Converts confirmation token validator to callable method

Using a Laravel validation extension for the token does not make sense with validation inside models. So the code is moved to the user repository and called from the controller to ensure a valid token is provided when required. The validation method can also be considered to reside directly in the controller.
spira · Jul 23, 2015 · 8e546fc · 8e546fc
1 parent 55842b9
commit 8e546fc
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 19 deletions.
diff --git a/api/app/Http/Controllers/UserController.php b/api/app/Http/Controllers/UserController.php
@@ -115,6 +115,7 @@ public function putOne($id, Request $request)
     public function patchOne($id, Request $request)
     {
         $this->validateId($id);
+        $this->repository->validateEmailConfirmationToken($request);
         $model = $this->repository->find($id);
 
         // Check if the email is being changed, and initialize confirmation

diff --git a/api/app/Models/User.php b/api/app/Models/User.php
@@ -46,7 +46,7 @@ class User extends BaseModel implements AuthenticatableContract, Caller, UserOwn
     protected $validationRules = [
         'user_id' => 'uuid',
         'email' => 'required|email',
-        'email_confirmed' => 'date|email_confirmation_token',
+        'email_confirmed' => 'date',
         'first_name' => 'string',
         'last_name' => 'string',
         'phone' => 'string',

diff --git a/api/app/Repositories/UserRepository.php b/api/app/Repositories/UserRepository.php
@@ -1,6 +1,9 @@
 <?php namespace App\Repositories;
 
 use App\Models\User;
+use Illuminate\Http\Request;
+use Illuminate\Support\MessageBag;
+use App\Exceptions\ValidationException;
 use Illuminate\Contracts\Cache\Repository as Cache;
 use Illuminate\Database\ConnectionResolverInterface as Connection;
 
@@ -97,4 +100,23 @@ public function makeConfirmationToken($email)
         $this->cache->put('email_confirmation_'.$token, $email, $this->confirmation_token_ttl);
         return $token;
     }
+
+    /**
+     * If the email_confirmation field is set, make sure we've a valid token.
+     *
+     * @param  Request  $request
+     * @return void
+     */
+    public function validateEmailConfirmationToken(Request $request)
+    {
+        if ($request->get('email_confirmed')) {
+            $token = $request->headers->get('email-confirm-token');
+            if (!$email = $this->cache->pull('email_confirmation_'.$token)) {
+
+                throw new ValidationException(
+                    new MessageBag(['email_confirmed' => 'The email confirmation token is not valid.'])
+                );
+            }
+        }
+    }
 }
diff --git a/api/app/Services/SpiraValidator.php b/api/app/Services/SpiraValidator.php
@@ -30,22 +30,4 @@ protected function validateCountry($attribute, $value, $parameters)
 
         return in_array($value, array_fetch($countries, 'country_code'));
     }
-
-    /**
-     * Register custom validation rule for email confirmation token.
-     *
-     * @return void
-     */
-    protected function registerEmailConfirmationToken()
-    {
-        $this->validator->extend('email_confirmation_token', function ($attribute, $value, $parameters) {
-
-            $token = $this->request->headers->get('email-confirm-token');
-
-            if ($email = $this->cache->pull('email_confirmation_'.$token)) {
-                return true;
-            }
-            return false;
-        });
-    }
 }