bookstack/app/Http/Controllers/Auth/ResetPasswordController.php

<?php

namespace BookStack\Http\Controllers\Auth;

use BookStack\Actions\ActivityType;
use BookStack\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;

class ResetPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset requests
    | and uses a simple trait to include this behavior. You're free to
    | explore this trait and override any methods you wish to tweak.
    |
    */

    use ResetsPasswords;

    protected $redirectTo = '/';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
        $this->middleware('guard:standard');
    }

    /**
     * Get the response for a successful password reset.
     *
     * @param Request $request
     * @param string  $response
     *
     * @return \Illuminate\Http\Response
     */
    protected function sendResetResponse(Request $request, $response)
    {
        $message = trans('auth.reset_password_success');
        $this->showSuccessNotification($message);
        $this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user());

        return redirect($this->redirectPath())
            ->with('status', trans($response));
    }

    /**
     * Get the response for a failed password reset.
     *
     * @param \Illuminate\Http\Request $request
     * @param string                   $response
     *
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
     */
    protected function sendResetFailedResponse(Request $request, $response)
    {
        // We show invalid users as invalid tokens as to not leak what
        // users may exist in the system.
        if ($response === Password::INVALID_USER) {
            $response = Password::INVALID_TOKEN;
        }

        return redirect()->back()
            ->withInput($request->only('email'))
            ->withErrors(['email' => trans($response)]);
    }
}
Initial commit 2015-07-13 03:01:42 +08:00			`<?php`

Change application namespace to BookStack 2015-09-11 02:31:09 +08:00			`namespace BookStack\Http\Controllers\Auth;`
Initial commit 2015-07-13 03:01:42 +08:00
Implemented remainder of activity types Also fixed audit log to work for non-entity items. 2020-11-21 03:33:11 +08:00			`use BookStack\Actions\ActivityType;`
Change application namespace to BookStack 2015-09-11 02:31:09 +08:00			`use BookStack\Http\Controllers\Controller;`
Initial commit 2015-07-13 03:01:42 +08:00			`use Illuminate\Foundation\Auth\ResetsPasswords;`
Upgraded app to Laravel 5.7 2019-09-07 06:36:16 +08:00			`use Illuminate\Http\Request;`
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016 2020-04-10 20:38:08 +08:00			`use Illuminate\Support\Facades\Password;`
Initial commit 2015-07-13 03:01:42 +08:00
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`class ResetPasswordController extends Controller`
Initial commit 2015-07-13 03:01:42 +08:00			`{`
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Password Reset Controller`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This controller is responsible for handling password reset requests`
			`\| and uses a simple trait to include this behavior. You're free to`
			`\| explore this trait and override any methods you wish to tweak.`
			`\|`
			`*/`

			`use ResetsPasswords;`

Merge fixes from branch 'v0.12' 2016-11-12 19:40:54 +08:00			`protected $redirectTo = '/';`

Initial commit 2015-07-13 03:01:42 +08:00			`/**`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`* Create a new controller instance.`
			`*`
			`* @return void`
Initial commit 2015-07-13 03:01:42 +08:00			`*/`
			`public function __construct()`
			`{`
			`$this->middleware('guest');`
Simplified guard names and rolled out guard route checks - Included tests to cover for LDAP and SAML - Updated wording for external auth id option. - Updated 'assertPermissionError' test case to be usable in BrowserKitTests 2020-02-02 21:10:21 +08:00			`$this->middleware('guard:standard');`
Initial commit 2015-07-13 03:01:42 +08:00			`}`
Merge fixes from branch 'v0.12' 2016-11-12 19:40:54 +08:00
			`/**`
			`* Get the response for a successful password reset.`
			`*`
Upgraded app to Laravel 5.7 2019-09-07 06:36:16 +08:00			`* @param Request $request`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`* @param string $response`
			`*`
Merge fixes from branch 'v0.12' 2016-11-12 19:40:54 +08:00			`* @return \Illuminate\Http\Response`
			`*/`
Upgraded app to Laravel 5.7 2019-09-07 06:36:16 +08:00			`protected function sendResetResponse(Request $request, $response)`
Merge fixes from branch 'v0.12' 2016-11-12 19:40:54 +08:00			`{`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`$message = trans('auth.reset_password_success');`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 19:55:01 +08:00			`$this->showSuccessNotification($message);`
Implemented remainder of activity types Also fixed audit log to work for non-entity items. 2020-11-21 03:33:11 +08:00			`$this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user());`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Merge fixes from branch 'v0.12' 2016-11-12 19:40:54 +08:00			`return redirect($this->redirectPath())`
			`->with('status', trans($response));`
			`}`
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016 2020-04-10 20:38:08 +08:00
			`/**`
			`* Get the response for a failed password reset.`
			`*`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`* @param \Illuminate\Http\Request $request`
			`* @param string $response`
			`*`
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016 2020-04-10 20:38:08 +08:00			`* @return \Illuminate\Http\RedirectResponse\|\Illuminate\Http\JsonResponse`
			`*/`
			`protected function sendResetFailedResponse(Request $request, $response)`
			`{`
			`// We show invalid users as invalid tokens as to not leak what`
			`// users may exist in the system.`
			`if ($response === Password::INVALID_USER) {`
			`$response = Password::INVALID_TOKEN;`
			`}`

			`return redirect()->back()`
			`->withInput($request->only('email'))`
			`->withErrors(['email' => trans($response)]);`
			`}`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-29 00:58:52 +08:00			`}`