2015-07-12 21:01:42 +02:00
|
|
|
<?php
|
|
|
|
|
2023-05-17 18:56:55 +02:00
|
|
|
namespace BookStack\Access\Controllers;
|
2015-07-12 21:01:42 +02:00
|
|
|
|
2023-05-17 18:56:55 +02:00
|
|
|
use BookStack\Access\LoginService;
|
|
|
|
use BookStack\Activity\ActivityType;
|
2015-09-10 20:31:09 +02:00
|
|
|
use BookStack\Http\Controllers\Controller;
|
2023-05-17 18:56:55 +02:00
|
|
|
use BookStack\Users\Models\User;
|
2022-09-22 17:54:27 +02:00
|
|
|
use Illuminate\Http\RedirectResponse;
|
2019-09-07 00:36:16 +02:00
|
|
|
use Illuminate\Http\Request;
|
2022-09-22 17:54:27 +02:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2020-04-10 14:38:08 +02:00
|
|
|
use Illuminate\Support\Facades\Password;
|
2022-09-22 17:54:27 +02:00
|
|
|
use Illuminate\Support\Str;
|
|
|
|
use Illuminate\Validation\Rules\Password as PasswordRule;
|
2015-07-12 21:01:42 +02:00
|
|
|
|
2016-09-17 19:22:04 +02:00
|
|
|
class ResetPasswordController extends Controller
|
2015-07-12 21:01:42 +02:00
|
|
|
{
|
2022-09-22 17:54:27 +02:00
|
|
|
protected LoginService $loginService;
|
2015-07-12 21:01:42 +02:00
|
|
|
|
2022-09-22 17:54:27 +02:00
|
|
|
public function __construct(LoginService $loginService)
|
|
|
|
{
|
|
|
|
$this->middleware('guest');
|
|
|
|
$this->middleware('guard:standard');
|
|
|
|
|
|
|
|
$this->loginService = $loginService;
|
|
|
|
}
|
2016-11-12 12:40:54 +01:00
|
|
|
|
2015-07-12 21:01:42 +02:00
|
|
|
/**
|
2022-09-22 17:54:27 +02:00
|
|
|
* Display the password reset view for the given token.
|
|
|
|
* If no token is present, display the link request form.
|
2015-07-12 21:01:42 +02:00
|
|
|
*/
|
2022-09-22 17:54:27 +02:00
|
|
|
public function showResetForm(Request $request)
|
2015-07-12 21:01:42 +02:00
|
|
|
{
|
2022-09-22 17:54:27 +02:00
|
|
|
$token = $request->route()->parameter('token');
|
|
|
|
|
|
|
|
return view('auth.passwords.reset')->with(
|
|
|
|
['token' => $token, 'email' => $request->email]
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Reset the given user's password.
|
|
|
|
*/
|
|
|
|
public function reset(Request $request)
|
|
|
|
{
|
|
|
|
$request->validate([
|
|
|
|
'token' => 'required',
|
|
|
|
'email' => 'required|email',
|
|
|
|
'password' => ['required', 'confirmed', PasswordRule::defaults()],
|
|
|
|
]);
|
|
|
|
|
|
|
|
// Here we will attempt to reset the user's password. If it is successful we
|
|
|
|
// will update the password on an actual user model and persist it to the
|
|
|
|
// database. Otherwise we will parse the error and return the response.
|
|
|
|
$credentials = $request->only('email', 'password', 'password_confirmation', 'token');
|
|
|
|
$response = Password::broker()->reset($credentials, function (User $user, string $password) {
|
|
|
|
$user->password = Hash::make($password);
|
|
|
|
$user->setRememberToken(Str::random(60));
|
|
|
|
$user->save();
|
|
|
|
|
|
|
|
$this->loginService->login($user, auth()->getDefaultDriver());
|
|
|
|
});
|
|
|
|
|
|
|
|
// If the password was successfully reset, we will redirect the user back to
|
|
|
|
// the application's home authenticated view. If there is an error we can
|
|
|
|
// redirect them back to where they came from with their error message.
|
|
|
|
return $response === Password::PASSWORD_RESET
|
|
|
|
? $this->sendResetResponse()
|
|
|
|
: $this->sendResetFailedResponse($request, $response);
|
2015-07-12 21:01:42 +02:00
|
|
|
}
|
2016-11-12 12:40:54 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the response for a successful password reset.
|
|
|
|
*/
|
2022-09-22 17:54:27 +02:00
|
|
|
protected function sendResetResponse(): RedirectResponse
|
2016-11-12 12:40:54 +01:00
|
|
|
{
|
2022-09-22 17:54:27 +02:00
|
|
|
$this->showSuccessNotification(trans('auth.reset_password_success'));
|
2020-11-20 20:33:11 +01:00
|
|
|
$this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user());
|
2021-06-26 17:23:15 +02:00
|
|
|
|
2022-09-22 17:54:27 +02:00
|
|
|
return redirect('/');
|
2016-11-12 12:40:54 +01:00
|
|
|
}
|
2020-04-10 14:38:08 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the response for a failed password reset.
|
|
|
|
*/
|
2022-09-22 17:54:27 +02:00
|
|
|
protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse
|
2020-04-10 14:38:08 +02:00
|
|
|
{
|
|
|
|
// We show invalid users as invalid tokens as to not leak what
|
|
|
|
// users may exist in the system.
|
|
|
|
if ($response === Password::INVALID_USER) {
|
|
|
|
$response = Password::INVALID_TOKEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
return redirect()->back()
|
|
|
|
->withInput($request->only('email'))
|
|
|
|
->withErrors(['email' => trans($response)]);
|
|
|
|
}
|
2018-01-28 17:58:52 +01:00
|
|
|
}
|