app/Http/Middleware/CheckEmailConfirmed.php
<?php
namespace BookStack\Http\Middleware;
use BookStack\Access\EmailConfirmationService;
use BookStack\Users\Models\User;
use Closure;
/**
* Check that the user's email address is confirmed.
*
* As of v21.08 this is technically not required but kept as a prevention
* to log out any users that may be logged in but in an "awaiting confirmation" state.
* We'll keep this for a while until it'd be very unlikely for a user to be upgrading from
* a pre-v21.08 version.
*
* Ideally we'd simply invalidate all existing sessions upon update but that has
* proven to be a lot more difficult than expected.
*/
class CheckEmailConfirmed
{
protected $confirmationService;
public function __construct(EmailConfirmationService $confirmationService)
{
$this->confirmationService = $confirmationService;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
/** @var User $user */
$user = auth()->user();
if (auth()->check() && !$user->email_confirmed && $this->confirmationService->confirmationRequired()) {
auth()->logout();
return redirect()->to('/');
}
return $next($request);
}
}