cachethq · Naugrimm · Jan 23, 2019 · Jan 23, 2019 · Jan 23, 2019 · Jan 23, 2019
diff --git a/app/Bus/Commands/Subscriber/SubscribeSubscriberCommand.php b/app/Bus/Commands/Subscriber/SubscribeSubscriberCommand.php
@@ -39,13 +39,21 @@ final class SubscribeSubscriberCommand
      */
     public $subscriptions;
 
+    /**
+     * If the subscriber accepted the privacy statement.
+     *
+     * @var bool
+     */
+    public $acceptPrivacyStatement;
+
     /**
      * The validation rules.
      *
      * @var array
      */
     public $rules = [
-        'email' => 'required|email',
+        'email'                  => 'required|email',
+        'acceptPrivacyStatement' => 'required|accepted',
     ];
 
     /**
@@ -54,13 +62,15 @@ final class SubscribeSubscriberCommand
      * @param string     $email
      * @param bool       $verified
      * @param array|null $subscriptions
+     * @param bool       $acceptPrivacyStatement
      *
      * @return void
      */
-    public function __construct($email, $verified = false, $subscriptions = null)
+    public function __construct($email, $verified = false, $subscriptions = null, $acceptPrivacyStatement = false)
     {
         $this->email = $email;
         $this->verified = $verified;
         $this->subscriptions = $subscriptions;
+        $this->acceptPrivacyStatement = $acceptPrivacyStatement;
     }
 }
diff --git a/app/Bus/Handlers/Events/MessageSending.php b/app/Bus/Handlers/Events/MessageSending.php
@@ -0,0 +1,34 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Bus\Handlers\Events;
+
+/**
+ * This class is called immediately before sending a message into the mail channel.
+ *
+ * @author Erik Anders <[email protected]>
+ */
+class MessageSending
+{
+    /**
+     * Handle the any actions that need storing.
+     *
+     * @param \Illuminate\Mail\Events\MessageSending $event
+     *
+     * @return void
+     */
+    public function handle($event)
+    {
+        if ($unsubscribeUrl = $event->data['unsubscribeUrl'] ?? null) {
+            $event->message->getHeaders()->addTextHeader('List-Unsubscribe', '<'.$unsubscribeUrl.'>');
+        }
+    }
+}
diff --git a/app/Foundation/Providers/ComposerServiceProvider.php b/app/Foundation/Providers/ComposerServiceProvider.php
@@ -37,7 +37,7 @@ public function boot(Factory $factory)
     {
         $factory->composer('*', AppComposer::class);
         $factory->composer('*', CurrentUserComposer::class);
-        $factory->composer(['index', 'single-incident', 'subscribe.*', 'signup', 'dashboard.settings.theme', 'notifications::email', 'single-schedule', 'errors.*'], ThemeComposer::class);
+        $factory->composer(['index', 'imprint', 'privacy', 'single-incident', 'subscribe.*', 'signup', 'dashboard.settings.theme', 'notifications::email', 'single-schedule', 'errors.*'], ThemeComposer::class);
         $factory->composer('dashboard.*', DashboardComposer::class);
         $factory->composer(['setup.*', 'dashboard.settings.localization'], TimezoneLocaleComposer::class);
 

diff --git a/app/Foundation/Providers/EventServiceProvider.php b/app/Foundation/Providers/EventServiceProvider.php
@@ -159,5 +159,8 @@ class EventServiceProvider extends ServiceProvider
         'CachetHQ\Cachet\Bus\Events\User\UserWasWelcomedEvent' => [
             //
         ],
+        'Illuminate\Mail\Events\MessageSending' => [
+            'CachetHQ\Cachet\Bus\Handlers\Events\MessageSending',
+        ],
     ];
 }
diff --git a/app/Http/Controllers/Api/SubscriberController.php b/app/Http/Controllers/Api/SubscriberController.php
@@ -17,6 +17,7 @@
 use GrahamCampbell\Binput\Facades\Binput;
 use Illuminate\Contracts\Config\Repository;
 use Illuminate\Database\QueryException;
+use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Request;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
@@ -50,7 +51,14 @@ public function store()
         $verified = Binput::get('verify', app(Repository::class)->get('setting.skip_subscriber_verification'));
 
