mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Check the user is active before displaying password reset
This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
This commit is contained in:
parent
63c9fbe10c
commit
ae6abdddad
|
@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
|
|||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Foundation\Auth\ResetsPasswords;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class ResetPasswordController extends Controller
|
||||
{
|
||||
|
@ -36,4 +38,19 @@ class ResetPasswordController extends Controller
|
|||
{
|
||||
$this->middleware('guest');
|
||||
}
|
||||
|
||||
public function showResetForm(Request $request, $token = null)
|
||||
{
|
||||
// Check that the user is active
|
||||
|
||||
if ($user = User::where('email', '=',$request->input('email'))->where('activated','=','1')->count() > 0) {
|
||||
return view('auth.passwords.reset')->with(
|
||||
['token' => $token, 'email' => $request->email]
|
||||
);
|
||||
|
||||
}
|
||||
return redirect()->route('password.request')->withErrors(['email' => 'No matching users']);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue