Merge pull request #580 from lonnieezell/active-check

feat: User activation checks and utility functions.

Author: kenjis

docs/authentication.md

@@ -70,7 +70,7 @@ user_id();
 ## Authenticator Responses
 
 Many of the authenticator methods will return a `CodeIgniter\Shield\Result` class. This provides a consistent
-way of checking the results and can have additional information return along with it. The class
+way of checking the results and can have additional information returned along with it. The class
 has the following methods:
 
 ### isOK()

docs/authorization.md

@@ -20,6 +20,10 @@
       - [removeGroup()](#removegroup)
       - [syncGroups()](#syncgroups)
       - [getGroups()](#getgroups)
+  - [User Activation](#user-activation)
+    - [Checking Activation Status](#checking-activation-status)
+  - [Activating a User](#activating-a-user)
+  - [Deactivating a User](#deactivating-a-user)
 
 Authorization happens once a user has been identified through authentication. It is the process of
 determining what actions a user is allowed to do within your site.
@@ -233,3 +237,43 @@ Returns all groups this user is a part of.
 ```php
 $user->getGroups();
 ```
+
+## User Activation
+
+All users have an `active` flag. This is only used when the [`EmailActivation` action](./auth_actions.md), or a custom action used to activate a user, is enabled.
+
+### Checking Activation Status
+
+You can determine if a user has been activated with the `isActivated()` method.
+
+```php
+if ($user->isActivated()) {
+    //
+}
+```
+
+> **Note** If no activator is specified in the `Auth` config file, `actions['register']` property, then this will always return `true`.
+
+You can check if a user has not been activated yet via the `isNotActivated()` method.
+
+```php
+if ($user->isNotActivated()) {
+    //
+}
+```
+
+## Activating a User
+
+Users are automatically activated withih the `EmailActivator` action. They can be manually activated via the `activate()` method on the User entity.
+
+```php
+$user->activate();
+```
+
+## Deactivating a User
+
+Users can be manually deactivated via the `deactivate()` method on the User entity.
+
+```php
+$user->deactivate();
+```

src/Auth.php

@@ -12,7 +12,6 @@
 use CodeIgniter\Shield\Models\UserModel;
 
 /**
- * @method void      activateUser(User $user)                 [Session]
  * @method Result    attempt(array $credentials)
  * @method Result    check(array $credentials)
  * @method bool      checkAction(string $token, string $type) [Session]

src/Authentication/Actions/EmailActivator.php

@@ -111,7 +111,7 @@ public function verify(IncomingRequest $request)
         $user = $authenticator->getUser();
 
         // Set the user active now
-        $authenticator->activateUser($user);
+        $user->activate();
 
         // Success!
         return redirect()->to(config('Auth')->registerRedirect())

src/Authentication/Authenticators/Session.php

@@ -254,14 +254,6 @@ public function completeLogin(User $user): void
         Events::trigger('login', $user);
     }
 
-    /**
-     * Activate a User
-     */
-    public function activateUser(User $user): void
-    {
-        $this->provider->activate($user);
-    }
-
     /**
      * @param int|string|null $userId
      */

src/Controllers/RegisterController.php

@@ -114,7 +114,7 @@ public function registerAction(): RedirectResponse
         }
 
         // Set the user active
-        $authenticator->activateUser($user);
+        $user->activate();
 
         $authenticator->completeLogin($user);
 

src/Entities/User.php

@@ -11,6 +11,7 @@
 use CodeIgniter\Shield\Authorization\Traits\Authorizable;
 use CodeIgniter\Shield\Models\LoginModel;
 use CodeIgniter\Shield\Models\UserIdentityModel;
+use CodeIgniter\Shield\Traits\Activatable;
 use CodeIgniter\Shield\Traits\Resettable;
 
 /**
@@ -27,6 +28,7 @@ class User extends Entity
     use Authorizable;
     use HasAccessTokens;
     use Resettable;
+    use Activatable;
 
     /**
      * @var UserIdentity[]|null

src/Filters/SessionAuth.php

@@ -49,6 +49,15 @@ public function before(RequestInterface $request, $arguments = null)
                 $authenticator->recordActiveDate();
             }
 
+            // Block inactive users when Email Activation is enabled
+            $user = $authenticator->getUser();
+            if ($user !== null && ! $user->isActivated()) {
+                $authenticator->logout();
+
+                return redirect()->route('login')
+                    ->with('error', lang('Auth.activationBlocked'));
+            }
+
             return;
         }
 

src/Filters/TokenAuth.php

@@ -49,12 +49,24 @@ public function before(RequestInterface $request, $arguments = null)
         ]);
 
         if (! $result->isOK() || (! empty($arguments) && $result->extraInfo()->tokenCant($arguments[0]))) {
-            return redirect()->to('/login');
+            return service('response')
+                ->setStatusCode(Response::HTTP_UNAUTHORIZED)
+                ->setJson(['message' => lang('Auth.badToken')]);
         }
 
         if (setting('Auth.recordActiveDate')) {
             $authenticator->recordActiveDate();
         }
+
+        // Block inactive users when Email Activation is enabled
+        $user = $authenticator->getUser();
+        if ($user !== null && ! $user->isActivated()) {
+            $authenticator->logout();
+
+            return service('response')
+                ->setStatusCode(Response::HTTP_FORBIDDEN)
+                ->setJson(['message' => lang('Auth.activationBlocked')]);
+        }
     }
 
     /**

src/Language/de/Auth.php

@@ -87,6 +87,7 @@
     'emailActivateMailBody' => 'Bitte verwenden Sie den unten stehenden Code, um Ihr Konto zu aktivieren und die Website zu nutzen.',
     'invalidActivateToken'  => 'Der Code war falsch.',
     'needActivate'          => '(To be translated) You must complete your registration by confirming the code sent to your email address.',
+    'activationBlocked'     => '(to be translated) You must activate your account before logging in.',
 
     // Groups
     'unknownGroup' => '{0} ist eine ungültige Gruppe.',