Improved password reset flow with notifications.

Also added links to sign-in/register.
Fixed links in emails sent out.

Fixes #210 and #218.

app/Http/Controllers/Auth/PasswordController.php

@@ -4,6 +4,8 @@ namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
+use Illuminate\Http\Request;
+use Password;
 
 class PasswordController extends Controller
 {
@@ -29,4 +31,46 @@ class PasswordController extends Controller
     {
         $this->middleware('guest');
     }
+
+
+    /**
+     * Send a reset link to the given user.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function sendResetLinkEmail(Request $request)
+    {
+        $this->validate($request, ['email' => 'required|email']);
+
+        $broker = $this->getBroker();
+
+        $response = Password::broker($broker)->sendResetLink(
+            $request->only('email'), $this->resetEmailBuilder()
+        );
+
+        switch ($response) {
+            case Password::RESET_LINK_SENT:
+                $message = 'A password reset link has been sent to ' . $request->get('email') . '.';
+                session()->flash('success', $message);
+                return $this->getSendResetLinkEmailSuccessResponse($response);
+
+            case Password::INVALID_USER:
+            default:
+                return $this->getSendResetLinkEmailFailureResponse($response);
+        }
+    }
+
+    /**
+     * Get the response for after a successful password reset.
+     *
+     * @param  string  $response
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    protected function getResetSuccessResponse($response)
+    {
+        $message = 'Your password has been successfully reset.';
+        session()->flash('success', $message);
+        return redirect($this->redirectPath())->with('status', trans($response));
+    }
 }

app/helpers.php

@@ -84,6 +84,11 @@ function baseUrl($path, $forceAppDomain = false)
         $path = implode('/', array_splice($explodedPath, 3));
     }
 
+    // Return normal url path if not specified in config
+    if (config('app.url') === '') {
+        return url($path);
+    }
+
     return rtrim(config('app.url'), '/') . '/' . $path;
 }
 

config/setting-defaults.php

@@ -8,6 +8,7 @@ return [
     'app-name'        => 'BookStack',
     'app-editor'      => 'wysiwyg',
     'app-color'       => '#0288D1',
-    'app-color-light' => 'rgba(21, 101, 192, 0.15)'
+    'app-color-light' => 'rgba(21, 101, 192, 0.15)',
+    'registration-enabled' => false,
 
 ];

resources/views/auth/password.blade.php

@@ -1,5 +1,12 @@
 @extends('public')
 
+@section('header-buttons')
+    <a href="{{ baseUrl("/login") }}"><i class="zmdi zmdi-sign-in"></i>Sign in</a>
+    @if(setting('registration-enabled'))
+        <a href="{{ baseUrl("/register") }}"><i class="zmdi zmdi-account-add"></i>Sign up</a>
+    @endif
+@stop
+
 @section('content')
 
 

resources/views/auth/reset.blade.php

@@ -1,5 +1,12 @@
 @extends('public')
 
+@section('header-buttons')
+    <a href="{{ baseUrl("/login") }}"><i class="zmdi zmdi-sign-in"></i>Sign in</a>
+    @if(setting('registration-enabled'))
+        <a href="{{ baseUrl("/register") }}"><i class="zmdi zmdi-account-add"></i>Sign up</a>
+    @endif
+@stop
+
 @section('body-class', 'image-cover login')
 
 @section('content')

resources/views/emails/email-confirmation.blade.php

@@ -162,14 +162,14 @@
                             <h1 style="padding-top:0;padding-bottom:0;padding-right:0;padding-left:0;font-family:'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;color:#444;margin-top:10px;margin-bottom:10px;margin-right:0;margin-left:0;line-height:1.2;font-weight:200;font-size:36px;">
                                 Email Confirmation</h1>
                             <p style="margin-top:0;margin-right:0;margin-left:0;padding-top:0;padding-bottom:0;padding-right:0;padding-left:0;font-family:'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif;line-height:1.6;margin-bottom:10px;font-weight:normal;font-size:14px;color:#888888;">
-                                Thanks for joining <a href="{{ baseUrl('/') }}">{{ setting('app-name')}}</a>. <br/>
+                                Thanks for joining <a href="{{ baseUrl('/', true) }}">{{ setting('app-name')}}</a>. <br/>
                                 Please confirm your email address by clicking the button below.</p>
                             <table style="margin-top:0;margin-bottom:0;margin-right:0;margin-left:0;padding-top:0;padding-bottom:0;padding-right:0;padding-left:0;font-family:'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif;font-size:100%;line-height:1.6;width:100%;">
                                 <tr style="margin-top:0;margin-bottom:0;margin-right:0;margin-left:0;padding-top:0;padding-bottom:0;padding-right:0;padding-left:0;font-family:'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif;font-size:100%;line-height:1.6;">
                                     <td class="padding"
                                         style="margin-top:0;margin-bottom:0;margin-right:0;margin-left:0;font-family:'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif;font-size:100%;line-height:1.6;padding-top:10px;padding-bottom:10px;padding-right:0;padding-left:0;">
                                         <p style="margin-top:0;margin-right:0;margin-left:0;padding-top:0;padding-bottom:0;padding-right:0;padding-left:0;font-family:'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif;line-height:1.6;margin-bottom:10px;font-weight:normal;font-size:14px;color:#888888;">
-                                            <a class="btn-primary" href="{{ baseUrl('/register/confirm/' . $token) }}"
+                                            <a class="btn-primary" href="{{ baseUrl('/register/confirm/' . $token, true) }}"
                                                style="margin-top:0;margin-bottom:0;margin-left:0;padding-top:0;padding-bottom:0;padding-right:0;padding-left:0;font-family:'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif;font-size:100%;text-decoration:none;color:#FFF;background-color:#348eda;border-style:solid;border-color:#348eda;border-width:10px 20px;line-height:2;font-weight:bold;margin-right:10px;text-align:center;cursor:pointer;display:inline-block;border-radius:4px;">Confirm
                                                 Email</a></p>
                                     </td>

tests/Auth/AuthTest.php

@@ -216,6 +216,37 @@ class AuthTest extends TestCase
             ->seePageIs('/login');
     }
 
+    public function test_reset_password_flow()
+    {
+        $this->visit('/login')->click('Forgot Password?')
+            ->seePageIs('/password/email')
+            ->type('admin@admin.com', 'email')
+            ->press('Send Reset Link')
+            ->see('A password reset link has been sent to admin@admin.com');
+
+        $this->seeInDatabase('password_resets', [
+            'email' => 'admin@admin.com'
+        ]);
+
+        $reset = DB::table('password_resets')->where('email', '=', 'admin@admin.com')->first();
+        $this->visit('/password/reset/' . $reset->token)
+            ->see('Reset Password')
+            ->submitForm('Reset Password', [
+                'email' => 'admin@admin.com',
+                'password' => 'randompass',
+                'password_confirmation' => 'randompass'
+            ])->seePageIs('/')
+            ->see('Your password has been successfully reset');
+    }
+
+    public function test_reset_password_page_shows_sign_links()
+    {
+        $this->setSettings(['registration-enabled' => 'true']);
+        $this->visit('/password/email')
+            ->seeLink('Sign in')
+            ->seeLink('Sign up');
+    }
+
     /**
      * Perform a login
      * @param string $email