X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/85db812feaae5f36ea6214931cec4adb67a9cb39..ac519b3009e353448fc0541d21c08422d77dc57d:/app/Http/Controllers/Auth/ResetPasswordController.php diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php index 59e9ab79b..a9914928e 100644 --- a/app/Http/Controllers/Auth/ResetPasswordController.php +++ b/app/Http/Controllers/Auth/ResetPasswordController.php @@ -3,63 +3,87 @@ namespace BookStack\Http\Controllers\Auth; use BookStack\Actions\ActivityType; +use BookStack\Auth\Access\LoginService; +use BookStack\Auth\User; use BookStack\Http\Controllers\Controller; -use Illuminate\Foundation\Auth\ResetsPasswords; +use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Password; +use Illuminate\Support\Str; +use Illuminate\Validation\Rules\Password as PasswordRule; class ResetPasswordController extends Controller { - /* - |-------------------------------------------------------------------------- - | Password Reset Controller - |-------------------------------------------------------------------------- - | - | This controller is responsible for handling password reset requests - | and uses a simple trait to include this behavior. You're free to - | explore this trait and override any methods you wish to tweak. - | - */ + protected LoginService $loginService; - use ResetsPasswords; + public function __construct(LoginService $loginService) + { + $this->middleware('guest'); + $this->middleware('guard:standard'); - protected $redirectTo = '/'; + $this->loginService = $loginService; + } /** - * Create a new controller instance. - * - * @return void + * Display the password reset view for the given token. + * If no token is present, display the link request form. */ - public function __construct() + public function showResetForm(Request $request) { - $this->middleware('guest'); - $this->middleware('guard:standard'); + $token = $request->route()->parameter('token'); + + return view('auth.passwords.reset')->with( + ['token' => $token, 'email' => $request->email] + ); + } + + /** + * Reset the given user's password. + */ + public function reset(Request $request) + { + $request->validate([ + 'token' => 'required', + 'email' => 'required|email', + 'password' => ['required', 'confirmed', PasswordRule::defaults()], + ]); + + // Here we will attempt to reset the user's password. If it is successful we + // will update the password on an actual user model and persist it to the + // database. Otherwise we will parse the error and return the response. + $credentials = $request->only('email', 'password', 'password_confirmation', 'token'); + $response = Password::broker()->reset($credentials, function (User $user, string $password) { + $user->password = Hash::make($password); + $user->setRememberToken(Str::random(60)); + $user->save(); + + $this->loginService->login($user, auth()->getDefaultDriver()); + }); + + // If the password was successfully reset, we will redirect the user back to + // the application's home authenticated view. If there is an error we can + // redirect them back to where they came from with their error message. + return $response === Password::PASSWORD_RESET + ? $this->sendResetResponse() + : $this->sendResetFailedResponse($request, $response); } /** * Get the response for a successful password reset. - * - * @param Request $request - * @param string $response - * @return \Illuminate\Http\Response */ - protected function sendResetResponse(Request $request, $response) + protected function sendResetResponse(): RedirectResponse { - $message = trans('auth.reset_password_success'); - $this->showSuccessNotification($message); + $this->showSuccessNotification(trans('auth.reset_password_success')); $this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user()); - return redirect($this->redirectPath()) - ->with('status', trans($response)); + + return redirect('/'); } /** * Get the response for a failed password reset. - * - * @param \Illuminate\Http\Request $request - * @param string $response - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse */ - protected function sendResetFailedResponse(Request $request, $response) + protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse { // We show invalid users as invalid tokens as to not leak what // users may exist in the system.