Breaking changes in BETA
redirect param is now confirmation
This commit is contained in:
parent
9a74477ef1
commit
ac244b5efa
|
@ -30,12 +30,12 @@ $utopia->post('/v1/auth/register')
|
||||||
->label('abuse-limit', 10)
|
->label('abuse-limit', 10)
|
||||||
->param('email', '', function () {return new Email();}, 'Account email')
|
->param('email', '', function () {return new Email();}, 'Account email')
|
||||||
->param('password', '', function () {return new Password();}, 'User password')
|
->param('password', '', function () {return new Password();}, 'User password')
|
||||||
->param('redirect', '', function () use ($clients) {return new Host($clients);}, 'Confirmation page to redirect user after confirm token has been sent to user email')
|
->param('confirmation', '', function () use ($clients) {return new Host($clients);}, 'Confirmation URL to redirect user after confirm token has been sent to user email')
|
||||||
->param('success', null, function () use ($clients) {return new Host($clients);}, 'Redirect when registration succeed')
|
->param('success', null, function () use ($clients) {return new Host($clients);}, 'Redirect when registration succeed', true)
|
||||||
->param('failure', null, function () use ($clients) {return new Host($clients);}, 'Redirect when registration failed')
|
->param('failure', null, function () use ($clients) {return new Host($clients);}, 'Redirect when registration failed', true)
|
||||||
->param('name', '', function () {return new Text(100);}, 'User name', true)
|
->param('name', '', function () {return new Text(100);}, 'User name', true)
|
||||||
->action(
|
->action(
|
||||||
function ($email, $password, $redirect, $success, $failure, $name) use ($request, $response, $register, $audit, $projectDB, $project, $webhook) {
|
function ($email, $password, $confirmation, $success, $failure, $name) use ($request, $response, $register, $audit, $projectDB, $project, $webhook) {
|
||||||
if('console' === $project->getUid()) {
|
if('console' === $project->getUid()) {
|
||||||
$whitlistEmails = $project->getAttribute('authWhitelistEmails');
|
$whitlistEmails = $project->getAttribute('authWhitelistEmails');
|
||||||
$whitlistIPs = $project->getAttribute('authWhitelistIPs');
|
$whitlistIPs = $project->getAttribute('authWhitelistIPs');
|
||||||
|
@ -132,16 +132,16 @@ $utopia->post('/v1/auth/register')
|
||||||
|
|
||||||
// Send email address confirmation email
|
// Send email address confirmation email
|
||||||
|
|
||||||
$redirect = Template::parseURL($redirect);
|
$confirmation = Template::parseURL($confirmation);
|
||||||
$redirect['query'] = Template::mergeQuery(((isset($redirect['query'])) ? $redirect['query'] : ''), ['userId' => $user->getUid(), 'token' => $confirmSecret]);
|
$confirmation['query'] = Template::mergeQuery(((isset($confirmation['query'])) ? $confirmation['query'] : ''), ['userId' => $user->getUid(), 'token' => $confirmSecret]);
|
||||||
$redirect = Template::unParseURL($redirect);
|
$confirmation = Template::unParseURL($confirmation);
|
||||||
|
|
||||||
$body = new Template(__DIR__.'/../config/locale/templates/'.Locale::getText('auth.emails.confirm.body'));
|
$body = new Template(__DIR__.'/../config/locale/templates/'.Locale::getText('auth.emails.confirm.body'));
|
||||||
$body
|
$body
|
||||||
->setParam('{{direction}}', Locale::getText('settings.direction'))
|
->setParam('{{direction}}', Locale::getText('settings.direction'))
|
||||||
->setParam('{{project}}', $project->getAttribute('name', ['[APP-NAME]']))
|
->setParam('{{project}}', $project->getAttribute('name', ['[APP-NAME]']))
|
||||||
->setParam('{{name}}', $name)
|
->setParam('{{name}}', $name)
|
||||||
->setParam('{{redirect}}', $redirect)
|
->setParam('{{redirect}}', $confirmation)
|
||||||
;
|
;
|
||||||
|
|
||||||
$mail = $register->get('smtp'); /* @var $mail \PHPMailer\PHPMailer\PHPMailer */
|
$mail = $register->get('smtp'); /* @var $mail \PHPMailer\PHPMailer\PHPMailer */
|
||||||
|
@ -244,9 +244,9 @@ $utopia->post('/v1/auth/register/confirm/resend')
|
||||||
->label('sdk.description', "This endpoint allows the user to request your app to resend him his email confirmation message. The redirect arguments acts the same way as in /auth/register endpoint.\n\nPlease notice that in order to avoid a [Redirect Attacks](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md) the only valid redirect URL's are the once from domains you have set when added your platforms in the console interface.")
