Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/PasswordResetController.php
Show First 20 Lines • Show All 77 Lines • ▼ Show 20 Lines | public function verify(Request $request) | ||||
] | ] | ||||
); | ); | ||||
if ($v->fails()) { | if ($v->fails()) { | ||||
return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); | return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); | ||||
} | } | ||||
// Validate the verification code | // Validate the verification code | ||||
$code = VerificationCode::find($request->code); | $code = VerificationCode::where('code', $request->code)->where('active', true)->first(); | ||||
if ( | if ( | ||||
empty($code) | empty($code) | ||||
|| $code->isExpired() | || $code->isExpired() | ||||
|| $code->mode !== 'password-reset' | || $code->mode !== 'password-reset' | ||||
|| Str::upper($request->short_code) !== Str::upper($code->short_code) | || Str::upper($request->short_code) !== Str::upper($code->short_code) | ||||
) { | ) { | ||||
$errors = ['short_code' => "The code is invalid or expired."]; | $errors = ['short_code' => "The code is invalid or expired."]; | ||||
Show All 40 Lines | public function reset(Request $request) | ||||
$user->setPasswordAttribute($request->password); | $user->setPasswordAttribute($request->password); | ||||
$user->save(); | $user->save(); | ||||
// Remove the verification code | // Remove the verification code | ||||
$this->code->delete(); | $this->code->delete(); | ||||
return AuthController::logonResponse($user, $request->password); | return AuthController::logonResponse($user, $request->password); | ||||
} | } | ||||
/** | |||||
* Create a verification code for the current user. | |||||
* | |||||
* @param \Illuminate\Http\Request $request HTTP request | |||||
* | |||||
* @return \Illuminate\Http\JsonResponse JSON response | |||||
*/ | |||||
public function codeCreate(Request $request) | |||||
{ | |||||
// Generate the verification code | |||||
$code = new VerificationCode(); | |||||
$code->mode = 'password-reset'; | |||||
// These codes are valid for 24 hours | |||||
$code->expires_at = now()->addHours(24); | |||||
vanmeeuwen: password reset codes should be valid for a far shorter period, perhaps as long as 24 hours but… | |||||
// The code is inactive until it is submitted via a different endpoint | |||||
$code->active = false; | |||||
$this->guard()->user()->verificationcodes()->save($code); | |||||
return response()->json([ | |||||
'status' => 'success', | |||||
'code' => $code->code, | |||||
'short_code' => $code->short_code, | |||||
'expires_at' => $code->expires_at->toDateTimeString(), | |||||
]); | |||||
} | |||||
/** | |||||
* Delete a verification code. | |||||
* | |||||
* @param string $id Code identifier | |||||
* | |||||
* @return \Illuminate\Http\JsonResponse The response | |||||
*/ | |||||
public function codeDelete($id) | |||||
{ | |||||
// Accept <short-code>-<code> input | |||||
if (strpos($id, '-')) { | |||||
$id = explode('-', $id)[1]; | |||||
} | |||||
$code = VerificationCode::find($id); | |||||
if (!$code) { | |||||
return $this->errorResponse(404); | |||||
} | |||||
$current_user = $this->guard()->user(); | |||||
if (empty($code->user) || !$current_user->canUpdate($code->user)) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
$code->delete(); | |||||
return response()->json([ | |||||
'status' => 'success', | |||||
'message' => \trans('app.password-reset-code-delete-success'), | |||||
]); | |||||
} | |||||
} | } |
password reset codes should be valid for a far shorter period, perhaps as long as 24 hours but no more.