         try {
-            $subscriber = execute(new SubscribeSubscriberCommand(Binput::get('email'), $verified, Binput::get('components', null)));
+            $subscriber = execute(new SubscribeSubscriberCommand(
+                Binput::get('email'),
+                $verified,
+                Binput::get('components', null),
+                // set the privacy statement to "accepted" when it is not given in the input
+                // and the privacy_statement setting is empty
+                Binput::get('acceptPrivacyStatement', !Config::get('setting.privacy_statement'))
+            ));
         } catch (QueryException $e) {
             throw new BadRequestHttpException();
         }

diff --git a/app/Http/Controllers/Dashboard/SettingsController.php b/app/Http/Controllers/Dashboard/SettingsController.php
@@ -11,13 +11,16 @@
 
 namespace CachetHQ\Cachet\Http\Controllers\Dashboard;
 
+use CachetHQ\Cachet\Bus\Commands\Subscriber\UnsubscribeSubscriberCommand;
 use CachetHQ\Cachet\Bus\Commands\System\Config\UpdateConfigCommand;
 use CachetHQ\Cachet\Integrations\Contracts\Credits;
+use CachetHQ\Cachet\Models\Subscriber;
 use CachetHQ\Cachet\Models\User;
 use CachetHQ\Cachet\Notifications\System\SystemTestNotification;
 use CachetHQ\Cachet\Settings\Repository;
 use Exception;
 use GrahamCampbell\Binput\Facades\Binput;
+use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Artisan;
 use Illuminate\Support\Facades\Auth;
@@ -83,6 +86,12 @@ public function __construct()
                 'icon'   => 'ion-lock-combination',
                 'active' => false,
             ],
+            'privacy' => [
+                'title'  => trans('dashboard.settings.privacy.privacy'),
+                'url'    => cachet_route('dashboard.settings.privacy'),
+                'icon'   => 'ion-ios-glasses',
+                'active' => false,
+            ],
             'analytics' => [
                 'title'  => trans('dashboard.settings.analytics.analytics'),
                 'url'    => cachet_route('dashboard.settings.analytics'),
@@ -221,6 +230,46 @@ public function showSecurityView()
             ->withUnsecureUsers($unsecureUsers);
     }
 
+    /**
+     * Shows the settings privacy view.
+     *
+     * @return \Illuminate\View\View
+     */
+    public function showPrivacyView()
+    {
+        $this->subMenu['privacy']['active'] = true;
+
+        Session::flash('redirect_to', $this->subMenu['privacy']['url']);
+
+        $cleanupInterval = Config::get('setting.unverified_cleanup_interval');
+
+        return View::make('dashboard.settings.privacy')
+            ->withPageTitle(trans('dashboard.settings.privacy.privacy').' - '.trans('dashboard.dashboard'))
+            ->withCleanupInterval($cleanupInterval)
+            ->withUnverifiedSubscriberCount(Subscriber::notVerifiedFor($cleanupInterval)->count())
+            ->withSubMenu($this->subMenu);
+    }
+
+    public function removeUnverifiedSubscribers()
+    {
+        $cleanupInterval = Config::get('setting.unverified_cleanup_interval');
+
+        Subscriber::notVerifiedFor($cleanupInterval)->get()->each(function ($subscriber) {
+            execute(new UnsubscribeSubscriberCommand($subscriber));
+        });
+
+        return cachet_redirect('dashboard.settings.privacy')
+            ->withSuccess(trans('dashboard.notifications.awesome'));
+    }
+
+    public function getMarkdownPreview(Request $request)
+    {
+        return View::make('partials.markdown-preview')
+            ->withMarkdown(
+                $request->markdown
+            );
+    }
+
     /**
      * Shows the settings stylesheet view.
      *

diff --git a/app/Http/Controllers/StatusPageController.php b/app/Http/Controllers/StatusPageController.php
@@ -20,11 +20,11 @@
 use CachetHQ\Cachet\Repositories\Metric\MetricRepository;
 use CachetHQ\Cachet\Services\Dates\DateFactory;
 use GrahamCampbell\Binput\Facades\Binput;
-use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\View;
+use Illuminate\Support\Str;
 use Jenssegers\Date\Date;
 use McCool\LaravelAutoPresenter\Facades\AutoPresenter;
 