|
->label('sdk.description', "This endpoint allows the user to request your app to resend him his email confirmation message. The redirect arguments acts the same way as in /auth/register endpoint.\n\nPlease notice that in order to avoid a [Redirect Attacks](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md) the only valid redirect URL's are the once from domains you have set when added your platforms in the console interface.")
|
||||||
->label('abuse-limit', 10)
|
->label('abuse-limit', 10)
|
||||||
->label('abuse-key', 'url:{url},userId:{param-userId}')
|
->label('abuse-key', 'url:{url},userId:{param-userId}')
|
||||||
->param('redirect', '', function () use ($clients) {return new Host($clients);}, 'Confirmation page to redirect user to your app after confirm token has been sent to user email.')
|
->param('confirmation', '', function () use ($clients) {return new Host($clients);}, 'Confirmation page to redirect user to your app after confirm token has been sent to user email.')
|
||||||
->action(
|
->action(
|
||||||
function ($redirect) use ($response, $request, $projectDB, $user, $register, $project) {
|
function ($confirmation) use ($response, $request, $projectDB, $user, $register, $project) {
|
||||||
if ($user->getAttribute('confirm', false)) {
|
if ($user->getAttribute('confirm', false)) {
|
||||||
throw new Exception('Email address is already confirmed', 400);
|
throw new Exception('Email address is already confirmed', 400);
|
||||||
}
|
}
|
||||||
|
@ -269,16 +269,16 @@ $utopia->post('/v1/auth/register/confirm/resend')
|
||||||
throw new Exception('Failed saving user to DB', 500);
|
throw new Exception('Failed saving user to DB', 500);
|
||||||
}
|
}
|
||||||
|
|
||||||
$redirect = Template::parseURL($redirect);
|
$confirmation = Template::parseURL($confirmation);
|
||||||
$redirect['query'] = Template::mergeQuery(((isset($redirect['query'])) ? $redirect['query'] : ''), ['userId' => $user->getUid(), 'token' => $secret]);
|
$confirmation['query'] = Template::mergeQuery(((isset($confirmation['query'])) ? $confirmation['query'] : ''), ['userId' => $user->getUid(), 'token' => $secret]);
|
||||||
$redirect = Template::unParseURL($redirect);
|
$confirmation = Template::unParseURL($confirmation);
|
||||||
|
|
||||||
$body = new Template(__DIR__.'/../config/locale/templates/'.Locale::getText('auth.emails.confirm.body'));
|
$body = new Template(__DIR__.'/../config/locale/templates/'.Locale::getText('auth.emails.confirm.body'));
|
||||||
$body
|
$body
|
||||||
->setParam('{{direction}}', Locale::getText('settings.direction'))
|
->setParam('{{direction}}', Locale::getText('settings.direction'))
|
||||||
->setParam('{{project}}', $project->getAttribute('name', ['[APP-NAME]']))
|
->setParam('{{project}}', $project->getAttribute('name', ['[APP-NAME]']))
|
||||||
->setParam('{{name}}', $user->getAttribute('name'))
|
->setParam('{{name}}', $user->getAttribute('name'))
|
||||||
->setParam('{{redirect}}', $redirect)
|
->setParam('{{redirect}}', $confirmation)
|
||||||
;
|
;
|
||||||
|
|
||||||
$mail = $register->get('smtp'); /* @var $mail \PHPMailer\PHPMailer\PHPMailer */
|
$mail = $register->get('smtp'); /* @var $mail \PHPMailer\PHPMailer\PHPMailer */
|
||||||
|
@ -458,9 +458,9 @@ $utopia->post('/v1/auth/recovery')
|
||||||
->label('abuse-limit', 10)
|
->label('abuse-limit', 10)
|
||||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
->label('abuse-key', 'url:{url},email:{param-email}')
|
||||||
->param('email', '', function () {return new Email();}, 'User account email address.')
