/**
* Confirms email and token then updates user email address status.
*
* @return Response
*/
public function getEmailConfirmation($email, $token)
{
$emailChg = UserEmailChange::where('email', '=', $email)->where('token', '=', $token)->where('confirmed', '=', false)->orderBy('created_at', 'desc')->first();
if ($emailChg instanceof UserEmailChange) {
$limitDateTime = new \DateTime();
$limitDateTime->sub(new \DateInterval('P7D'));
$user = Auth::check() ? Auth::user() : User::find($emailChg->user_id);
// If $user->email == $emailChg->email, it's the first time.
// No need to check expiry date then
if ($user->email == $emailChg->email or $emailChg->created_at >= $limitDateTime) {
// Update user email, if changed since registration
if ($user->email != $emailChg->email) {
$user->email = $emailChg->email;
$user->save();
}
// Update email status
$emailChg->confirmed = true;
$emailChg->save();
$this->setFlashMessage('success', 'Your email is verified. You may now login if you didn\'t already.');
} else {
$this->setFlashMessage('danger', 'Your request is no longer valid. Please contact us or submit a new one.');
}
} else {
// redirect
$this->setFlashMessage('danger', 'We could not confirm your email address. Please try again.');
}
// Simple hack not to loose flash messages between redirects.
// Authentication is already a built-in trait so no need to rewrite or
// create a closure in route definition
if (Auth::check()) {
// If logged, get redirected to landing page
return redirect()->route('home');
} else {
// If not, gets redirected to signin page
return redirect()->route('signin_get');
}
}
/**
* Test user account email update validation
*
* @return void
*/
public function testUserAccountEmailUpdate()
{
$curPw = 'Sampl3P4ssword';
$user = factory(User::class)->create(['password' => bcrypt($curPw)]);
$emailChg = factory(UserEmailChange::class)->create(['user_id' => $user->id, 'email' => $user->email, 'confirmed' => true]);
$newEmail = '*****@*****.**';
$this->actingAs($user)->visit(route('user::update_email_get'))->type($curPw, 'current_password')->type($newEmail, 'email')->type($newEmail, 'email_confirmation')->press('Update email')->see('Email address updated.')->seePageIs(route('home'));
$newEmailChg = UserEmailChange::where('email', '=', $newEmail)->where('confirmed', '=', false)->orderBy('created_at', 'desc')->first();
$this->assertTrue($newEmailChg instanceof UserEmailChange);
// Test email confirmation expiry date (a week, 7 days)
$expiredDate = $newEmailChg->created_at;
$expiredDate->sub(new \DateInterval('P8D'));
$newEmailChg->created_at = $expiredDate;
$newEmailChg->save();
$getParams = ['email' => $newEmailChg->email, 'token' => $newEmailChg->token];
$this->visit(route('user::email_confirmation_get', $getParams))->seePageIs(route('home'))->see('Your request is no longer valid');
// Test email confirmation
$validDate = $newEmailChg->created_at;
$validDate->add(new \DateInterval('P1D'));
$newEmailChg->created_at = $validDate;
$newEmailChg->save();
$this->visit(route('user::email_confirmation_get', $getParams))->seePageIs(route('home'))->see('Your email is verified');
$this->seeInDatabase('users_email_change', ['id' => $newEmailChg->id, 'email' => $newEmail, 'confirmed' => true]);
}
