Page MenuHomePhorge
Differential D3409 Diff 10078 src/app/Http/Controllers/API/PasswordResetController.php

Changeset View

Standalone View

View Options

src/app/Http/Controllers/API/PasswordResetController.php

Show All 10 Lines
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str; use Illuminate\Support\Str;
/** /**
* Password reset API * Password reset API
*/ */
class PasswordResetController extends Controller class PasswordResetController extends Controller
{ {
/** @var \App\VerificationCode A verification code object */
protected $code;
/** /**
* Sends password reset code to the user's external email * Sends password reset code to the user's external email
* *
* Verifies user email, sends verification email message. * Verifies user email, sends verification email message.
* *
* @param \Illuminate\Http\Request $request HTTP request * @param \Illuminate\Http\Request $request HTTP request
* *
* @return \Illuminate\Http\JsonResponse JSON response * @return \Illuminate\Http\JsonResponse JSON response
▲ Show 20 LinesShow All 62 Lines▼ Show 20 Lines public function verify(Request $request)
|| Str::upper($request->short_code) !== Str::upper($code->short_code) || Str::upper($request->short_code) !== Str::upper($code->short_code)
) { ) {
$errors = ['short_code' => "The code is invalid or expired."]; $errors = ['short_code' => "The code is invalid or expired."];
return response()->json(['status' => 'error', 'errors' => $errors], 422); return response()->json(['status' => 'error', 'errors' => $errors], 422);
} }
// For last-step remember the code object, so we can delete it // For last-step remember the code object, so we can delete it
// with single SQL query (->delete()) instead of two (::destroy()) // with single SQL query (->delete()) instead of two (::destroy())
$this->code = $code; $request->code = $code;
return response()->json([ return response()->json([
'status' => 'success', 'status' => 'success',
// we need user's ID for e.g. password policy checks // we need user's ID for e.g. password policy checks
'userId' => $code->user_id, 'userId' => $code->user_id,
]); ]);
} }
/** /**
* Password change * Password change
* *
* @param \Illuminate\Http\Request $request HTTP request * @param \Illuminate\Http\Request $request HTTP request
* *
* @return \Illuminate\Http\JsonResponse JSON response * @return \Illuminate\Http\JsonResponse JSON response
*/ */
public function reset(Request $request) public function reset(Request $request)
{ {
$v = $this->verify($request); $v = $this->verify($request);
if ($v->status() !== 200) { if ($v->status() !== 200) {
return $v; return $v;
} }
$user = $this->code->user; $user = $request->code->user;
// Validate the password // Validate the password
$v = Validator::make( $v = Validator::make(
$request->all(), $request->all(),
['password' => ['required', 'confirmed', new Password($user->walletOwner())]] ['password' => ['required', 'confirmed', new Password($user->walletOwner())]]
); );
if ($v->fails()) { if ($v->fails()) {
return response()->json(['status' => 'error', 'errors' => $v->errors()], 422); return response()->json(['status' => 'error', 'errors' => $v->errors()], 422);
} }
// Change the user password // Change the user password
$user->setPasswordAttribute($request->password); $user->setPasswordAttribute($request->password);
$user->save(); $user->save();
// Remove the verification code // Remove the verification code
$this->code->delete(); $request->code->delete();
return AuthController::logonResponse($user, $request->password); return AuthController::logonResponse($user, $request->password);
} }
/** /**
* Create a verification code for the current user. * Create a verification code for the current user.
* *
* @param \Illuminate\Http\Request $request HTTP request * @param \Illuminate\Http\Request $request HTTP request
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines