BookStack/app/Access/Controllers/ForgotPasswordController.php

<?php

namespace BookStack\Access\Controllers;

use BookStack\Activity\ActivityType;
use BookStack\Http\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;

class ForgotPasswordController extends Controller
{
    public function __construct()
    {
        $this->middleware('guest');
        $this->middleware('guard:standard');
    }

    /**
     * Display the form to request a password reset link.
     */
    public function showLinkRequestForm()
    {
        return view('auth.passwords.email');
    }

    /**
     * Send a reset link to the given user.
     */
    public function sendResetLinkEmail(Request $request)
    {
        $this->validate($request, [
            'email' => ['required', 'email'],
        ]);

        // We will send the password reset link to this user. Once we have attempted
        // to send the link, we will examine the response then see the message we
        // need to show to the user. Finally, we'll send out a proper response.
        $response = Password::broker()->sendResetLink(
            $request->only('email')
        );

        if ($response === Password::RESET_LINK_SENT) {
            $this->logActivity(ActivityType::AUTH_PASSWORD_RESET, $request->get('email'));
        }

        if (in_array($response, [Password::RESET_LINK_SENT, Password::INVALID_USER, Password::RESET_THROTTLED])) {
            $message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
            $this->showSuccessNotification($message);

            return redirect('/password/email')->with('status', trans($response));
        }

        // If an error was returned by the password broker, we will get this message
        // translated so we can notify a user of the problem. We'll redirect back
        // to where the users came from so they can attempt this process again.
        return redirect('/password/email')->withErrors(
            ['email' => trans($response)]
        );
    }
}
Initial commit 2015-07-12 15:01:42 -04:00			`<?php`

Played around with a new app structure 2023-05-17 12:56:55 -04:00			`namespace BookStack\Access\Controllers;`
Initial commit 2015-07-12 15:01:42 -04:00
Played around with a new app structure 2023-05-17 12:56:55 -04:00			`use BookStack\Activity\ActivityType;`
Cleaned up namespacing in routes Also moved home controller and moved controllers up a level in http. 2023-05-18 15:53:39 -04:00			`use BookStack\Http\Controller;`
Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00			`use Illuminate\Http\Request;`
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016 2020-04-10 08:38:08 -04:00			`use Illuminate\Support\Facades\Password;`
Initial commit 2015-07-12 15:01:42 -04:00
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-17 13:22:04 -04:00			`class ForgotPasswordController extends Controller`
Initial commit 2015-07-12 15:01:42 -04:00			`{`
			`public function __construct()`
			`{`
			`$this->middleware('guest');`
Simplified guard names and rolled out guard route checks - Included tests to cover for LDAP and SAML - Updated wording for external auth id option. - Updated 'assertPermissionError' test case to be usable in BrowserKitTests 2020-02-02 08:10:21 -05:00			`$this->middleware('guard:standard');`
Initial commit 2015-07-12 15:01:42 -04:00			`}`
Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00
Removed usage of laravel/ui dependency Brings app auth controller handling aligned within the app, rather than having many overrides of the framwork packages causing confusion and messiness over time. 2022-09-22 11:54:27 -04:00			`/**`
			`* Display the form to request a password reset link.`
			`*/`
			`public function showLinkRequestForm()`
			`{`
			`return view('auth.passwords.email');`
			`}`

Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00			`/**`
			`* Send a reset link to the given user.`
			`*/`
			`public function sendResetLinkEmail(Request $request)`
			`{`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-04 20:26:55 -04:00			`$this->validate($request, [`
Applied styleci changes 2021-11-04 20:28:41 -04:00			`'email' => ['required', 'email'],`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-04 20:26:55 -04:00			`]);`
Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00
			`// We will send the password reset link to this user. Once we have attempted`
			`// to send the link, we will examine the response then see the message we`
			`// need to show to the user. Finally, we'll send out a proper response.`
Removed usage of laravel/ui dependency Brings app auth controller handling aligned within the app, rather than having many overrides of the framwork packages causing confusion and messiness over time. 2022-09-22 11:54:27 -04:00			`$response = Password::broker()->sendResetLink(`
Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00			`$request->only('email')`
			`);`

Implemented remainder of activity types Also fixed audit log to work for non-entity items. 2020-11-20 14:33:11 -05:00			`if ($response === Password::RESET_LINK_SENT) {`
			`$this->logActivity(ActivityType::AUTH_PASSWORD_RESET, $request->get('email'));`
			`}`

Added throttling to password reset requests 2021-10-08 18:19:37 -04:00			`if (in_array($response, [Password::RESET_LINK_SENT, Password::INVALID_USER, Password::RESET_THROTTLED])) {`
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016 2020-04-10 08:38:08 -04:00			`$message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 07:55:01 -04:00			`$this->showSuccessNotification($message);`
Apply fixes from StyleCI 2021-06-26 11:23:15 -04:00
URL Handling: Removed referrer-based redirect handling Swapped back handling to instead be pre-determined instead of being based upon session/referrer which would cause inconsistent results when referrer data was not available (redirect to app-loaded images/files). To support, this adds a mechansism to provide a URL through request data. Also cleaned up some imports in code while making changes. Closes #4656. 2023-12-10 07:37:21 -05:00			`return redirect('/password/email')->with('status', trans($response));`
Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00			`}`

			`// If an error was returned by the password broker, we will get this message`
			`// translated so we can notify a user of the problem. We'll redirect back`
			`// to where the users came from so they can attempt this process again.`
URL Handling: Removed referrer-based redirect handling Swapped back handling to instead be pre-determined instead of being based upon session/referrer which would cause inconsistent results when referrer data was not available (redirect to app-loaded images/files). To support, this adds a mechansism to provide a URL through request data. Also cleaned up some imports in code while making changes. Closes #4656. 2023-12-10 07:37:21 -05:00			`return redirect('/password/email')->withErrors(`
Merge fixes from branch 'v0.12' 2016-11-12 06:40:54 -05:00			`['email' => trans($response)]`
			`);`
			`}`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-28 11:58:52 -05:00			`}`