/**
* @param RegisterUser $command
*
* @throws PermissionDeniedException if signup is closed and the actor is
* not an administrator.
* @throws \Flarum\Core\Exceptions\InvalidConfirmationTokenException if an
* email confirmation token is provided but is invalid.
*
* @return User
*/
public function handle(RegisterUser $command)
{
$actor = $command->actor;
$data = $command->data;
if (!$this->settings->get('allow_sign_up') && !$actor->isAdmin()) {
throw new PermissionDeniedException();
}
$username = array_get($data, 'attributes.username');
$email = array_get($data, 'attributes.email');
$password = array_get($data, 'attributes.password');
// If a valid authentication token was provided as an attribute,
// then we won't require the user to choose a password.
if (isset($data['attributes']['token'])) {
$token = AuthToken::validOrFail($data['attributes']['token']);
$password = $password ?: str_random(20);
}
$user = User::register($username, $email, $password);
// If a valid authentication token was provided, then we will assign
// the attributes associated with it to the user's account. If this
// includes an email address, then we will activate the user's account
// from the get-go.
if (isset($token)) {
foreach ($token->payload as $k => $v) {
$user->{$k} = $v;
}
if (isset($token->payload['email'])) {
$user->activate();
}
}
event(new UserWillBeSaved($user, $actor, $data));
$user->save();
if (isset($token)) {
$token->delete();
}
$this->dispatchEventsFor($user);
return $user;
}
