mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-14 09:34:10 -08:00
e27065fe16
Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .all-contributorsrc # README.md # app/Console/Commands/ResetDemoSettings.php # app/Helpers/Helper.php # app/Http/Controllers/Api/AccessoriesController.php # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/Api/CategoriesController.php # app/Http/Controllers/Api/ComponentsController.php # app/Http/Controllers/Api/ConsumablesController.php # app/Http/Controllers/Api/LocationsController.php # app/Http/Controllers/Api/StatuslabelsController.php # app/Http/Controllers/Api/SuppliersController.php # app/Http/Controllers/AssetMaintenancesController.php # app/Http/Controllers/Auth/ForgotPasswordController.php # app/Http/Controllers/DepreciationsController.php # app/Http/Controllers/ReportsController.php # app/Http/Controllers/SettingsController.php # app/Http/Requests/ImageUploadRequest.php # app/Http/Transformers/ActionlogsTransformer.php # app/Http/Transformers/DepreciationsTransformer.php # app/Listeners/CheckoutableListener.php # app/Models/Accessory.php # app/Models/Asset.php # app/Models/Company.php # app/Models/Ldap.php # app/Models/User.php # app/Presenters/AssetPresenter.php # app/Presenters/CategoryPresenter.php # composer.json # composer.lock # config/version.php # database/factories/AssetModelFactory.php # database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php # database/seeds/AssetModelSeeder.php # package-lock.json # public/css/build/AdminLTE.css # public/css/build/app.css # public/css/build/overrides.css # public/css/dist/all.css # public/css/dist/bootstrap-table.css # public/css/dist/skins/skin-black-dark.css # public/css/dist/skins/skin-black-dark.min.css # public/css/dist/skins/skin-black.css # public/css/dist/skins/skin-black.min.css # public/css/dist/skins/skin-blue-dark.css # public/css/dist/skins/skin-blue-dark.min.css # public/css/dist/skins/skin-blue.css # public/css/dist/skins/skin-blue.min.css # public/css/dist/skins/skin-contrast.css # public/css/dist/skins/skin-contrast.min.css # public/css/dist/skins/skin-green-dark.css # public/css/dist/skins/skin-green-dark.min.css # public/css/dist/skins/skin-green.css # public/css/dist/skins/skin-green.min.css # public/css/dist/skins/skin-orange-dark.css # public/css/dist/skins/skin-orange-dark.min.css # public/css/dist/skins/skin-orange.css # public/css/dist/skins/skin-orange.min.css # public/css/dist/skins/skin-purple-dark.css # public/css/dist/skins/skin-purple-dark.min.css # public/css/dist/skins/skin-purple.css # public/css/dist/skins/skin-purple.min.css # public/css/dist/skins/skin-red-dark.css # public/css/dist/skins/skin-red-dark.min.css # public/css/dist/skins/skin-red.css # public/css/dist/skins/skin-red.min.css # public/css/dist/skins/skin-yellow-dark.css # public/css/dist/skins/skin-yellow-dark.min.css # public/css/dist/skins/skin-yellow.css # public/css/dist/skins/skin-yellow.min.css # public/js/build/app.js # public/js/build/vendor.js # public/js/dist/all.js # public/js/dist/bootstrap-table.js # public/mix-manifest.json # resources/assets/js/vue.js # resources/lang/af/validation.php # resources/lang/ar/admin/settings/general.php # resources/lang/ar/validation.php # resources/lang/bg/admin/settings/general.php # resources/lang/bg/validation.php # resources/lang/cs/admin/settings/general.php # resources/lang/cs/validation.php # resources/lang/cy/help.php # resources/lang/cy/validation.php # resources/lang/da/admin/settings/general.php # resources/lang/da/validation.php # resources/lang/de/admin/settings/general.php # resources/lang/de/validation.php # resources/lang/el/validation.php # resources/lang/en-GB/admin/settings/general.php # resources/lang/en-GB/validation.php # resources/lang/en-ID/admin/hardware/table.php # resources/lang/en-ID/admin/settings/general.php # resources/lang/en-ID/validation.php # resources/lang/es-CO/admin/settings/general.php # resources/lang/es-CO/auth/message.php # resources/lang/es-CO/button.php # resources/lang/es-CO/help.php # resources/lang/es-CO/validation.php # resources/lang/es-ES/admin/settings/general.php # resources/lang/es-ES/auth/message.php # resources/lang/es-ES/button.php # resources/lang/es-ES/help.php # resources/lang/es-ES/validation.php # resources/lang/es-MX/admin/settings/general.php # resources/lang/es-MX/validation.php # resources/lang/es-VE/admin/settings/general.php # resources/lang/es-VE/auth/message.php # resources/lang/es-VE/button.php # resources/lang/es-VE/help.php # resources/lang/es-VE/validation.php # resources/lang/et/validation.php # resources/lang/fa/validation.php # resources/lang/fi/admin/settings/general.php # resources/lang/fi/validation.php # resources/lang/fil/validation.php # resources/lang/fr/admin/settings/general.php # resources/lang/fr/validation.php # resources/lang/ga-IE/validation.php # resources/lang/he/admin/settings/general.php # resources/lang/he/general.php # resources/lang/he/validation.php # resources/lang/hr/validation.php # resources/lang/hu/validation.php # resources/lang/id/validation.php # resources/lang/is/admin/categories/general.php # resources/lang/is/admin/companies/message.php # resources/lang/is/admin/companies/table.php # resources/lang/is/admin/components/general.php # resources/lang/is/admin/components/table.php # resources/lang/is/admin/consumables/table.php # resources/lang/is/admin/depreciations/general.php # resources/lang/is/admin/depreciations/message.php # resources/lang/is/admin/hardware/form.php # resources/lang/is/admin/hardware/general.php # resources/lang/is/admin/hardware/message.php # resources/lang/is/admin/hardware/table.php # resources/lang/is/admin/kits/general.php # resources/lang/is/admin/licenses/form.php # resources/lang/is/admin/licenses/general.php # resources/lang/is/admin/locations/table.php # resources/lang/is/admin/manufacturers/table.php # resources/lang/is/admin/reports/message.php # resources/lang/is/admin/settings/general.php # resources/lang/is/admin/settings/message.php # resources/lang/is/admin/statuslabels/message.php # resources/lang/is/admin/suppliers/message.php # resources/lang/is/admin/suppliers/table.php # resources/lang/is/admin/users/table.php # resources/lang/is/mail.php # resources/lang/is/validation.php # resources/lang/it/admin/settings/general.php # resources/lang/it/validation.php # resources/lang/iu/validation.php # resources/lang/ja/mail.php # resources/lang/ja/validation.php # resources/lang/ko/validation.php # resources/lang/lt/validation.php # resources/lang/lv/validation.php # resources/lang/mi/validation.php # resources/lang/mk/validation.php # resources/lang/ml-IN/validation.php # resources/lang/mn/validation.php # resources/lang/ms/validation.php # resources/lang/nl/admin/settings/general.php # resources/lang/nl/validation.php # resources/lang/no/validation.php # resources/lang/pl/admin/settings/general.php # resources/lang/pl/validation.php # resources/lang/pt-BR/admin/settings/general.php # resources/lang/pt-BR/mail.php # resources/lang/pt-BR/validation.php # resources/lang/pt-PT/validation.php # resources/lang/ro/validation.php # resources/lang/ru/validation.php # resources/lang/sl/validation.php # resources/lang/sr-CS/admin/settings/general.php # resources/lang/sr-CS/validation.php # resources/lang/sv-SE/admin/settings/general.php # resources/lang/sv-SE/auth/message.php # resources/lang/sv-SE/button.php # resources/lang/sv-SE/mail.php # resources/lang/sv-SE/validation.php # resources/lang/ta/validation.php # resources/lang/th/validation.php # resources/lang/tl/validation.php # resources/lang/tr/mail.php # resources/lang/tr/validation.php # resources/lang/uk/admin/accessories/table.php # resources/lang/uk/admin/asset_maintenances/message.php # resources/lang/uk/admin/asset_maintenances/table.php # resources/lang/uk/validation.php # resources/lang/ur-PK/validation.php # resources/lang/vi/admin/settings/general.php # resources/lang/vi/validation.php # resources/lang/zh-CN/admin/settings/general.php # resources/lang/zh-CN/validation.php # resources/lang/zh-HK/validation.php # resources/lang/zh-TW/validation.php # resources/lang/zu/validation.php # resources/views/partials/bootstrap-table.blade.php # resources/views/partials/forms/edit/company-select.blade.php # routes/api.php
109 lines
3.7 KiB
PHP
109 lines
3.7 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Auth;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
|
|
use Illuminate\Http\Request;
|
|
|
|
class ForgotPasswordController extends Controller
|
|
{
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Password Reset Controller
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| This controller is responsible for handling password reset emails and
|
|
| includes a trait which assists in sending these notifications from
|
|
| your application to your users. Feel free to explore this trait.
