mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-05 07:37:25 +02:00
Code Issues Releases Wiki Activity

Prevent usage of password reset if email has not been verified yet

Browse Source
This commit is contained in:
Marco
2016-12-12 20:58:37 +01:00
parent 6be456a27a
commit 6bfa298836
3 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -173,6 +173,9 @@ try {
catch (\Delight\Auth\InvalidEmailException $e) { catch (\Delight\Auth\InvalidEmailException $e) {
// invalid email address // invalid email address
} }
catch (\Delight\Auth\EmailNotVerifiedException $e) {
// email not verified
}
catch (\Delight\Auth\TooManyRequestsException $e) { catch (\Delight\Auth\TooManyRequestsException $e) {
// too many requests // too many requests
} }

9
src/Auth.php
View File

@@ -690,6 +690,7 @@ class Auth {
* @param int|null $requestExpiresAfter (optional) the interval in seconds after which the request should expire * @param int|null $requestExpiresAfter (optional) the interval in seconds after which the request should expire
* @param int|null $maxOpenRequests (optional) the maximum number of unexpired and unused requests per user * @param int|null $maxOpenRequests (optional) the maximum number of unexpired and unused requests per user
* @throws InvalidEmailException if the email address was invalid or could not be found * @throws InvalidEmailException if the email address was invalid or could not be found
* @throws EmailNotVerifiedException if the email address has not been verified yet via confirmation email
* @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded * @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded
* @throws AuthError if an internal problem occurred (do *not* catch) * @throws AuthError if an internal problem occurred (do *not* catch)
*/ */
@@ -714,8 +715,14 @@ class Auth {
$userData = $this->getUserDataByEmailAddress( $userData = $this->getUserDataByEmailAddress(
$email, $email,
[ 'id' ] [ 'id', 'verified' ]
); );
// ensure that the account has been verified before initiating a password reset
if ($userData['verified'] !== 1) {
throw new EmailNotVerifiedException();
}
$openRequests = (int) $this->getOpenPasswordResetRequests($userData['id']); $openRequests = (int) $this->getOpenPasswordResetRequests($userData['id']);
if ($openRequests < $maxOpenRequests) { if ($openRequests < $maxOpenRequests) {

3
tests/index.php
View File

@@ -138,6 +138,9 @@ function processRequestData(\Delight\Auth\Auth $auth) {
catch (\Delight\Auth\InvalidEmailException $e) { catch (\Delight\Auth\InvalidEmailException $e) {
return 'invalid email address'; return 'invalid email address';
} }
catch (\Delight\Auth\EmailNotVerifiedException $e) {
return 'email not verified';
}
catch (\Delight\Auth\TooManyRequestsException $e) { catch (\Delight\Auth\TooManyRequestsException $e) {
return 'too many requests'; return 'too many requests';
} }