@@ -209,4 +209,42 @@ public function showComponentBadge(Component $component)
 
         return Response::make($badge, 200, ['Content-Type' => 'image/svg+xml']);
     }
+
+    /**
+     * Show the privacy statement.
+     *
+     * @return \Illuminate\Routing\Redirector|\Illuminate\Http\RedirectResponse|\Illuminate\View\View
+     */
+    public function showPrivacyStatement()
+    {
+        $privacyStatement = trim(Config::get('setting.privacy_statement', ''));
+        if (!$privacyStatement) {
+            return abort(404);
+        }
+        if (Str::startsWith($privacyStatement, ['http://', 'https://']) && filter_var($privacyStatement, FILTER_VALIDATE_URL)) {
+            return redirect($privacyStatement);
+        }
+
+        return View::make('privacy')
+            ->withPrivacyStatement($privacyStatement);
+    }
+
+    /**
+     * Show the imprint.
+     *
+     * @return \Illuminate\Routing\Redirector|\Illuminate\Http\RedirectResponse|\Illuminate\View\View
+     */
+    public function showImprint()
+    {
+        $imprint = trim(Config::get('setting.imprint', ''));
+        if (!$imprint) {
+            return abort(404);
+        }
+        if (Str::startsWith($imprint, ['http://', 'https://']) && filter_var($imprint, FILTER_VALIDATE_URL)) {
+            return redirect($imprint);
+        }
+
+        return View::make('imprint')
+            ->withImprint($imprint);
+    }
 }
diff --git a/app/Http/Controllers/SubscribeController.php b/app/Http/Controllers/SubscribeController.php
@@ -78,9 +78,12 @@ public function postSubscribe()
         $email = Binput::get('email');
         $subscriptions = Binput::get('subscriptions');
         $verified = app(Repository::class)->get('setting.skip_subscriber_verification');
+        // set the privacy statement to "accepted" when it is not given in the input
+        // and the privacy_statement setting is empty
+        $acceptPrivacyStatement = Binput::get('acceptPrivacyStatement', !Config::get('setting.privacy_statement'));
 
         try {
-            $subscription = execute(new SubscribeSubscriberCommand($email, $verified));
+            $subscription = execute(new SubscribeSubscriberCommand($email, $verified, $subscriptions, $acceptPrivacyStatement));
         } catch (ValidationException $e) {
             return cachet_redirect('status-page')
                 ->withInput(Binput::all())
@@ -92,7 +95,7 @@ public function postSubscribe()
             return cachet_redirect('status-page')->withSuccess(trans('cachet.subscriber.email.already-subscribed', ['email' => $email]));
         }
 
-        return cachet_redirect('subscribe.manage', $subscription->verify_code)
+        return cachet_redirect('status-page')
             ->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.subscribed')));
     }
 
@@ -119,7 +122,7 @@ public function getVerify($code = null)
             execute(new VerifySubscriberCommand($subscriber));
         }
 
-        return cachet_redirect('status-page')
+        return cachet_redirect('subscribe.manage', ['code' => $subscriber->verify_code])
             ->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.verified')));
     }
 

diff --git a/app/Http/Routes/Dashboard/SettingRoutes.php b/app/Http/Routes/Dashboard/SettingRoutes.php
@@ -58,6 +58,18 @@ public function map(Registrar $router)
                 'as'   => 'get:dashboard.settings.security',
                 'uses' => 'SettingsController@showSecurityView',
             ]);
+            $router->get('privacy', [
+                'as'   => 'get:dashboard.settings.privacy',
+                'uses' => 'SettingsController@showPrivacyView',
+            ]);
+            $router->post('privacy/clean-unverified-subscribers', [
+                'as'   => 'post:dashboard.settings.privacy.remove-unverified-subscribers',
+                'uses' => 'SettingsController@removeUnverifiedSubscribers',
+            ]);
+            $router->get('markdown/preview', [
+                'as'   => 'get:dashboard.settings.markdown-preview',
+                'uses' => 'SettingsController@getMarkdownPreview',
+            ]);
             $router->get('theme', [
                 'as'   => 'get:dashboard.settings.theme',
                 'uses' => 'SettingsController@showThemeView',

diff --git a/app/Http/Routes/StatusPageRoutes.php b/app/Http/Routes/StatusPageRoutes.php
@@ -63,6 +63,16 @@ public function map(Registrar $router)
                 'as'   => 'get:component_shield',
                 'uses' => 'StatusPageController@showComponentBadge',
             ]);
+
+            $router->get('/imprint', [
+                'as'   => 'get:imprint',
+                'uses' => 'StatusPageController@showImprint',
+            ]);
+
+            $router->get('/privacy', [
+                'as'   => 'get:privacy',
+                'uses' => 'StatusPageController@showPrivacyStatement',
+            ]);
         });
     }
 }
diff --git a/app/Models/Subscriber.php b/app/Models/Subscriber.php
@@ -13,9 +13,11 @@
 
 use AltThree\Validator\ValidatingTrait;
 use CachetHQ\Cachet\Presenters\SubscriberPresenter;
+use Carbon\CarbonInterval;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Carbon;
 use McCool\LaravelAutoPresenter\HasPresenter;
 
 /**
@@ -122,6 +124,22 @@ public function scopeIsVerified(Builder $query)
         return $query->whereNotNull('verified_at');
     }
 
+    /**
+     * @param \Illuminate\Database\Eloquent\Builder $query
+     * @param string                                $interval an ISO8601 duration @see \DateInterval
+     *
+     * @return \Illuminate\Database\Eloquent\Builder
+     */
+    public function scopeNotVerifiedFor(Builder $query, string $interval = 'P1M')
+    {
+        $maxAge = Carbon::now()->subDays(
+            CarbonInterval::make($interval)->totalDays
+        );
+
+        return $query->whereNull('verified_at')
+            ->where('created_at', '<', $maxAge);
+    }
+
     /**
      * Scope global subscribers.
      *

diff --git a/app/Notifications/Component/ComponentStatusChangedNotification.php b/app/Notifications/Component/ComponentStatusChangedNotification.php
@@ -92,6 +92,10 @@ public function toMail($notifiable)
                 'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                 'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
                 'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                'privacyText'            => trans('forms.settings.privacy.privacy-statement'),
+                'privacyUrl'             => cachet_route('privacy'),
+                'imprintText'            => trans('forms.settings.privacy.imprint'),
+                'imprintUrl'             => cachet_route('imprint'),
         ]);
     }
 

diff --git a/app/Notifications/Incident/NewIncidentNotification.php b/app/Notifications/Incident/NewIncidentNotification.php
@@ -84,6 +84,10 @@ public function toMail($notifiable)
                         'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                         'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
                         'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                        'privacyText'            => trans('forms.settings.privacy.privacy-statement'),
+                        'privacyUrl'             => cachet_route('privacy'),
+                        'imprintText'            => trans('forms.settings.privacy.imprint'),
+                        'imprintUrl'             => cachet_route('imprint'),
                     ]);
     }
 

diff --git a/app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php b/app/Notifications/IncidentUpdate/IncidentUpdatedNotification.php
@@ -87,6 +87,10 @@ public function toMail($notifiable)
                 'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                 'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
                 'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                'privacyText'            => trans('forms.settings.privacy.privacy-statement'),
+                'privacyUrl'             => cachet_route('privacy'),
+                'imprintText'            => trans('forms.settings.privacy.imprint'),
+                'imprintUrl'             => cachet_route('imprint'),
         ]);
     }
 

diff --git a/app/Notifications/Schedule/NewScheduleNotification.php b/app/Notifications/Schedule/NewScheduleNotification.php
@@ -82,6 +82,10 @@ public function toMail($notifiable)
                 'unsubscribeUrl'         => cachet_route('subscribe.unsubscribe', $notifiable->verify_code),
                 'manageSubscriptionText' => trans('cachet.subscriber.manage_subscription'),
                 'manageSubscriptionUrl'  => cachet_route('subscribe.manage', $notifiable->verify_code),
+                'privacyText'            => trans('forms.settings.privacy.privacy-statement'),
+                'privacyUrl'             => cachet_route('privacy'),
+                'imprintText'            => trans('forms.settings.privacy.imprint'),
+                'imprintUrl'             => cachet_route('imprint'),
         ]);
     }