|
|
|
|
|
*/
|
|
|
|
use SendsPasswordResetEmails;
|
|
|
|
/**
|
|
* Create a new controller instance.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function __construct()
|
|
{
|
|
$this->middleware('guest');
|
|
}
|
|
|
|
/**
|
|
* Get the e-mail subject line to be used for the reset link email.
|
|
* Overriding method "getEmailSubject()" from trait "use ResetsPasswords"
|
|
* @return string
|
|
*/
|
|
public function getEmailSubject()
|
|
{
|
|
return property_exists($this, 'subject') ? $this->subject : \Lang::get('mail.reset_link');
|
|
}
|
|
|
|
/**
|
|
* Send a reset link to the given user.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
*/
|
|
public function sendResetLinkEmail(Request $request)
|
|
{
|
|
|
|
/**
|
|
* Let's set a max character count here to prevent potential
|
|
* buffer overflow issues with attackers sending very large
|
|
* payloads through.
|
|
*/
|
|
$request->validate([
|
|
'username' => ['required', 'max:255'],
|
|
]);
|
|
|
|
/**
|
|
* If we find a matching email with an activated user, we will
|
|
* send the password reset link to the user.
|
|
*
|
|
* Once we have attempted to send the link, we will examine the response
|
|
* then see the message we need to show to the user. Finally, we'll send out a proper response.
|
|
*/
|
|
|
|
$response = null;
|
|
|
|
try {
|
|
$response = $this->broker()->sendResetLink(
|
|
array_merge(
|
|
$request->only('username'),
|
|
['activated' => '1'],
|
|
['ldap_import' => '0']
|
|
)
|
|
);
|
|
} catch(\Exception $e) {
|
|
\Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
|
|
}
|
|
|
|
|
|
if ($response === \Password::RESET_LINK_SENT) {
|
|
\Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');
|
|
} else {
|
|
\Log::info('Password reset attempt: User matching username '.$request->input('username').' NOT FOUND or user is inactive');
|
|
}
|
|
|
|
/**
|
|
* If an error was returned by the password broker, we will get this message
|
|
* translated so we can notify a user of the problem. We'll redirect back
|
|
* to where the users came from so they can attempt this process again.
|
|
*
|
|
* HOWEVER, we do not want to translate the message if the user isn't found
|
|
* or isn't active, since that would allow an attacker to walk through
|
|
* a dictionary attack and figure out registered user email addresses.
|
|
*
|
|
* Instead we tell the user we've sent an email even though we haven't.
|
|
* It's bad UX, but better security. The compromises we sometimes have to make.
|
|
*/
|
|
|
|
// Regardless of response, we do not want to disclose the status of a user account,
|
|
// so we give them a generic "If this exists, we're TOTALLY gonna email you" response
|
|
return redirect()->route('login')->with('success', trans('passwords.sent'));
|
|
}
|
|
}
|