DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 06:04:08 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Fixed missing password.token string and checked for user existing before trying to reset

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-06-21 14:15:38 -07:00
parent 87980643ea
commit 21875100b6
3 changed files with 26 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/Http/Controllers/Auth/ResetPasswordController.php
View file

@ -73,6 +73,7 @@ class ResetPasswordController extends Controller
public function reset(Request $request) public function reset(Request $request)
{ {
$messages = [ $messages = [
'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'), 'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
]; ];
@ -80,9 +81,9 @@ class ResetPasswordController extends Controller
$request->validate($this->rules(), $request->all(), $this->validationErrorMessages()); $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
// Check to see if the user even exists // Check to see if the user even exists
$user = User::where('username', '=', $request->input('username'))->first(); if ($user = User::where('username', '=', $request->input('username'))->first()) {
$broker = $this->broker(); $broker = $this->broker();
if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) { if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
$request->validate( $request->validate(
[ [
@ -101,6 +102,15 @@ class ResetPasswordController extends Controller
: $this->sendResetFailedResponse($request, $response); : $this->sendResetFailedResponse($request, $response);
} }
// the user doesn't exist, so we're not really sending anything here
return redirect()->route('login')
->withInput(['username'=> $request->input('username')])
->with('success', trans('passwords.sent'));
}
protected function sendResetFailedResponse(Request $request, $response) protected function sendResetFailedResponse(Request $request, $response)
{ {
return redirect()->back() return redirect()->back()

3
resources/lang/en/passwords.php
View file

@ -1,6 +1,7 @@
<?php <?php
return [ return [
'sent' => 'Success: If that email address exists in our system, a password recovery email has been sent.', 'sent' => 'If that email address exists in our system, a password recovery email has been sent.',
'user' => 'No matching active user found with that email.', 'user' => 'No matching active user found with that email.',
"token" => "This password reset token is invalid or expired.",
]; ];

2
resources/lang/en/reminders.php
View file

@ -17,7 +17,7 @@ return array(
"user" => "Username or email address is incorrect", "user" => "Username or email address is incorrect",
"token" => "This password reset token is invalid.", "token" => "This password reset token is invalid or expired.",
"sent" => "If a matching email address was found, a password reminder has been sent!", "sent" => "If a matching email address was found, a password reminder has been sent!",