-
-
Notifications
You must be signed in to change notification settings - Fork 829
/
SavePasswordController.php
77 lines (61 loc) · 2.52 KB
/
SavePasswordController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Forum\Controller;
use Flarum\Foundation\DispatchEventsTrait;
use Flarum\Http\SessionAccessToken;
use Flarum\Http\SessionAuthenticator;
use Flarum\Http\UrlGenerator;
use Flarum\User\PasswordToken;
use Flarum\User\UserValidator;
use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Contracts\Validation\Factory;
use Illuminate\Support\Arr;
use Illuminate\Support\MessageBag;
use Illuminate\Validation\ValidationException;
use Laminas\Diactoros\Response\RedirectResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
class SavePasswordController implements RequestHandlerInterface
{
use DispatchEventsTrait;
public function __construct(
protected UrlGenerator $url,
protected SessionAuthenticator $authenticator,
protected UserValidator $validator,
protected Factory $validatorFactory,
protected Dispatcher $events
) {
}
public function handle(Request $request): ResponseInterface
{
$input = $request->getParsedBody();
$token = PasswordToken::findOrFail(Arr::get($input, 'passwordToken'));
$password = Arr::get($input, 'password');
try {
// todo: probably shouldn't use the user validator for this,
// passwords should be validated separately
$this->validator->assertValid(compact('password'));
$validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
if ($validator->fails()) {
throw new ValidationException($validator);
}
} catch (ValidationException $e) {
$request->getAttribute('session')->put('errors', new MessageBag($e->errors()));
// @todo: must return a 422 instead, look into renderable exceptions.
return new RedirectResponse($this->url->to('forum')->route('resetPassword', ['token' => $token->token]));
}
$token->user->changePassword($password);
$token->user->save();
$this->dispatchEventsFor($token->user);
$session = $request->getAttribute('session');
$accessToken = SessionAccessToken::generate($token->user->id);
$this->authenticator->logIn($session, $accessToken);
return new RedirectResponse($this->url->to('forum')->base());
}
}