feat: add verification email resend facility, throttling, minor tweaks

pridit-a2oa · Nov 19, 2024 · 3dce018 · 3dce018
1 parent d355473
commit 3dce018
Show file tree

Hide file tree

Showing 17 changed files with 132 additions and 22 deletions.
diff --git a/app/Events/Registered.php → app/Events/UserVerifyEmail.php b/app/Events/Registered.php → app/Events/UserVerifyEmail.php
@@ -7,7 +7,7 @@
 use Illuminate\Foundation\Events\Dispatchable;
 use Illuminate\Queue\SerializesModels;
 
-class Registered
+class UserVerifyEmail
 {
     use Dispatchable, InteractsWithSockets, SerializesModels;
 
@@ -16,6 +16,6 @@ class Registered
      */
     public function __construct(
         public User $user,
-    ) {
-    }
+        public string $email,
+    ) {}
 }
diff --git a/app/Http/Controllers/Auth/DeleteUserController.php b/app/Http/Controllers/Auth/DeleteUserController.php
@@ -21,7 +21,7 @@ class DeleteUserController extends Controller
     public function create(Request $request): RedirectResponse
     {
         RateLimiter::attempt(
-            sprintf('delete-account:%d', auth()->user()->id),
+            sprintf('delete-account:%d', $request->user()->id),
             1,
             function () use ($request) {
                 if (! $request->user()->hasVerifiedEmail()) {

diff --git a/app/Http/Controllers/Auth/EmailVerificationNotificationController.php b/app/Http/Controllers/Auth/EmailVerificationNotificationController.php
@@ -13,7 +13,7 @@ class EmailVerificationNotificationController extends Controller
      */
     public function store(Request $request): RedirectResponse
     {
-        if ($request->user()->hasVerifiedEmail()) {
+        if ($request->user()->hasVerifiedEmail() && $request->user()->getPendingEmail() === null) {
             return redirect()->intended(route('home', absolute: false));
         }
 

diff --git a/app/Http/Controllers/Auth/RegisteredUserController.php b/app/Http/Controllers/Auth/RegisteredUserController.php
@@ -2,7 +2,6 @@
 
 namespace App\Http\Controllers\Auth;
 
-use App\Events\Registered;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\StoreUserRequest;
 use App\Models\User;
@@ -31,8 +30,6 @@ function () use ($request) {
                     'password' => Hash::make($request->password),
                 ]);
 
-                event(new Registered($user));
-
                 Auth::login($user);
             },
             600

diff --git a/app/Http/Controllers/Auth/ResendVerificationEmailController.php b/app/Http/Controllers/Auth/ResendVerificationEmailController.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Events\UserVerifyEmail;
+use App\Http\Controllers\Controller;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+
+class ResendVerificationEmailController extends Controller
+{
+    /**
+     * Resend email verification email.
+     */
+    public function __invoke(Request $request): RedirectResponse
+    {
+        event(new UserVerifyEmail($request->user(), $request->user()->email));
+
+        return redirect(route('user.setting.account', absolute: false));
+    }
+}
diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Events\UserVerifyEmail;
 use App\Http\Requests\ProfileUpdateRequest;
 use Illuminate\Http\RedirectResponse;
 
@@ -13,7 +14,21 @@ class ProfileController extends Controller
     public function update(ProfileUpdateRequest $request): RedirectResponse
     {
         if ($request->safe()->only('email')) {
-            $request->user()->newEmail($request->safe()->email);
+            if ($request->user()->is_verification_email_throttled) {
+                $request->session()
+                    ->flash(
+                        'message',
+                        ['error', 'Please wait before attempting so soon']
+                    );
+
+                return back();
+            }
+
+            event(new UserVerifyEmail($request->user(), $request->safe()->email));
+
+            if (! $request->user()->hasVerifiedEmail()) {
+                $request->user()->update(['email' => $request->safe()->email]);
+            }
         }
 
