Check the user is active before displaying password reset

This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
This commit is contained in:
snipe 2018-08-14 19:04:47 -07:00
parent 63c9fbe10c
commit ae6abdddad

View file

@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords; use Illuminate\Foundation\Auth\ResetsPasswords;
use App\Models\User;
use Illuminate\Http\Request;
class ResetPasswordController extends Controller class ResetPasswordController extends Controller
{ {
@ -36,4 +38,19 @@ class ResetPasswordController extends Controller
{ {
$this->middleware('guest'); $this->middleware('guest');
} }
public function showResetForm(Request $request, $token = null)
{
// Check that the user is active
if ($user = User::where('email', '=',$request->input('email'))->where('activated','=','1')->count() > 0) {
return view('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email]
);
}
return redirect()->route('password.request')->withErrors(['email' => 'No matching users']);
}
} }