Differential D3301 Diff 9493 src/app/Http/Controllers/API/PasswordResetController.php

Changeset View

Standalone View

src/app/Http/Controllers/API/PasswordResetController.php

Show First 20 Lines • Show All 77 Lines • ▼ Show 20 Lines	public function verify(Request $request)
]		]
);		);

if ($v->fails()) {		if ($v->fails()) {
return response()->json(['status' => 'error', 'errors' => $v->errors()], 422);		return response()->json(['status' => 'error', 'errors' => $v->errors()], 422);
}		}

// Validate the verification code		// Validate the verification code
$code = VerificationCode::find($request->code);		$code = VerificationCode::where('code', $request->code)->where('active', true)->first();

if (		if (
empty($code)		empty($code)
\|\| $code->isExpired()		\|\| $code->isExpired()
\|\| $code->mode !== 'password-reset'		\|\| $code->mode !== 'password-reset'
\|\| Str::upper($request->short_code) !== Str::upper($code->short_code)		\|\| Str::upper($request->short_code) !== Str::upper($code->short_code)
) {		) {
$errors = ['short_code' => "The code is invalid or expired."];		$errors = ['short_code' => "The code is invalid or expired."];
Show All 40 Lines	public function reset(Request $request)
$user->setPasswordAttribute($request->password);		$user->setPasswordAttribute($request->password);
$user->save();		$user->save();

// Remove the verification code		// Remove the verification code
$this->code->delete();		$this->code->delete();

return AuthController::logonResponse($user, $request->password);		return AuthController::logonResponse($user, $request->password);
}		}

		/**
		* Create a verification code for the current user.
		*
		* @param \Illuminate\Http\Request $request HTTP request
		*
		* @return \Illuminate\Http\JsonResponse JSON response
		*/
		public function codeCreate(Request $request)
		{
		// Generate the verification code
		$code = new VerificationCode();
		$code->mode = 'password-reset';

		// These codes are valid for 24 hours
		$code->expires_at = now()->addHours(24);
		vanmeeuwenUnsubmitted Not Done Inline Actions password reset codes should be valid for a far shorter period, perhaps as long as 24 hours but no more. vanmeeuwen: password reset codes should be valid for a far shorter period, perhaps as long as 24 hours but…

		// The code is inactive until it is submitted via a different endpoint
		$code->active = false;

		$this->guard()->user()->verificationcodes()->save($code);

		return response()->json([
		'status' => 'success',
		'code' => $code->code,
		'short_code' => $code->short_code,
		'expires_at' => $code->expires_at->toDateTimeString(),
		]);
		}

		/**
		* Delete a verification code.
		*
		* @param string $id Code identifier
		*
		* @return \Illuminate\Http\JsonResponse The response
		*/
		public function codeDelete($id)
		{
		// Accept <short-code>-<code> input
		if (strpos($id, '-')) {
		$id = explode('-', $id)[1];
		}

		$code = VerificationCode::find($id);

		if (!$code) {
		return $this->errorResponse(404);
		}

		$current_user = $this->guard()->user();

		if (empty($code->user) \|\| !$current_user->canUpdate($code->user)) {
		return $this->errorResponse(403);
		}

		$code->delete();

		return response()->json([
		'status' => 'success',
		'message' => \trans('app.password-reset-code-delete-success'),
		]);
		}
}		}