         return redirect(route('user.setting.account', absolute: false));

diff --git a/app/Http/Controllers/UserSettingController.php b/app/Http/Controllers/UserSettingController.php
@@ -18,6 +18,7 @@ class UserSettingController extends SettingController
     public function showAccount(Request $request): Response
     {
         $request->user()->load('preferences');
+        $request->user()->append('is_verification_email_throttled');
 
         return Inertia::render('Setting/Account', [
             'preferences' => Preference::get(),

diff --git a/app/Listeners/SendEmailVerificationNotification.php b/app/Listeners/SendEmailVerificationNotification.php
@@ -2,8 +2,9 @@
 
 namespace App\Listeners;
 
-use App\Events\Registered;
+use App\Events\UserVerifyEmail;
 use Illuminate\Contracts\Auth\MustVerifyEmail;
+use Illuminate\Support\Facades\RateLimiter;
 
 class SendEmailVerificationNotification
 {
@@ -15,10 +16,21 @@ public function __construct() {}
     /**
      * Handle the event.
      */
-    public function handle(Registered $event): void
+    public function handle(UserVerifyEmail $event): void
     {
-        if ($event->user instanceof MustVerifyEmail && ! $event->user->hasVerifiedEmail()) {
-            $event->user->newEmail($event->user->email);
+        if ($event->user instanceof MustVerifyEmail) {
+            RateLimiter::attempt(
+                sprintf('verification-email:%d', $event->user->id),
+                1,
+                function () use ($event) {
+                    if ($event->email !== $event->user->email) {
+                        $event->user->newEmail($event->email);
+                    } else {
+                        $event->user->resendPendingEmailVerificationMail();
+                    }
+                },
+                600
+            );
         }
     }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -138,6 +138,19 @@ protected function isDeletionThrottled(): Attribute
         );
     }
 
+    /**
+     * Determine whether the user has recently been sent a verification email.
+     */
+    protected function isVerificationEmailThrottled(): Attribute
+    {
+        return new Attribute(
+            get: fn (mixed $value, array $attributes) => RateLimiter::tooManyAttempts(
+                sprintf('verification-email:%d', $attributes['id']),
+                1
+            )
+        );
+    }
+
     /**
      * Get the user's Gravatar URL (if applicable)
      */

diff --git a/app/Observers/UserObserver.php b/app/Observers/UserObserver.php
@@ -14,6 +14,10 @@ class UserObserver
     public function created(User $user): void
     {
         $user->assignRole('member');
+
+        if (! $user->hasVerifiedEmail()) {
+            $user->newEmail($user->email);
+        }
     }
 
     /**

diff --git a/resources/js/Components/forms/complex/UpdateEmailForm.vue b/resources/js/Components/forms/complex/UpdateEmailForm.vue
@@ -1,7 +1,9 @@
 <script setup>
 import { BaseButton } from '@/Components/base';
 import { FormInput, FormResponse } from '@/Components/forms/elements';
-import { useForm } from '@inertiajs/vue3';
+import { faRotateRight } from '@fortawesome/free-solid-svg-icons';
+import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
+import { router, useForm } from '@inertiajs/vue3';
 import { ref } from 'vue';
 
 const props = defineProps({
@@ -24,6 +26,14 @@ const submit = () => {
         onSuccess: () => form.reset('email'),
     });
 };
+
+const spinner = ref(false);
+
+const resend = () => {
+    spinner.value = true;
+
+    setTimeout(() => router.get('/resend-email'), 1800);
+};
 </script>
 
