2016-12-14 05:06:15 -08:00
< ? php
namespace App\Http\Controllers\Auth ;
use App\Http\Controllers\Controller ;
2020-10-08 18:43:39 -07:00
use App\Models\Setting ;
2020-11-03 11:42:42 -08:00
use App\Models\User ;
2016-12-14 05:06:15 -08:00
use Illuminate\Foundation\Auth\ResetsPasswords ;
2018-08-14 20:05:57 -07:00
use Illuminate\Http\Request ;
2024-05-29 04:38:15 -07:00
use Illuminate\Support\Facades\Log ;
2018-08-14 20:05:57 -07:00
2016-12-14 05:06:15 -08:00
class ResetPasswordController extends Controller
{
/*
|--------------------------------------------------------------------------
| Password Reset Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password reset requests
| and uses a simple trait to include this behavior . You ' re free to
| explore this trait and override any methods you wish to tweak .
|
*/
use ResetsPasswords ;
/**
* Where to redirect users after resetting their password .
*
* @ var string
*/
2017-09-27 16:23:21 -07:00
protected $redirectTo = '/' ;
2016-12-14 05:06:15 -08:00
2020-11-02 23:58:37 -08:00
protected $username = 'username' ;
2016-12-14 05:06:15 -08:00
/**
* Create a new controller instance .
*
* @ return void
*/
public function __construct ()
{
$this -> middleware ( 'guest' );
2022-12-06 20:42:40 -08:00
$this -> middleware ( 'throttle:10,1' );
2016-12-14 05:06:15 -08:00
}
2018-10-31 18:03:24 -07:00
protected function rules ()
{
return [
'token' => 'required' ,
'username' => 'required' ,
2020-11-02 23:58:37 -08:00
'password' => 'confirmed|' . Setting :: passwordComplexityRulesSaving ( 'store' ),
2018-10-31 18:03:24 -07:00
];
}
protected function credentials ( Request $request )
{
return $request -> only (
'username' , 'password' , 'password_confirmation' , 'token'
);
}
2018-08-14 20:05:57 -07:00
2018-10-31 18:03:24 -07:00
public function showResetForm ( Request $request , $token = null )
{
2022-06-21 19:30:51 -07:00
$credentials = $request -> only ( 'email' , 'token' );
if ( is_null ( $this -> broker () -> getUser ( $credentials ))) {
2024-05-29 04:38:15 -07:00
Log :: debug ( 'Password reset form FAILED - this token is not valid.' );
2022-06-21 19:30:51 -07:00
return redirect () -> route ( 'password.request' ) -> with ( 'error' , trans ( 'passwords.token' ));
}
2018-10-31 18:03:24 -07:00
return view ( 'auth.passwords.reset' ) -> with (
2020-10-08 18:43:39 -07:00
[
'token' => $token ,
2021-06-10 13:15:52 -07:00
'username' => $request -> input ( 'username' ),
2020-10-08 18:43:39 -07:00
]
2018-10-31 18:03:24 -07:00
);
}
2020-11-03 11:42:42 -08:00
public function reset ( Request $request )
{
2022-06-21 14:15:38 -07:00
2022-06-21 16:13:43 -07:00
$broker = $this -> broker ();
2020-11-03 11:42:42 -08:00
$messages = [
'password.not_in' => trans ( 'validation.disallow_same_pwd_as_user_fields' ),
];
2020-11-03 11:45:19 -08:00
$request -> validate ( $this -> rules (), $request -> all (), $this -> validationErrorMessages ());
2020-11-03 11:42:42 -08:00
2024-05-29 04:38:15 -07:00
Log :: debug ( 'Checking if ' . $request -> input ( 'username' ) . ' exists' );
2022-06-21 16:13:43 -07:00
// Check to see if the user even exists - we'll treat the response the same to prevent user sniffing
2022-06-21 18:48:02 -07:00
if ( $user = User :: where ( 'username' , '=' , $request -> input ( 'username' )) -> where ( 'activated' , '1' ) -> whereNotNull ( 'email' ) -> first ()) {
2024-05-29 04:38:15 -07:00
Log :: debug ( $user -> username . ' exists' );
2022-06-21 14:15:38 -07:00
2022-06-21 18:48:02 -07:00
2022-06-21 14:33:10 -07:00
// handle the password validation rules set by the admin settings
2022-06-21 14:15:38 -07:00
if ( strpos ( Setting :: passwordComplexityRulesSaving ( 'store' ), 'disallow_same_pwd_as_user_fields' ) !== false ) {
$request -> validate (
[
'password' => 'required|notIn:["' . $user -> email . '","' . $user -> username . '","' . $user -> first_name . '","' . $user -> last_name . '"' ,
], $messages );
}
2020-11-03 11:42:42 -08:00
2022-06-21 18:48:02 -07:00
2022-06-21 16:13:43 -07:00
// set the response
2022-06-21 14:15:38 -07:00
$response = $broker -> reset (
$this -> credentials ( $request ), function ( $user , $password ) {
2020-11-03 11:42:42 -08:00
$this -> resetPassword ( $user , $password );
2022-06-21 14:33:10 -07:00
});
2020-11-03 11:42:42 -08:00
2022-06-21 16:13:43 -07:00
// Check if the password reset above actually worked
if ( $response == \Password :: PASSWORD_RESET ) {
2024-05-29 04:38:15 -07:00
Log :: debug ( 'Password reset for ' . $user -> username . ' worked' );
2022-06-21 18:48:02 -07:00
return redirect () -> guest ( 'login' ) -> with ( 'success' , trans ( 'passwords.reset' ));
2022-06-21 16:13:43 -07:00
}
2024-05-29 04:38:15 -07:00
Log :: debug ( 'Password reset for ' . $user -> username . ' FAILED - this user exists but the token is not valid' );
2022-12-06 20:42:40 -08:00
return redirect () -> back () -> withInput ( $request -> only ( 'email' )) -> with ( 'success' , trans ( 'passwords.reset' ));
2022-06-21 16:13:43 -07:00
2022-06-21 14:15:38 -07:00
}
2022-06-21 16:13:43 -07:00
2022-06-21 18:48:02 -07:00
2024-05-29 04:38:15 -07:00
Log :: debug ( 'Password reset for ' . $request -> input ( 'username' ) . ' FAILED - user does not exist or does not have an email address - but make it look like it succeeded' );
2022-06-21 18:48:02 -07:00
return redirect () -> guest ( 'login' ) -> with ( 'success' , trans ( 'passwords.reset' ));
2022-06-21 14:15:38 -07:00
2020-11-03 11:42:42 -08:00
}
2020-11-02 23:58:37 -08:00
2022-06-21 14:15:38 -07:00
2022-06-21 16:13:43 -07:00
2016-12-14 05:06:15 -08:00
}