Addressed merge issue for reset password for #7997

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2020-04-30 17:45:05 -07:00
parent 82e02490fd
commit 8bb3c01f78
No known key found for this signature in database
GPG key ID: 10BFFDA3ED34B5AC
2 changed files with 9 additions and 12 deletions

View file

@ -52,14 +52,15 @@ class ForgotPasswordController extends Controller
*/
public function sendResetLinkEmail(Request $request)
{
$this->validate($request, ['username' => 'required'], ['username.required' => 'Please enter your username.']);
/**
* Let's set a max character count here to prevent potential
* buffer overflow issues with attackers sending very large
* payloads through.
*/
$this->validate($request, ['email' => 'required|email|max:250']);
$this->validate($request->validate([
'email' => 'required|email|max:255']));
/**
* If we find a matching email with an activated user, we will
@ -70,16 +71,16 @@ class ForgotPasswordController extends Controller
*/
$response = $this->broker()->sendResetLink(
array_merge(
$request->only('username'),
$request->only('email'),
['activated' => '1'],
['ldap_import' => '0']
)
);
if ($response === \Password::RESET_LINK_SENT) {
\Log::info('Password reset attempt: User '.$request->input('username').' found, password reset sent');
\Log::info('Password reset attempt: User '.$request->input('email').' found, password reset sent');
} else {
\Log::info('Password reset attempt: User '.$request->input('username').' not found or user is inactive');
\Log::info('Password reset attempt: User '.$request->input('email').' not found or user is inactive');
}
@ -101,8 +102,5 @@ class ForgotPasswordController extends Controller
return redirect()->route('login')->with('success',trans('passwords.sent'));
}
return back()->withErrors(
['email' => trans($response)]
);
}
}

View file

@ -31,12 +31,11 @@
<div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<div class="col-md-12">
<input type="text" class="form-control" name="username" value="{{ old('username') }}" placeholder="{{ trans('admin/users/table.username') }}">
<input type="email" class="form-control" name="email" value="{{ old('email') }}" placeholder="{{ trans('admin/users/table.email') }}" aria-label="email">
{!! $errors->first('username', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
{!! $errors->first('email', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
</div>
</div>