Require verified email for OAuth routes (fix #59)

app/Providers/RouteServiceProvider.php

@@ -45,7 +45,7 @@ class RouteServiceProvider extends ServiceProvider
 
         $this->mapApiRoutes();
 
-        Passport::routes();
+        Passport::routes(null, ['middleware' => ['verified']]);
 
         event(new ConfigureRoutes($router));
     }

resources/misc/changelogs/en/4.2.1.md

@@ -4,3 +4,4 @@
 - Fixed that "Operations Panel" in "Texture Details" page is shown even if current user is not privileged.
 - Fixed that banning the texture uploader will in fact ban the reporter.
 - Fixed that an error will occur when handling a report whose texture has been deleted.
+- Fixed that user without verified email can access OAuth.

resources/misc/changelogs/zh_CN/4.2.1.md

@@ -4,3 +4,4 @@
 - 「材质详情」中「更多操作」面板不再对无权限的用户显示
 - 修复处理举报时，封禁上传者实际上会封禁举报人
 - 修复处理举报时，若材质已被删除，则会出错
+- 未验证邮箱的用户能使用 OAuth 的问题

routes/web.php

@@ -84,7 +84,7 @@ Route::group([
     Route::post('/closet/rename/{tid}', 'ClosetController@rename');
 
     // OAuth2 Management
-    Route::view('/oauth/manage', 'user.oauth');
+    Route::view('/oauth/manage', 'user.oauth')->middleware('verified');
 });
 
 /*

tests/MiddlewareTest.php

@@ -37,6 +37,13 @@ class MiddlewareTest extends TestCase
         $this->actAs('normal')
             ->get('/skinlib/upload')
             ->assertSuccessful();
+
+        $user = factory(User::class)->create(['verified' => false]);
+        $this->actingAs($user)->get('/user/oauth/manage')->assertForbidden();
+        $this->getJson('/oauth/clients')->assertForbidden();
+        $user->verified = true;
+        $user->save();
+        $this->getJson('/oauth/clients')->assertSuccessful();
     }
 
     public function testCheckAdministrator()