Auth: Implement account verification by token

KreerC · Mar 24, 2024 · 515f8cb · 515f8cb
1 parent d2d2b55
commit 515f8cb
Show file tree

Hide file tree

Showing 6 changed files with 65 additions and 2 deletions.
diff --git a/src/Cronjob/CronjobTaskManager.php b/src/Cronjob/CronjobTaskManager.php
@@ -48,11 +48,17 @@ public function runTasks(int $timestamp = -1): void
         if ($timestamp === -1)
             $timestamp = time();
 
+        echo "Running tasks at " . date('Y-m-d H:i:s', $timestamp) . "\n";
+
         foreach ($this->tasks as $task) {
             $task->plannedTimestamp = $timestamp;
 
-            if ($task->canRun())
+            if ($task->canRun()) {
+                echo "Executing " . $task::class . "\n";
                 $task->run();
+            } else {
+                echo "Skipping " . $task::class . "\n";
+            }
         }
     }
 

diff --git a/src/Cronjob/Tasks/Account/DeleteUnverifiedUsersTask.php b/src/Cronjob/Tasks/Account/DeleteUnverifiedUsersTask.php
@@ -21,9 +21,12 @@ public function run(): void
     {
         $db = Application::getInstance()->getDatabase();
 
-        $result = $db->query('SELECT id FROM users WHERE status = 0 AND created_at < :time', [':time' => time() - 24 * 60 * 60]);
+        $result = $db->query('SELECT id FROM users WHERE status = 0 AND created_at < :time', [':time' => date('Y-m-d H:i:s', time() - 24 * 60 * 60)]);
 
         $users = $result->fetchAll(\PDO::FETCH_ASSOC);
+
+        echo 'Deleting ' . count($users) . ' unverified users.' . PHP_EOL;
+
         // Delete all users
         foreach ($users as $user) {
             $db->query('DELETE FROM users WHERE id = :id', [':id' => $user['id']]);

diff --git a/src/Database/SQL/registration_verification.sql b/src/Database/SQL/registration_verification.sql
@@ -0,0 +1,8 @@
+CREATE TABLE `registration_verification` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_id` int(11) DEFAULT NULL,
+  `token` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `user_id` (`user_id`),
+  CONSTRAINT `registration_verification_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
diff --git a/src/Frontend/Authentication/LoginController.php b/src/Frontend/Authentication/LoginController.php
@@ -4,6 +4,7 @@
 
 use A11yBuddy\Frontend\Controller;
 use A11yBuddy\User\User;
+use A11yBuddy\User\UserStatus;
 
 /**
  * Handles the login logic
@@ -21,6 +22,12 @@ public function run(array $data = []): void
             $user = User::getByEmail($_POST['email']);
 
             if ($user instanceof User) {
+                if ($user->getStatus() === UserStatus::Unverified) {
+                    $data['error_message'] = 'Your account has not been verified yet. Please check your e-mail for the verification link.';
+                    LoginFormView::use($data);
+                    return;
+                }
+
                 if ($user->checkPassword($_POST['password'])) {
                     // Log the user in
                     $_SESSION['user_id'] = $user->getId();

diff --git a/src/Frontend/Authentication/VerifyRegistrationController.php b/src/Frontend/Authentication/VerifyRegistrationController.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace A11yBuddy\Frontend\Authentication;
+
+use A11yBuddy\Application;
+use A11yBuddy\Frontend\BasePage\NotFoundController;
+use A11yBuddy\Frontend\Controller;
+
+class VerifyRegistrationController extends Controller
+{
+
+    public function run(array $data = []): void
+    {
+        $db = Application::getInstance()->getDatabase();
+
+        $result = $db->query('SELECT * FROM registration_verification WHERE token = :token', [':token' => $data['token']]);
+
+        $result = $result->fetch(\PDO::FETCH_ASSOC);
+
+        // If the token is not found, show an error message.
+        if ($result === false) {
+            $nf = new NotFoundController();
+            $nf->run();
+        } else {
+            // If the token is found, update the user's status to verified.
+            $db->query('UPDATE users SET status = 1 WHERE id = :id', [':id' => $result['user_id']]);
+            // Delete the token from the database.
+            $db->query('DELETE FROM registration_verification WHERE token = :token', [':token' => $data['token']]);
+            ?>
+            <h1>Registration Verified</h1>
+            <p>Your registration has been verified. You can now log in to your account.</p>
+            <a href="/login">Log In</a>
+            <?php
+        }
+    }
+
+}
diff --git a/src/Frontend/BasePageRenderer.php b/src/Frontend/BasePageRenderer.php
@@ -5,6 +5,7 @@
 use A11yBuddy\Application;
 use A11yBuddy\Frontend\Authentication\LoginController;
 use A11yBuddy\Frontend\Authentication\LogoutController;
+use A11yBuddy\Frontend\Authentication\VerifyRegistrationController;
 use A11yBuddy\Frontend\BasePage\BasePageController;
 use A11yBuddy\Frontend\BasePage\HomepageController;
 use A11yBuddy\Frontend\CreateProject\CreateProjectController;
@@ -46,6 +47,7 @@ private function registerRoutes(): void
         $this->router->addRoute("GET", "/login", LoginController::class);
         $this->router->addRoute("POST", "/login", LoginController::class);
         $this->router->addRoute("GET", "/logout", LogoutController::class);
+        $this->router->addRoute("GET", "/register/verify/{token}", VerifyRegistrationController::class);
 
         // Projects
         $this->router->addRoute("GET", "/create", CreateProjectController::class);