Merge branch 'improve-email-verification-process'

app/Containers/AppSection/Authentication/Actions/ApiLoginProxyForWebClientAction.php

@@ -35,7 +35,7 @@ public function run(LoginProxyPasswordGrantRequest $request): array
         ];
     }
 
-    private function enrichSanitizedData($username, array $sanitizedData): array
+    private function enrichSanitizedData(string $username, array $sanitizedData): array
     {
         $sanitizedData['username'] = $username;
         $sanitizedData['client_id'] = config('appSection-authentication.clients.web.id');

app/Containers/AppSection/Authentication/Actions/ForgotPasswordAction.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Containers\AppSection\Authentication\Actions;
+
+use App\Containers\AppSection\Authentication\Mails\UserForgotPasswordMail;
+use App\Containers\AppSection\Authentication\Tasks\CreatePasswordResetTokenTask;
+use App\Containers\AppSection\Authentication\UI\API\Requests\ForgotPasswordRequest;
+use App\Containers\AppSection\User\Tasks\FindUserByEmailTask;
+use App\Ship\Parents\Actions\Action;
+use App\Ship\Parents\Exceptions\Exception;
+use Illuminate\Support\Facades\Mail;
+
+class ForgotPasswordAction extends Action
+{
+    public function run(ForgotPasswordRequest $request): bool
+    {
+        $sanitizedData = $request->sanitizeInput([
+            'email',
+            'reseturl',
+        ]);
+
+        // Note: It's a good idea to DON'T say if the user email is valid or not
+        // (to avoid brute force checking of user email existing).
+        // so we return 'false' if an exception is thrown
+        try {
+            $user = app(FindUserByEmailTask::class)->run($sanitizedData['email']);
+        } catch (Exception) {
+            return false;
+        }
+
+        $token = app(CreatePasswordResetTokenTask::class)->run($user);
+
+        Mail::send(new UserForgotPasswordMail($user, $token, $sanitizedData['reseturl']));
+
+        return true;
+    }
+}

app/Containers/AppSection/Authentication/Actions/GetAuthenticatedUserAction.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Containers\AppSection\Authentication\Actions;
+
+use App\Containers\AppSection\Authentication\UI\API\Requests\GetAuthenticatedUserRequest;
+use App\Ship\Parents\Actions\Action;
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class GetAuthenticatedUserAction extends Action
+{
+    public function run(GetAuthenticatedUserRequest $request): Authenticatable
+    {
+        return $request->user();
+    }
+}

app/Containers/AppSection/User/Actions/RegisterUserAction.php → app/Containers/AppSection/Authentication/Actions/RegisterUserAction.php

@@ -1,16 +1,14 @@
 <?php
 
-namespace App\Containers\AppSection\User\Actions;
+namespace App\Containers\AppSection\Authentication\Actions;
 
-use App\Containers\AppSection\User\Mails\UserRegisteredMail;
+use App\Containers\AppSection\Authentication\Notifications\Welcome;
+use App\Containers\AppSection\Authentication\Tasks\CreateUserByCredentialsTask;
+use App\Containers\AppSection\Authentication\Tasks\SendVerificationEmailTask;
+use App\Containers\AppSection\Authentication\UI\API\Requests\RegisterUserRequest;
 use App\Containers\AppSection\User\Models\User;
-use App\Containers\AppSection\User\Notifications\UserRegisteredNotification;
-use App\Containers\AppSection\User\Tasks\CreateUserByCredentialsTask;
-use App\Containers\AppSection\User\UI\API\Requests\RegisterUserRequest;
 use App\Ship\Exceptions\CreateResourceFailedException;
 use App\Ship\Parents\Actions\Action;
-use Illuminate\Support\Facades\Mail;
-use Illuminate\Support\Facades\Notification;
 
 class RegisterUserAction extends Action
 {
@@ -29,8 +27,8 @@ public function run(RegisterUserRequest $request): User
 
         $user = app(CreateUserByCredentialsTask::class)->run($sanitizedData);
 
-        Mail::send(new UserRegisteredMail($user));
-        Notification::send($user, new UserRegisteredNotification($user));
+        $user->notify(new Welcome());
+        app(SendVerificationEmailTask::class)->run($user);
 
         return $user;
     }

app/Containers/AppSection/User/Actions/ResetPasswordAction.php → app/Containers/AppSection/Authentication/Actions/ResetPasswordAction.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace App\Containers\AppSection\User\Actions;
+namespace App\Containers\AppSection\Authentication\Actions;
 
-use App\Containers\AppSection\User\Exceptions\InvalidResetPasswordTokenException;
-use App\Containers\AppSection\User\UI\API\Requests\ResetPasswordRequest;
+use App\Containers\AppSection\Authentication\Exceptions\InvalidResetPasswordTokenException;
+use App\Containers\AppSection\Authentication\UI\API\Requests\ResetPasswordRequest;
 use App\Ship\Exceptions\NotFoundException;
 use App\Ship\Exceptions\UpdateResourceFailedException;
 use App\Ship\Parents\Actions\Action;
@@ -18,7 +18,7 @@ class ResetPasswordAction extends Action
      * @throws InvalidResetPasswordTokenException
      * @throws UpdateResourceFailedException
      */
-    public function run(ResetPasswordRequest $request)
+    public function run(ResetPasswordRequest $request): mixed
     {
         $sanitizedData = $request->sanitizeInput([
             'email',

app/Containers/AppSection/Authentication/Actions/SendVerificationEmailAction.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Containers\AppSection\Authentication\Actions;
+
+use App\Containers\AppSection\Authentication\Tasks\SendVerificationEmailTask;
+use App\Containers\AppSection\Authentication\UI\API\Requests\SendVerificationEmailRequest;
+use App\Ship\Parents\Actions\Action;
+
+class SendVerificationEmailAction extends Action
+{
+    public function run(SendVerificationEmailRequest $request): void
+    {
+        app(SendVerificationEmailTask::class)->run($request->user());
+    }
+}

app/Containers/AppSection/Authentication/Actions/VerifyEmailAction.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Containers\AppSection\Authentication\Actions;
+
+use App\Containers\AppSection\Authentication\UI\API\Requests\VerifyEmailRequest;
+use App\Ship\Parents\Actions\Action;
+use Illuminate\Auth\Events\Verified;
+
+class VerifyEmailAction extends Action
+{
+    public function run(VerifyEmailRequest $request): void
+    {
+        if (!$request->user()->hasVerifiedEmail()) {
+            $request->user()->markEmailAsVerified();
+
+            event(new Verified($request->user()));
+        }
+    }
+}

app/Containers/AppSection/Authentication/Actions/WebLoginAction.php

@@ -4,19 +4,17 @@
 
 use App\Containers\AppSection\Authentication\Exceptions\LoginFailedException;
 use App\Containers\AppSection\Authentication\Tasks\ExtractLoginCustomAttributeTask;
-use App\Containers\AppSection\Authentication\Tasks\GetAuthenticatedUserTask;
 use App\Containers\AppSection\Authentication\Tasks\LoginTask;
 use App\Containers\AppSection\Authentication\UI\WEB\Requests\LoginRequest;
 use App\Containers\AppSection\User\Models\User;
-use App\Ship\Exceptions\NotFoundException;
 use App\Ship\Parents\Actions\Action;
 use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Support\Facades\Auth;
 
 class WebLoginAction extends Action
 {
     /**
      * @throws LoginFailedException
-     * @throws NotFoundException
      */
     public function run(LoginRequest $request): User|Authenticatable|null
     {
@@ -39,6 +37,6 @@ public function run(LoginRequest $request): User|Authenticatable|null
             throw new LoginFailedException('Invalid Login Credentials.');
         }
 
-        return app(GetAuthenticatedUserTask::class)->run();
+        return Auth::user();
     }
 }

app/Containers/AppSection/Authentication/Configs/appSection-authentication.php

@@ -11,7 +11,7 @@
     |
     */
 
-    'require_email_verification' => false,
+    'require_email_verification' => true,
 
