link below to verify your acount.</p>';
+                                        $body .= '<p style="text-align:center;margin-top: 40px;margin-bottom:40px;">';
+                                        $body .= '<a href="'.$REQUEST->getHostAddress().'?username='.$user->username.'&verify='.$pin.'" target="_blank" style="margin-left: 6px; margin-right: 6px; text-decoration:none; background-color: #528fb3;color: #fff;font-size: 24px;padding: 20px 40px;text-align: center;margin: 20px 20px;border-radius: 8px;">Verify</a>';
+                                        $body .= '</p>';
+                                        $body .= '<p>If you did not request this code, please contact your system administrator immediately.</p>';
+
+                                        // Create a new message
+                                        $eml = $SMTP->message()
+                                            ->subject('Account Verification')
+                                            ->body($body);
+
+                                        // Return the message
+                                        return $eml;
+                                    });
+                                } else {
+
+                                    // Check if code is in request params
+                                    if(!is_null($REQUEST->getParams('REQUEST','code'))){
+
+                                        // Verify the pin
+                                        $this->verifyPin($user->username, $REQUEST->getParams('REQUEST','code'),function(object $user){
+
+                                            // Import Global Variables
+                                            global $REQUEST;
+
+                                            // Verify the user
+                                            $user->verify();
+
+                                            // Redirect to original page
+                                            header('Location: '.$REQUEST->getHostAddress() . $REQUEST->getUri());
+                                        });
+                                    }
+                                }
+                            }
+                        }
+
                         return true;
                     }
                 }

src/Objects/Pin.php

@@ -143,7 +143,7 @@ public function verify(string $code): bool
      * @param string $pin
      * @return bool
      */
-    public function notify(object $user, string $pin): bool
+    public function notify(object $user, string $pin, callable $fn): bool
     {
         // Import Global Variables
         global $SMTP, $CONFIG, $REQUEST;
@@ -163,23 +163,12 @@ public function notify(object $user, string $pin): bool
             // Check if the SMTP Server is authenticated
             if($SMTP->isAuthenticated()){
 
-                // Write the email
-                $body = '';
-                $body .= '<p>Did you request a new password?</p>';
-                $body .= '<p>Here is your verification code:</p>';
-                $body .= '<pre style="background-color: #F5F5F5; font-weight: 700; font-size: 28px; text-align: center; letter-spacing: 16px; margin: 20px 20px; padding: 20px 0; font-family: Courier, monospace">'.($pin ?? 'ERROR!').'</pre>';
-                $body .= '<p>Please follow the link below to reset your password.</p>';
-                $body .= '<p style="text-align:center;margin-top: 40px;margin-bottom:40px;">';
-                $body .= '<a href="'.$REQUEST->getHostAddress().'?forgot&verify='.$pin.'&username='.$user->username.'" target="_blank" style="margin-left: 6px; margin-right: 6px; text-decoration:none; background-color: #528fb3;color: #fff;font-size: 24px;padding: 20px 40px;text-align: center;margin: 20px 20px;border-radius: 8px;">Reset</a>';
-                $body .= '</p>';
-                $body .= '<p>If you did not request this code, please contact your system administrator immediately.</p>';
-
                 // Create a new message
-                $eml = $SMTP->message()
-                    ->to($user->username)
+                $eml = $fn($user,$pin);
+
+                // Configure the message
+                $eml->to($user->username)
                     ->from($user->organization()->email ?? $CONFIG->get('smtp','username'))
-                    ->subject('Reset your password')
-                    ->body($body)
                     ->var('logo', 'data:'.mime_content_type($CONFIG->root() . '/webroot' . $this->logo()).';base64,' . base64_encode(file_get_contents($CONFIG->root() . '/webroot' . $this->logo())))
                     ->var('brand', $CONFIG->get('application','name'))
                     ->var('greetings', "Sincerely,<br>".$user->organization()->name."'s Team");

src/Objects/User.php

@@ -333,4 +333,18 @@ public function token(): string
     {
         return $this->token;
     }
+
+    /**
+     * Verify the User
+     *
+     * @return bool
+     */
+    public function verify(): bool
+    {
+        $query = $this->Database->query();
+        $query->table('users')
+            ->update(['isVerified' => 1])
+            ->where('id', $this->user['id']);
+        return $query->execute() > 0;
+    }
 }