Use username instead of email address in password reset (#6382)

* Switch to use username instead of email

* Fixed indenting

* Updated password language

* Updated blades to reflect username instead of email

* Changed password/reset controllers to use username instead of email

* Redirect to login page instead of repeating the password reset form
This commit is contained in:
snipe 2018-10-31 18:03:24 -07:00 committed by GitHub
parent ce8d47b2b4
commit ea91d59ffc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 60 additions and 44 deletions

View file

@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use Illuminate\Http\Request;
use App\Models\User;
class ForgotPasswordController extends Controller
{
@ -49,27 +50,28 @@ class ForgotPasswordController extends Controller
*/
public function sendResetLinkEmail(Request $request)
{
$this->validate($request, ['email' => 'required|email']);
$this->validate($request, ['username' => 'required'], ['username.required' => 'Please enter your username.']);
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
// Make sure the user is active, and their password is not controlled via LDAP
$response = $this->broker()->sendResetLink(
array_merge(
$request->only('email'),
['activated' => '1']
$request->only('username'),
['activated' => '1'],
['ldap_import' => '0']
)
);
if ($response === \Password::RESET_LINK_SENT) {
return redirect()->route('login')->with('status', trans($response));
\Log::info('Password reset attempt: User '.$request->input('username').' found, password reset sent');
} else {
\Log::info('Password reset attempt: User '.$request->input('username').' not found or user is inactive');
}
// If an error was returned by the password broker, we will get this message
// translated so we can notify a user of the problem. We'll redirect back
// to where the users came from so they can attempt this process again.
return back()->withErrors(
['email' => trans($response)]
);
// Regardless of response, we do not want to disclose the status of a user account,
// so we give them a generic "If this exists, we're TOTALLY gonna email you" response
return redirect()->route('login')->with('success',trans('passwords.sent'));
}
}

View file

@ -4,7 +4,6 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use App\Models\User;
use Illuminate\Http\Request;
@ -39,18 +38,37 @@ class ResetPasswordController extends Controller
{
$this->middleware('guest');
}
protected function rules()
{
return [
'token' => 'required',
'username' => 'required',
'password' => 'required|confirmed|min:6',
];
}
protected function credentials(Request $request)
{
return $request->only(
'username', 'password', 'password_confirmation', 'token'
);
}
public function showSnipeResetForm(Request $request, $token = null)
public function showResetForm(Request $request, $token = null)
{
// Check that the user is active
if ($user = User::where('email', '=',$request->input('email'))->where('activated','=','1')->count() > 0) {
return view('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email]
);
return view('auth.passwords.reset')->with(
['token' => $token, 'username' => $request->input('username')]
);
}
}
return redirect()->route('password.request')->withErrors(['email' => 'No matching users']);
protected function sendResetFailedResponse(Request $request, $response)
{
return redirect()->back()
->withInput(['username'=>$request->input('username')])
->withErrors(['username' => trans($response)]);
}
}

View file

@ -19,19 +19,15 @@ return array(
'success' => 'Account sucessfully created.',
),
'forgot-password' => array(
'error' => 'There was a problem while trying to get a reset password code, please try again.',
'success' => 'Password recovery email successfully sent.',
),
'forgot-password-confirm' => array(
'error' => 'There was a problem while trying to reset your password, please try again.',
'success' => 'Your password has been successfully reset.',
),
'activate' => array(
'error' => 'There was a problem while trying to activate your account, please try again.',
'success' => 'Your account has been successfully activated.',
'forgot-password' => array(
'error' => 'There was a problem while trying to get a reset password code, please try again.',
'success' => 'Password recovery email successfully sent.',
),
'forgot-password-confirm' => array(
'error' => 'There was a problem while trying to reset your password, please try again.',
'success' => 'Your password has been successfully reset.',
),
);

View file

@ -1,7 +1,7 @@
<?php
return [
'sent' => 'Your password link has been sent!',
'user' => 'No matching active user found with that email.',
'sent' => 'If a matching username and email address is found, a password reset link will be sent!',
'user' => 'No matching active user found.',
];

View file

@ -31,11 +31,11 @@
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
<div class="col-md-12">
<input type="email" class="form-control" name="email" value="{{ old('email') }}" placeholder="{{ trans('admin/users/table.email') }}">
{!! $errors->first('email', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
<input type="text" class="form-control" name="username" value="{{ old('username') }}" placeholder="{{ trans('admin/users/table.username') }}">
{!! $errors->first('username', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
</div>
</div>

View file

@ -31,12 +31,12 @@
<input type="hidden" name="token" value="{{ $token }}">
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label class="col-md-4 control-label">{{ trans('admin/users/table.email') }}</label>
<div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
<label class="col-md-4 control-label">{{ trans('admin/users/table.username') }}</label>
<div class="col-md-6">
<input type="email" class="form-control" name="email" value="{{ $email or old('email') }}">
{!! $errors->first('email', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
<input type="text" class="form-control" name="username" value="{{ $username or old('username') }}">
{!! $errors->first('username', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
</div>
</div>