BookStack/app/Access/Controllers/ResetPasswordController.php

96 lines
3.3 KiB
PHP
Raw Normal View History

2015-07-12 15:01:42 -04:00
<?php
2023-05-17 12:56:55 -04:00
namespace BookStack\Access\Controllers;
2015-07-12 15:01:42 -04:00
2023-05-17 12:56:55 -04:00
use BookStack\Access\LoginService;
use BookStack\Activity\ActivityType;
use BookStack\Http\Controller;
2023-05-17 12:56:55 -04:00
use BookStack\Users\Models\User;
use Illuminate\Http\RedirectResponse;
2019-09-06 18:36:16 -04:00
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Validation\Rules\Password as PasswordRule;
2015-07-12 15:01:42 -04:00
class ResetPasswordController extends Controller
2015-07-12 15:01:42 -04:00
{
public function __construct(
protected LoginService $loginService
) {
$this->middleware('guest');
$this->middleware('guard:standard');
}
2016-11-12 06:40:54 -05:00
2015-07-12 15:01:42 -04:00
/**
* Display the password reset view for the given token.
* If no token is present, display the link request form.
2015-07-12 15:01:42 -04:00
*/
public function showResetForm(Request $request)
2015-07-12 15:01:42 -04:00
{
$token = $request->route()->parameter('token');
return view('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email]
);
}
/**
* Reset the given user's password.
*/
public function reset(Request $request)
{
$request->validate([
'token' => 'required',
'email' => 'required|email',
'password' => ['required', 'confirmed', PasswordRule::defaults()],
]);
// Here we will attempt to reset the user's password. If it is successful we
// will update the password on an actual user model and persist it to the
// database. Otherwise we will parse the error and return the response.
$credentials = $request->only('email', 'password', 'password_confirmation', 'token');
$response = Password::broker()->reset($credentials, function (User $user, string $password) {
$user->password = Hash::make($password);
$user->setRememberToken(Str::random(60));
$user->save();
$this->loginService->login($user, auth()->getDefaultDriver());
});
// If the password was successfully reset, we will redirect the user back to
// the application's home authenticated view. If there is an error we can
// redirect them back to where they came from with their error message.
return $response === Password::PASSWORD_RESET
? $this->sendResetResponse()
: $this->sendResetFailedResponse($request, $response, $request->get('token'));
2015-07-12 15:01:42 -04:00
}
2016-11-12 06:40:54 -05:00
/**
* Get the response for a successful password reset.
*/
protected function sendResetResponse(): RedirectResponse
2016-11-12 06:40:54 -05:00
{
$this->showSuccessNotification(trans('auth.reset_password_success'));
$this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user());
2021-06-26 11:23:15 -04:00
return redirect('/');
2016-11-12 06:40:54 -05:00
}
/**
* Get the response for a failed password reset.
*/
protected function sendResetFailedResponse(Request $request, string $response, string $token): RedirectResponse
{
// We show invalid users as invalid tokens as to not leak what
// users may exist in the system.
if ($response === Password::INVALID_USER) {
$response = Password::INVALID_TOKEN;
}
return redirect("/password/reset/{$token}")
->withInput($request->only('email'))
->withErrors(['email' => trans($response)]);
}
}