DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-20 07:47:41 -07:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Check the user is active before displaying password reset

Browse source 
This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
This commit is contained in:
snipe 2018-08-14 19:04:47 -07:00
parent 63c9fbe10c
commit ae6abdddad
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
app/Http/Controllers/Auth/ResetPasswordController.php
View file

@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use App\Models\User;
use Illuminate\Http\Request;
class ResetPasswordController extends Controller
{
@ -36,4 +38,19 @@ class ResetPasswordController extends Controller
{
$this->middleware('guest');
}
public function showResetForm(Request $request, $token = null)
{
// Check that the user is active
if ($user = User::where('email', '=',$request->input('email'))->where('activated','=','1')->count() > 0) {
return view('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email]
);
}
return redirect()->route('password.request')->withErrors(['email' => 'No matching users']);
}
}