use BookStack\Http\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Sleep;
class ForgotPasswordController extends Controller
{
- /**
- * Create a new controller instance.
- *
- * @return void
- */
public function __construct()
{
$this->middleware('guest');
/**
* Send a reset link to the given user.
- *
- * @param \Illuminate\Http\Request $request
- *
- * @return \Illuminate\Http\RedirectResponse
*/
public function sendResetLinkEmail(Request $request)
{
'email' => ['required', 'email'],
]);
+ // Add random pause to the response to help avoid time-base sniffing
+ // of valid resets via slower email send handling.
+ Sleep::for(random_int(1000, 3000))->milliseconds();
+
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
$this->showSuccessNotification($message);
- return back()->with('status', trans($response));
+ return redirect('/password/email')->with('status', trans($response));
}
// If an error was returned by the password broker, we will get this message
// translated so we can notify a user of the problem. We'll redirect back
// to where the users came from so they can attempt this process again.
- return back()->withErrors(
+ return redirect('/password/email')->withErrors(
['email' => trans($response)]
);
}
projects / bookstack / blobdiff