snipe-it/app/Http/Controllers/Auth/ResetPasswordController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Models\Setting;
use App\Models\User;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\Request;


class ResetPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset requests
    | and uses a simple trait to include this behavior. You're free to
    | explore this trait and override any methods you wish to tweak.
    |
    */

    use ResetsPasswords;

    /**
     * Where to redirect users after resetting their password.
     *
     * @var string
     */
    protected $redirectTo = '/';

    protected $username = 'username';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }

    protected function rules()
    {
        return [
            'token' => 'required',
            'username' => 'required',
            'password' => 'confirmed|'.Setting::passwordComplexityRulesSaving('store'),
        ];
    }

    protected function credentials(Request $request)
    {
        return $request->only(
            'username', 'password', 'password_confirmation', 'token'
        );
    }

    public function showResetForm(Request $request, $token = null)
    {
        return view('auth.passwords.reset')->with(
            [
                'token' => $token,
                'username' => $request->input('username'),
            ]
        );
    }

    public function reset(Request $request)
    {

        $messages = [
            'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
        ];

        $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());

        // Check to see if the user even exists
        if ($user = User::where('username', '=', $request->input('username'))->whereNotNull('email')->first()) {
            $broker = $this->broker();

            // handle the password validation rules set by the admin settings
            if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
                $request->validate(
                    [
                        'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"',
                    ], $messages);
            }

            // send the reset
            $response = $broker->reset(
                $this->credentials($request), function ($user, $password) {
                $this->resetPassword($user, $password);
            });

        }
        // This is laravel magic - we override the sendResetFailedResponse further down to send a success message even if it failed
        return $response == \Password::PASSWORD_RESET
            ? $this->sendResetResponse($request, $response)
            : $this->sendResetFailedResponse($request, $response);

    }


    protected function sendResetFailedResponse(Request $request, $response)
    {
        return redirect()->back()
            ->withInput(['username'=> $request->input('username')])
            ->with('success', trans('passwords.sent'));
    }
}
Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00			`<?php`

			`namespace App\Http\Controllers\Auth;`

			`use App\Http\Controllers\Controller;`
Use password security settings on password reset 2020-10-08 18:43:39 -07:00			`use App\Models\Setting;`
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00			`use App\Models\User;`
Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00			`use Illuminate\Foundation\Auth\ResetsPasswords;`
Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00			`use Illuminate\Http\Request;`
Removed unused rules Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 16:13:26 -07:00
Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00
Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00			`class ResetPasswordController extends Controller`
			`{`
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Password Reset Controller`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This controller is responsible for handling password reset requests`
			`\| and uses a simple trait to include this behavior. You're free to`
			`\| explore this trait and override any methods you wish to tweak.`
			`\|`
			`*/`

			`use ResetsPasswords;`

			`/**`
			`* Where to redirect users after resetting their password.`
			`*`
			`* @var string`
			`*/`
Fix redirect default on password reset 2017-09-27 16:23:21 -07:00			`protected $redirectTo = '/';`
Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00
Updated passwordComplexityRulesSaving() signature so it isn’t nullable 2020-11-02 23:58:37 -08:00			`protected $username = 'username';`

Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00			`/**`
			`* Create a new controller instance.`
			`*`
			`* @return void`
			`*/`
			`public function __construct()`
			`{`
			`$this->middleware('guest');`
			`}`
Use username instead of email address in password reset (#6382) * Switch to use username instead of email * Fixed indenting * Updated password language * Updated blades to reflect username instead of email * Changed password/reset controllers to use username instead of email * Redirect to login page instead of repeating the password reset form 2018-10-31 18:03:24 -07:00
			`protected function rules()`
			`{`
			`return [`
			`'token' => 'required',`
			`'username' => 'required',`
Updated passwordComplexityRulesSaving() signature so it isn’t nullable 2020-11-02 23:58:37 -08:00			`'password' => 'confirmed\|'.Setting::passwordComplexityRulesSaving('store'),`
Use username instead of email address in password reset (#6382) * Switch to use username instead of email * Fixed indenting * Updated password language * Updated blades to reflect username instead of email * Changed password/reset controllers to use username instead of email * Redirect to login page instead of repeating the password reset form 2018-10-31 18:03:24 -07:00			`];`
			`}`

