mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 13:44:06 -08:00
Fixed missing password.token string and checked for user existing before trying to reset
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
87980643ea
commit
21875100b6
|
@ -73,6 +73,7 @@ class ResetPasswordController extends Controller
|
||||||
|
|
||||||
public function reset(Request $request)
|
public function reset(Request $request)
|
||||||
{
|
{
|
||||||
|
|
||||||
$messages = [
|
$messages = [
|
||||||
'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
|
'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
|
||||||
];
|
];
|
||||||
|
@ -80,27 +81,36 @@ class ResetPasswordController extends Controller
|
||||||
$request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
|
$request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
|
||||||
|
|
||||||
// Check to see if the user even exists
|
// Check to see if the user even exists
|
||||||
$user = User::where('username', '=', $request->input('username'))->first();
|
if ($user = User::where('username', '=', $request->input('username'))->first()) {
|
||||||
|
$broker = $this->broker();
|
||||||
|
|
||||||
$broker = $this->broker();
|
if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
|
||||||
if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
|
$request->validate(
|
||||||
$request->validate(
|
[
|
||||||
[
|
'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"',
|
||||||
'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"',
|
], $messages);
|
||||||
], $messages);
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$response = $broker->reset(
|
$response = $broker->reset(
|
||||||
$this->credentials($request), function ($user, $password) {
|
$this->credentials($request), function ($user, $password) {
|
||||||
$this->resetPassword($user, $password);
|
$this->resetPassword($user, $password);
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
return $response == \Password::PASSWORD_RESET
|
return $response == \Password::PASSWORD_RESET
|
||||||
? $this->sendResetResponse($request, $response)
|
? $this->sendResetResponse($request, $response)
|
||||||
: $this->sendResetFailedResponse($request, $response);
|
: $this->sendResetFailedResponse($request, $response);
|
||||||
|
}
|
||||||
|
|
||||||
|
// the user doesn't exist, so we're not really sending anything here
|
||||||
|
return redirect()->route('login')
|
||||||
|
->withInput(['username'=> $request->input('username')])
|
||||||
|
->with('success', trans('passwords.sent'));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
protected function sendResetFailedResponse(Request $request, $response)
|
protected function sendResetFailedResponse(Request $request, $response)
|
||||||
{
|
{
|
||||||
return redirect()->back()
|
return redirect()->back()
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'sent' => 'Success: If that email address exists in our system, a password recovery email has been sent.',
|
'sent' => 'If that email address exists in our system, a password recovery email has been sent.',
|
||||||
'user' => 'No matching active user found with that email.',
|
'user' => 'No matching active user found with that email.',
|
||||||
|
"token" => "This password reset token is invalid or expired.",
|
||||||
];
|
];
|
||||||
|
|
|
@ -17,7 +17,7 @@ return array(
|
||||||
|
|
||||||
"user" => "Username or email address is incorrect",
|
"user" => "Username or email address is incorrect",
|
||||||
|
|
||||||
"token" => "This password reset token is invalid.",
|
"token" => "This password reset token is invalid or expired.",
|
||||||
|
|
||||||
"sent" => "If a matching email address was found, a password reminder has been sent!",
|
"sent" => "If a matching email address was found, a password reminder has been sent!",
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue