Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/PasswordResetController.php
<?php | <?php | ||||
namespace App\Http\Controllers\API; | namespace App\Http\Controllers\API; | ||||
use App\Http\Controllers\Controller; | use App\Http\Controllers\Controller; | ||||
use App\Jobs\PasswordResetEmail; | use App\Jobs\PasswordResetEmail; | ||||
use App\Rules\Password; | |||||
use App\User; | use App\User; | ||||
use App\VerificationCode; | use App\VerificationCode; | ||||
use Illuminate\Http\Request; | use Illuminate\Http\Request; | ||||
use Illuminate\Support\Facades\Validator; | use Illuminate\Support\Facades\Validator; | ||||
use Illuminate\Support\Str; | use Illuminate\Support\Str; | ||||
/** | /** | ||||
* Password reset API | * Password reset API | ||||
▲ Show 20 Lines • Show All 79 Lines • ▼ Show 20 Lines | public function verify(Request $request) | ||||
$errors = ['short_code' => "The code is invalid or expired."]; | $errors = ['short_code' => "The code is invalid or expired."]; | ||||
return response()->json(['status' => 'error', 'errors' => $errors], 422); | return response()->json(['status' => 'error', 'errors' => $errors], 422); | ||||
} | } | ||||
// For last-step remember the code object, so we can delete it | // For last-step remember the code object, so we can delete it | ||||
// with single SQL query (->delete()) instead of two (::destroy()) | // with single SQL query (->delete()) instead of two (::destroy()) | ||||
$this->code = $code; | $this->code = $code; | ||||
// Return user name and email/phone from the codes database on success | return response()->json([ | ||||
return response()->json(['status' => 'success']); | 'status' => 'success', | ||||
// we need user's ID for e.g. password policy checks | |||||
'userId' => $code->user_id, | |||||
]); | |||||
} | } | ||||
/** | /** | ||||
* Password change | * Password change | ||||
* | * | ||||
* @param \Illuminate\Http\Request $request HTTP request | * @param \Illuminate\Http\Request $request HTTP request | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse JSON response | * @return \Illuminate\Http\JsonResponse JSON response | ||||
*/ | */ | ||||
public function reset(Request $request) | public function reset(Request $request) | ||||
{ | { | ||||
// Validate the request args | $v = $this->verify($request); | ||||
if ($v->status() !== 200) { | |||||
return $v; | |||||
} | |||||
$user = $this->code->user; | |||||
// Validate the password | |||||
$v = Validator::make( | $v = Validator::make( | ||||
$request->all(), | $request->all(), | ||||
[ | ['password' => ['required', 'confirmed', new Password($user->walletOwner())]] | ||||
'password' => 'required|min:4|confirmed', | |||||
] | |||||
); | ); | ||||
if ($v->fails()) { | if ($v->fails()) { | ||||
return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); | return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); | ||||
} | } | ||||
$v = $this->verify($request); | |||||
if ($v->status() !== 200) { | |||||
return $v; | |||||
} | |||||
$user = $this->code->user; | |||||
// Change the user password | // Change the user password | ||||
$user->setPasswordAttribute($request->password); | $user->setPasswordAttribute($request->password); | ||||
$user->save(); | $user->save(); | ||||
// Remove the verification code | // Remove the verification code | ||||
$this->code->delete(); | $this->code->delete(); | ||||
return AuthController::logonResponse($user, $request->password); | return AuthController::logonResponse($user, $request->password); | ||||
▲ Show 20 Lines • Show All 65 Lines • Show Last 20 Lines |