NotFoundNL · 64knl · Feb 9, 2024 · Sep 15, 2023 · Sep 19, 2023 · Nov 17, 2023
diff --git a/database/migrations/2023_10_25_171457_add_created_at_to_menu_table.php b/database/migrations/2023_10_25_171457_add_created_at_to_menu_table.php
@@ -11,8 +11,11 @@
      */
     public function up(): void
     {
+        if (Schema::hasColumn('menu', 'created_at')) {
+            return;
+        }
         Schema::table('menu', function (Blueprint $table) {
-            $table->timestamp('created_at');
+            $table->timestamp('created_at')->nullable();
         });
     }
 

diff --git a/lang/en/auth.php b/lang/en/auth.php
@@ -22,6 +22,9 @@
     'verify_email_button' => 'Verify email',
     'verify_email_resend' => 'Resend verification email',
     'verify_email_link_sent' => 'A fresh verification link has been sent to your email address.',
+    'verify_email_success' => 'Account successfully verified.',
     'verify_wrong_email' => 'Click here to block this attempt if you were not the one who tried to login.',
+    'verify_block_action' => 'Are you sure you want to block this account?',
+    'block_account_button' => 'Block account',
     'block_account_message' => 'The account has been blocked.',
 ];
diff --git a/lang/nl/auth.php b/lang/nl/auth.php
@@ -21,6 +21,9 @@
     'verify_email_link' => 'Klik op onderstaande link om je e-mailadres te bevestigen.',
     'verify_email_resend' => 'Verificatiemail opnieuw verzenden',
     'verify_email_link_sent' => 'Er is een nieuwe verificatielink naar jouw e-mailadres verzonden.',
+    'verify_email_success' => 'Account successvol geverifieerd.',
     'verify_wrong_email' => 'Heb je zelf niet geprobeerd in te loggen? Klik dan hier om deze poging te blokkeren.',
+    'verify_block_action' => 'Weet je zeker dat je dit account wilt blokkeren?',
+    'block_account_button' => 'Blokkeer account',
     'block_account_message' => 'Account succesvol geblokkeerd.',
 ];
diff --git a/routes/api.php b/routes/api.php
@@ -33,6 +33,10 @@
             ->middleware([ValidateSignature::class, 'throttle:6,1'])
             ->name('siteboss.verification.verify');
 
+        Route::get('email/verify/block/{id}/{hash}', [VerifyEmailController::class, 'block'])
+            ->middleware([ValidateSignature::class, 'throttle:6,1'])
+            ->name('siteboss.verification.block');
+
         // Unauthenticated routes
         Route::namespace('Forms')->group(function () {
             Route::post('forms/{form:id}/{langurl}', [DataController::class, 'create'])->middleware(ProtectAgainstSpam::class)->name('formbuilder.post');

diff --git a/src/Http/Controllers/Auth/VerifyEmailController.php b/src/Http/Controllers/Auth/VerifyEmailController.php
@@ -5,7 +5,10 @@
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\Events\Verified;
 use Illuminate\Http\Request;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Mail;
+use Illuminate\Support\Facades\URL;
 use NotFound\Framework\Http\Controllers\Controller;
 use NotFound\Framework\Mail\Admin\AccountBlocked;
 use NotFound\Framework\Models\CmsUser;
@@ -22,13 +25,20 @@ public function __invoke(Request $request)
         $user = CmsUser::find($request->route('id'));
 
         if ($request->query('block')) {
-            $user->enabled = 0;
-            $user->email_verified_at = null;
-            $user->save();
+            $link = URL::temporarySignedRoute(
+                'siteboss.verification.block',
+                Carbon::now()->addMinutes(Config::get('auth.verification.expire', 60)),
+                [
+                    'id' => $request->route('id'),
+                    'hash' => $request->route('hash'),
+                ]);
 
-            Mail::to(env('SB_ADMIN_EMAIL'))->send(new AccountBlocked($user));
-
-            return ['status' => 'ok', 'message' => __('siteboss::auth.block_account_message')];
+            return [
+                'result' => 'error',
+                'message' => __('siteboss::auth.verify_block_account'),
+                'buttonText' => __('siteboss::auth.block_account_button'),
+                'link' => $link,
+            ];
         }
 
         if (! $user) {
@@ -43,6 +53,23 @@ public function __invoke(Request $request)
             event(new Verified($user));
         }
 
-        return redirect('/siteboss')->with('verified', true);
+        return ['status' => 'ok', 'message' => __('siteboss::auth.verify_email_success')];
+    }
+
+    public function block(Request $request, CmsUser $user)
+    {
+        dd($request->route('hash'), $user->getEmailForVerification());
+
+        if (! hash_equals((string) $request->route('hash'), sha1($user->getEmailForVerification()))) {
+            throw new AuthorizationException;
+        }
+
+        $user->enabled = 0;
+        $user->email_verified_at = null;
+        $user->save();
+
+        Mail::to(env('SB_ADMIN_EMAIL'))->send(new AccountBlocked($user));
+
+        return ['status' => 'ok', 'message' => __('siteboss::auth.block_account_message')];
     }
 }
diff --git a/src/Services/Editor/FieldsProperties.php b/src/Services/Editor/FieldsProperties.php
@@ -150,7 +150,7 @@ private function addLayoutFields(array $properties, LayoutForm &$form)
                         //     $checkboxField->setValue(true);
                         // } else {
                         $checkboxField->setValue(false);
-                        // }
+                    // }
                     } else {
                         $checkboxField->setValue($value ?? false);
                     }

diff --git a/src/Services/Indexer/SearchItem.php b/src/Services/Indexer/SearchItem.php
@@ -17,9 +17,9 @@ final class SearchItem
 
     private bool $inSitemap = true;
 
-    private ?DateTime $publicationDate;
+    private ?DateTime $publicationDate = null;
 
-    private ?DateTime $lastUpdated;
+    private ?DateTime $lastUpdated = null;
 
     private int $priority = 1;
 
@@ -146,12 +146,7 @@ public function content(): ?string
      */
     public function publicationDate(): ?string
     {
-        $time = $this->publicationDate ?? $this->lastUpdated;
-        if ($time === null) {
-            return null;
-        }
-
-        return $time->format(DateTime::ATOM);
+        return $this->toDateString($this->publicationDate ?? $this->lastUpdated);
     }
 
     /**
@@ -162,12 +157,7 @@ public function publicationDate(): ?string
      */
     public function lastUpdated(): ?string
     {
-        $time = $this->lastUpdated ?? $this->publicationDate;
-        if ($time === null) {
-            return null;
-        }
-
-        return $time->format(DateTime::ATOM);
+        return $this->toDateString($this->lastUpdated ?? $this->publicationDate);
     }
 
     public function customValues(): ?array
@@ -189,4 +179,13 @@ public function sitemap(): bool
     {
         return $this->inSitemap;
     }
+
+    private function toDateString(?DateTime $date): ?string
+    {
+        if ($date === null) {
+            return null;
+        }
+
+        return $date->format(DateTime::ATOM);
+    }
 }