 <template>
@@ -44,8 +54,42 @@ const submit = () => {
                             $page.props.auth.user.email_verified_at !== null
                                 ? 'V'
                                 : 'Unv'
-                        }}erified</span
-                    >
+                        }}erified
+                        <span
+                            v-if="
+                                $page.props.auth.user.email_verified_at === null
+                            "
+                            class="ml-1 cursor-pointer border-l border-warning pl-1"
+                            :class="{
+                                '!cursor-not-allowed':
+                                    $page.props.auth.user
+                                        .is_verification_email_throttled,
+                            }"
+                            :title="
+                                (!$page.props.auth.user
+                                    .is_verification_email_throttled &&
+                                    'Resend verification email') ||
+                                'Please wait'
+                            "
+                            v-on="
+                                !$page.props.auth.user
+                                    .is_verification_email_throttled
+                                    ? { click: resend }
+                                    : {}
+                            "
+                        >
+                            <FontAwesomeIcon
+                                :class="{
+                                    'fa-spin': spinner,
+                                    'opacity-40':
+                                        $page.props.auth.user
+                                            .is_verification_email_throttled,
+                                }"
+                                :icon="faRotateRight"
+                                transform="shrink-2"
+                            />
+                        </span>
+                    </span>
                 </div>
 
                 <FormInput
@@ -69,7 +113,7 @@ const submit = () => {
                                 ? message
                                 : [
                                       'warning',
-                                      'You have been sent a verification link',
+                                      'Check your email for a verification link',
                                   ]
                         "
                     />

diff --git a/resources/js/Components/forms/elements/FormResponse.vue b/resources/js/Components/forms/elements/FormResponse.vue
@@ -39,7 +39,6 @@ function messageType(type) {
             <FontAwesomeIcon
                 class="mr-0.5 !align-middle"
                 :icon="messageType(message[0])[1]"
-                size="sm"
                 fixed-width
             />
 

diff --git a/resources/js/Components/tables/CharactersTable.vue b/resources/js/Components/tables/CharactersTable.vue
@@ -214,7 +214,7 @@ function getMovementRank(rank) {
                             <template v-else>
                                 <FontAwesomeIcon
                                     v-if="character.is_muted"
-                                    class="ml-2 !align-middle text-warning/75"
+                                    class="ml-2 !align-middle text-warning"
                                     :icon="faTriangleExclamation"
                                     size="lg"
                                     title="This player is chat banned"

diff --git a/resources/js/Pages/Setting/Delete.vue b/resources/js/Pages/Setting/Delete.vue
@@ -60,8 +60,7 @@ const deleteUserRequest = () => {
                     <span class="ml-1 block">
                         I understand this action is
                         <span class="text-error">irreversible</span> and that my
-                        account <span class="text-warning">cannot</span> be
-                        restored.
+                        account cannot be restored.
                         <span class="font-bold">Continue anyway</span>.
                     </span>
                 </FormCheckbox>

diff --git a/resources/views/app.blade.php b/resources/views/app.blade.php
@@ -2,7 +2,7 @@
 <html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
     <head>
         <meta charset="utf-8">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
 
         <title inertia>{{ config('app.name', 'Laravel') }}</title>
 

diff --git a/routes/auth.php b/routes/auth.php
@@ -7,6 +7,7 @@
 use App\Http\Controllers\Auth\PasswordController;
 use App\Http\Controllers\Auth\PasswordResetLinkController;
 use App\Http\Controllers\Auth\RegisteredUserController;
+use App\Http\Controllers\Auth\ResendVerificationEmailController;
 use App\Http\Controllers\Auth\VerifyEmailController;
 use Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests;
 use Illuminate\Support\Facades\Route;
@@ -34,6 +35,9 @@
         ->middleware(['signed', 'throttle:6,1'])
         ->name('verification.verify');
 
+    Route::get('resend-email', ResendVerificationEmailController::class)
+        ->name('verification.resend');
+
     Route::get('confirm-password', [ConfirmablePasswordController::class, 'show'])
         ->name('password.confirm');
 

diff --git a/tailwind.config.js b/tailwind.config.js
@@ -51,6 +51,7 @@ export default {
           'base-100': '#262626',
           'error': colors.red['500'],
           'success': colors.green['600'],
+          'warning': colors.yellow['600'],
         },
       },
     ],