Merge pull request #3705 from CachetHQ/manage-subscriptions-security

Improved subscriber handling
This commit is contained in:
James Brooks
2019-07-13 09:11:56 +01:00
committed by GitHub
8 changed files with 111 additions and 22 deletions
+8 -7
View File
@@ -21,6 +21,7 @@ use CachetHQ\Cachet\Models\Component;
use CachetHQ\Cachet\Models\ComponentGroup;
use CachetHQ\Cachet\Models\Subscriber;
use CachetHQ\Cachet\Models\Subscription;
use CachetHQ\Cachet\Notifications\Subscriber\ManageSubscriptionNotification;
use GrahamCampbell\Binput\Facades\Binput;
use GrahamCampbell\Markdown\Facades\Markdown;
use Illuminate\Contracts\Auth\Guard;
@@ -88,12 +89,12 @@ class SubscribeController extends Controller
->withErrors($e->getMessageBag());
}
if ($subscription->is_verified) {
return cachet_redirect('status-page')->withSuccess(trans('cachet.subscriber.email.already-subscribed', ['email' => $email]));
}
// Send the subscriber a link to manage their subscription.
$subscription->notify(new ManageSubscriptionNotification());
return cachet_redirect('subscribe.manage', $subscription->verify_code)
->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.subscribed')));
return redirect()->back()->withSuccess(
sprintf('%s %s', trans('dashboard.notifications.awesome'),
trans('cachet.subscriber.email.manage_subscription')));
}
/**
@@ -119,8 +120,8 @@ class SubscribeController extends Controller
execute(new VerifySubscriberCommand($subscriber));
}
return cachet_redirect('status-page')
->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.verified')));
return cachet_redirect('subscribe.manage', $code)
->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.subscribed')));
}
/**
+2
View File
@@ -27,6 +27,7 @@ use CachetHQ\Cachet\Http\Middleware\TrustProxies;
use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
use Illuminate\Routing\Middleware\ValidateSignature;
class Kernel extends HttpKernel
{
@@ -57,6 +58,7 @@ class Kernel extends HttpKernel
'localize' => Localize::class,
'ready' => ReadyForUse::class,
'setup' => SetupAlreadyCompleted::class,
'signed' => ValidateSignature::class,
'subscribers' => SubscribersConfigured::class,
'throttle' => Throttler::class,
];
+6 -4
View File
@@ -49,8 +49,9 @@ class SubscribeRoutes
]);
$router->get('subscribe/manage/{code}', [
'as' => 'get:subscribe.manage',
'uses' => 'SubscribeController@showManage',
'as' => 'get:subscribe.manage',
'middleware' => ['signed'],
'uses' => 'SubscribeController@showManage',
]);
$router->post('subscribe/manage/{code}', [
'as' => 'post:subscribe.manage',
@@ -58,8 +59,9 @@ class SubscribeRoutes
]);
$router->get('subscribe/verify/{code}', [
'as' => 'get:subscribe.verify',
'uses' => 'SubscribeController@getVerify',
'as' => 'get:subscribe.verify',
'middleware' => ['signed'],
'uses' => 'SubscribeController@getVerify',
]);
$router->get('unsubscribe/{code}/{subscription?}', [