|
->param('email', '', function () {return new Email();}, 'User account email address.')
|
||||||
->param('redirect', '', function () use ($clients) {return new Host($clients);}, 'Reset page in your app to redirect user after reset token has been sent to user email.')
|
->param('confirmation', '', function () use ($clients) {return new Host($clients);}, 'Reset page URL in your app to redirect user after reset token has been sent to user email.')
|
||||||
->action(
|
->action(
|
||||||
function ($email, $redirect) use ($request, $response, $projectDB, $register, $audit, $project) {
|
function ($email, $confirmation) use ($request, $response, $projectDB, $register, $audit, $project) {
|
||||||
$profile = $projectDB->getCollection([ // Get user by email address
|
$profile = $projectDB->getCollection([ // Get user by email address
|
||||||
'limit' => 1,
|
'limit' => 1,
|
||||||
'first' => true,
|
'first' => true,
|
||||||
|
@ -494,16 +494,16 @@ $utopia->post('/v1/auth/recovery')
|
||||||
throw new Exception('Failed to save user to DB', 500);
|
throw new Exception('Failed to save user to DB', 500);
|
||||||
}
|
}
|
||||||
|
|
||||||
$redirect = Template::parseURL($redirect);
|
$confirmation = Template::parseURL($confirmation);
|
||||||
$redirect['query'] = Template::mergeQuery(((isset($redirect['query'])) ? $redirect['query'] : ''), ['userId' => $profile->getUid(), 'token' => $secret]);
|
$confirmation['query'] = Template::mergeQuery(((isset($confirmation['query'])) ? $confirmation['query'] : ''), ['userId' => $profile->getUid(), 'token' => $secret]);
|
||||||
$redirect = Template::unParseURL($redirect);
|
$confirmation = Template::unParseURL($confirmation);
|
||||||
|
|
||||||
$body = new Template(__DIR__.'/../config/locale/templates/'.Locale::getText('auth.emails.recovery.body'));
|
$body = new Template(__DIR__.'/../config/locale/templates/'.Locale::getText('auth.emails.recovery.body'));
|
||||||
$body
|
$body
|
||||||
->setParam('{{direction}}', Locale::getText('settings.direction'))
|
->setParam('{{direction}}', Locale::getText('settings.direction'))
|
||||||
->setParam('{{project}}', $project->getAttribute('name', ['[APP-NAME]']))
|
->setParam('{{project}}', $project->getAttribute('name', ['[APP-NAME]']))
|
||||||
->setParam('{{name}}', $profile->getAttribute('name'))
|
->setParam('{{name}}', $profile->getAttribute('name'))
|
||||||
->setParam('{{redirect}}', $redirect)
|
->setParam('{{redirect}}', $confirmation)
|
||||||
;
|
;
|
||||||
|
|
||||||
$mail = $register->get('smtp'); /* @var $mail \PHPMailer\PHPMailer\PHPMailer */
|
$mail = $register->get('smtp'); /* @var $mail \PHPMailer\PHPMailer\PHPMailer */
|
||||||
|
|
Loading…
Reference in a new issue