			`protected function credentials(Request $request)`
			`{`
			`return $request->only(`
			`'username', 'password', 'password_confirmation', 'token'`
			`);`
			`}`
Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00
Use username instead of email address in password reset (#6382) * Switch to use username instead of email * Fixed indenting * Updated password language * Updated blades to reflect username instead of email * Changed password/reset controllers to use username instead of email * Redirect to login page instead of repeating the password reset form 2018-10-31 18:03:24 -07:00			`public function showResetForm(Request $request, $token = null)`
			`{`
			`return view('auth.passwords.reset')->with(`
Use password security settings on password reset 2020-10-08 18:43:39 -07:00			`[`
			`'token' => $token,`
Adopt Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 2021-06-10 13:15:52 -07:00			`'username' => $request->input('username'),`
Use password security settings on password reset 2020-10-08 18:43:39 -07:00			`]`
Use username instead of email address in password reset (#6382) * Switch to use username instead of email * Fixed indenting * Updated password language * Updated blades to reflect username instead of email * Changed password/reset controllers to use username instead of email * Redirect to login page instead of repeating the password reset form 2018-10-31 18:03:24 -07:00			`);`
			`}`

Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00			`public function reset(Request $request)`
			`{`
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00			`$messages = [`
			`'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),`
			`];`

Removed debugging 2020-11-03 11:45:19 -08:00			`$request->validate($this->rules(), $request->all(), $this->validationErrorMessages());`
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00
			`// Check to see if the user even exists`
Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:33:10 -07:00			`if ($user = User::where('username', '=', $request->input('username'))->whereNotNull('email')->first()) {`
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00			`$broker = $this->broker();`

Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:33:10 -07:00			`// handle the password validation rules set by the admin settings`
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00			`if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {`
			`$request->validate(`
			`[`
			`'password' => 'required\|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"',`
			`], $messages);`
			`}`
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00
Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:33:10 -07:00			`// send the reset`
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00			`$response = $broker->reset(`
			`$this->credentials($request), function ($user, $password) {`
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00			`$this->resetPassword($user, $password);`
Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:33:10 -07:00			`});`
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00			`}`
Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:33:10 -07:00			`// This is laravel magic - we override the sendResetFailedResponse further down to send a success message even if it failed`
			`return $response == \Password::PASSWORD_RESET`
			`? $this->sendResetResponse($request, $response)`
			`: $this->sendResetFailedResponse($request, $response);`
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00
Added new password complexity rules to forgot password 2020-11-03 11:42:42 -08:00			`}`
Updated passwordComplexityRulesSaving() signature so it isn’t nullable 2020-11-02 23:58:37 -08:00
Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:15:38 -07:00
Use username instead of email address in password reset (#6382) * Switch to use username instead of email * Fixed indenting * Updated password language * Updated blades to reflect username instead of email * Changed password/reset controllers to use username instead of email * Redirect to login page instead of repeating the password reset form 2018-10-31 18:03:24 -07:00			`protected function sendResetFailedResponse(Request $request, $response)`
Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00			`{`
Use username instead of email address in password reset (#6382) * Switch to use username instead of email * Fixed indenting * Updated password language * Updated blades to reflect username instead of email * Changed password/reset controllers to use username instead of email * Redirect to login page instead of repeating the password reset form 2018-10-31 18:03:24 -07:00			`return redirect()->back()`
Use password security settings on password reset 2020-10-08 18:43:39 -07:00			`->withInput(['username'=> $request->input('username')])`
Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net> 2022-06-21 14:33:10 -07:00			`->with('success', trans('passwords.sent'));`
Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00			`}`
Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00			`}`