mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Added new password complexity rules to forgot password
This commit is contained in:
parent
44e5fec707
commit
cfc1e1366c
|
@ -3,9 +3,13 @@
|
|||
namespace App\Http\Controllers\Auth;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\SaveUserRequest;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Foundation\Auth\ResetsPasswords;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Validation\Rule;
|
||||
use Illuminate\Validation\Validator;
|
||||
|
||||
class ResetPasswordController extends Controller
|
||||
{
|
||||
|
@ -71,34 +75,49 @@ class ResetPasswordController extends Controller
|
|||
}
|
||||
|
||||
|
||||
// public function reset(Request $request)
|
||||
// {
|
||||
// $this->validate($request, $this->rules(), $this->validationErrorMessages());
|
||||
//
|
||||
// // These two lines below allow you to bypass the default validation.
|
||||
// $broker = $this->broker();
|
||||
// $broker->validate(function () {
|
||||
// return true;
|
||||
// });
|
||||
//
|
||||
// $response->reset(
|
||||
// $this->credentials($request), function ($user, $password) {
|
||||
// \Log::debug('resetting the password to '.$password);
|
||||
// $this->resetPassword($user, $password);
|
||||
// }
|
||||
// );
|
||||
//
|
||||
// return $response == \Password::PASSWORD_RESET
|
||||
// ? $this->sendResetResponse($response)
|
||||
// : $this->sendResetFailedResponse($request, $response);
|
||||
// }
|
||||
public function reset(Request $request)
|
||||
{
|
||||
|
||||
$messages = [
|
||||
'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
|
||||
];
|
||||
|
||||
$validator = $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
|
||||
|
||||
// Check to see if the user even exists
|
||||
$user = User::where('username', '=', $request->input('username'))->first();
|
||||
|
||||
$broker = $this->broker();
|
||||
if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== FALSE) {
|
||||
\Log::debug('disallow_same_pwd_as_user_fields is active on the password settings');
|
||||
$request->validate(
|
||||
[
|
||||
'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"'
|
||||
], $messages);
|
||||
|
||||
}
|
||||
|
||||
|
||||
$response = $broker->reset(
|
||||
$this->credentials($request), function ($user, $password) {
|
||||
\Log::debug('resetting the password to '.$password);
|
||||
$this->resetPassword($user, $password);
|
||||
}
|
||||
);
|
||||
|
||||
return $response == \Password::PASSWORD_RESET
|
||||
? $this->sendResetResponse($request, $response)
|
||||
: $this->sendResetFailedResponse($request, $response);
|
||||
}
|
||||
|
||||
|
||||
protected function sendResetFailedResponse(Request $request, $response)
|
||||
{
|
||||
return redirect()->back()
|
||||
->withInput(['username'=> $request->input('username')])
|
||||
->withErrors(['username' => trans($response)]);
|
||||
->withErrors(['username' => trans($response), 'password' => trans($response)]);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue