Updated email confirmation flow so confirmation is done via POST

To avoid non-user GET requests (Such as those from email scanners) auto-triggering the confirm submission. Made auto-submit the form via JavaScript in this extra added step with user-link backup to keep existing user flow experience. Closes #3797
2025-07-31 15:24:31 +03:00 · 2022-11-12 15:10:14 +00:00
parent 0e627a6e05
commit a1b1f8138a
7 changed files with 72 additions and 4 deletions
--- a/resources/js/components/auto-submit.js
+++ b/resources/js/components/auto-submit.js
@ -0,0 +1,12 @@
+
+class AutoSubmit {
+
+    setup() {
+        this.form = this.$el;
+
+        this.form.submit();
+    }
+
+}
+
+export default AutoSubmit;
--- a/resources/js/components/index.js
+++ b/resources/js/components/index.js
@ -4,6 +4,7 @@ import ajaxForm from "./ajax-form.js"
 import attachments from "./attachments.js"
 import attachmentsList from "./attachments-list.js"
 import autoSuggest from "./auto-suggest.js"
+import autoSubmit from "./auto-submit.js";
 import backToTop from "./back-to-top.js"
 import bookSort from "./book-sort.js"
 import chapterContents from "./chapter-contents.js"
@ -64,6 +65,7 @@ const componentMapping = {
    "attachments": attachments,
    "attachments-list": attachmentsList,
    "auto-suggest": autoSuggest,
+    "auto-submit": autoSubmit,
    "back-to-top": backToTop,
    "book-sort": bookSort,
    "chapter-contents": chapterContents,
--- a/resources/lang/en/auth.php
+++ b/resources/lang/en/auth.php
@ -61,6 +61,8 @@ return [
    'email_confirm_send_error' => 'Email confirmation required but the system could not send the email. Contact the admin to ensure email is set up correctly.',
    'email_confirm_success' => 'Your email has been confirmed! You should now be able to login using this email address.',
    'email_confirm_resent' => 'Confirmation email resent, Please check your inbox.',
+    'email_confirm_thanks' => 'Thanks for confirming!',
+    'email_confirm_thanks_desc' => 'Please wait a moment while your confirmation is handled. If you are not redirected after 3 seconds press the "Continue" link below to proceed.',

    'email_not_confirmed' => 'Email Address Not Confirmed',
    'email_not_confirmed_text' => 'Your email address has not yet been confirmed.',
--- a/resources/views/auth/register-confirm-accept.blade.php
+++ b/resources/views/auth/register-confirm-accept.blade.php
@ -0,0 +1,27 @@
+@extends('layouts.simple')
+
+@section('content')
+
+    <div class="container very-small mt-xl">
+        <div class="card content-wrap auto-height">
+            <h1 class="list-heading">{{ trans('auth.email_confirm_thanks') }}</h1>
+
+            <p class="mb-none">{{ trans('auth.email_confirm_thanks_desc') }}</p>
+
+            <div class="flex-container-row items-center wrap">
+                <div class="flex min-width-s">
+                    @include('common.loading-icon')
+                </div>
+                <div class="flex min-width-s text-s-right">
+                    <form component="auto-submit" action="{{ url('/register/confirm/accept') }}" method="post">
+                        {{ csrf_field() }}
+                        <input type="hidden" name="token" value="{{ $token }}">
+                        <button class="text-button">{{ trans('common.continue') }}</button>
+                    </form>
+                </div>
+            </div>
+
+        </div>
+    </div>
+
+@stop