     /*
     |--------------------------------------------------------------------------
@@ -40,7 +40,7 @@
     | Login With Custom Field
     |--------------------------------------------------------------------------
     |
-    | This allows you to chose which field you want to use for passport auth.
+    | This allows you to choose which field you want to use for passport auth.
     |
     */
 
@@ -51,10 +51,10 @@
         | Allowed Login Attributes
         |--------------------------------------------------------------------------
         |
-        | A list of fields the user can login with.
+        | A list of fields the user can log in with.
         | The key is the field name. The value contains validation rules of the key.
         |
-        | The order determines the order the fields are tested to login (in case multiple fields are submitted!
+        | The order determines the order the fields are tested to log in (in case multiple fields are submitted!)
         |
         | Example: 'phone' => ['string', 'min:6', 'max:25'],
         |
@@ -89,4 +89,16 @@
     'allowed-reset-password-urls' => [
         'http://api.apiato.test/v1/password/reset',
     ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Verify Email URLs
+    |--------------------------------------------------------------------------
+    |
+    | Insert your allowed verify email urls which user can request to be injected into the email.
+    |
+*/
+    'allowed-verify-email-urls' => [
+        'http://api.apiato.test/v1/email/verify',
+    ],
 ];

app/Containers/AppSection/User/Exceptions/InvalidResetPasswordTokenException.php → app/Containers/AppSection/Authentication/Exceptions/InvalidResetPasswordTokenException.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Containers\AppSection\User\Exceptions;
+namespace App\Containers\AppSection\Authentication\Exceptions;
 
 use App\Ship\Parents\Exceptions\Exception;
 use Symfony\Component\HttpFoundation\Response;

app/Containers/AppSection/User/Mails/UserForgotPasswordMail.php → app/Containers/AppSection/Authentication/Mails/UserForgotPasswordMail.php

@@ -1,30 +1,26 @@
 <?php
 
-namespace App\Containers\AppSection\User\Mails;
+namespace App\Containers\AppSection\Authentication\Mails;
 
-use App\Containers\AppSection\User\Models\User;
 use App\Ship\Parents\Mails\Mail;
+use App\Ship\Parents\Models\UserModel;
 use Illuminate\Bus\Queueable;
 use Illuminate\Contracts\Queue\ShouldQueue;
 
 class UserForgotPasswordMail extends Mail implements ShouldQueue
 {
     use Queueable;
 
-    protected User $recipient;
-    protected string $token;
-    protected string $reseturl;
-
-    public function __construct(User $recipient, $token, $reseturl)
-    {
-        $this->recipient = $recipient;
-        $this->token = $token;
-        $this->reseturl = $reseturl;
+    public function __construct(
+        protected UserModel $recipient,
+        protected string $token,
+        protected string $reseturl
+    ) {
     }
 
     public function build(): static
     {
-        return $this->view('appSection@user::user-forgotPassword')
+        return $this->view('appSection@authentication::forgot-password')
             ->to($this->recipient->email, $this->recipient->name)
             ->with([
                 'token' => $this->token,

app/Containers/AppSection/Authentication/Notifications/VerifyEmail.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Containers\AppSection\Authentication\Notifications;
+
+use App\Ship\Parents\Models\UserModel;
+use App\Ship\Parents\Notifications\Notification;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class VerifyEmail extends Notification implements ShouldQueue
+{
+    use Queueable;
+
+    public function via($notifiable): array
+    {
+        return ['mail'];
+    }
+
+    public function toMail(UserModel $notifiable): MailMessage
+    {
+        return (new MailMessage())
+            ->subject('Verify Email Address')
+            ->line('Please click the button below to verify your email address.')
+            ->action('Verify Email Address', $this->createUrl($notifiable))
+            ->line('If you did not create an account, no further action is required.');
+    }
+
+    private function createUrl(UserModel $notifiable): string
+    {
+        $id = config('apiato.hash-id') ? $notifiable->getHashedKey() : $notifiable->getKey();
+        $hash = sha1($notifiable->getEmailForVerification());
+
+        return request('verification_url') . "/$id/$hash";
+    }
+}