2015-07-13 03:01:42 +08:00
|
|
|
<?php
|
|
|
|
|
2023-05-18 00:56:55 +08:00
|
|
|
namespace BookStack\Access\Controllers;
|
2015-07-13 03:01:42 +08:00
|
|
|
|
2023-05-18 00:56:55 +08:00
|
|
|
use BookStack\Activity\ActivityType;
|
2023-05-19 03:53:39 +08:00
|
|
|
use BookStack\Http\Controller;
|
2016-11-12 19:40:54 +08:00
|
|
|
use Illuminate\Http\Request;
|
2020-04-10 20:38:08 +08:00
|
|
|
use Illuminate\Support\Facades\Password;
|
2024-05-20 21:00:58 +08:00
|
|
|
use Illuminate\Support\Sleep;
|
2015-07-13 03:01:42 +08:00
|
|
|
|
2016-09-18 01:22:04 +08:00
|
|
|
class ForgotPasswordController extends Controller
|
2015-07-13 03:01:42 +08:00
|
|
|
{
|
|
|
|
public function __construct()
|
|
|
|
{
|
|
|
|
$this->middleware('guest');
|
2020-02-02 21:10:21 +08:00
|
|
|
$this->middleware('guard:standard');
|
2015-07-13 03:01:42 +08:00
|
|
|
}
|
2016-11-12 19:40:54 +08:00
|
|
|
|
2022-09-22 23:54:27 +08:00
|
|
|
/**
|
|
|
|
* Display the form to request a password reset link.
|
|
|
|
*/
|
|
|
|
public function showLinkRequestForm()
|
|
|
|
{
|
|
|
|
return view('auth.passwords.email');
|
|
|
|
}
|
|
|
|
|
2016-11-12 19:40:54 +08:00
|
|
|
/**
|
|
|
|
* Send a reset link to the given user.
|
|
|
|
*/
|
|
|
|
public function sendResetLinkEmail(Request $request)
|
|
|
|
{
|
2021-11-05 08:26:55 +08:00
|
|
|
$this->validate($request, [
|
2021-11-05 08:28:41 +08:00
|
|
|
'email' => ['required', 'email'],
|
2021-11-05 08:26:55 +08:00
|
|
|
]);
|
2016-11-12 19:40:54 +08:00
|
|
|
|
2024-05-20 21:00:58 +08:00
|
|
|
// Add random pause to the response to help avoid time-base sniffing
|
|
|
|
// of valid resets via slower email send handling.
|
|
|
|
Sleep::for(random_int(1000, 3000))->milliseconds();
|
|
|
|
|
2016-11-12 19:40:54 +08:00
|
|
|
// We will send the password reset link to this user. Once we have attempted
|
|
|
|
// to send the link, we will examine the response then see the message we
|
|
|
|
// need to show to the user. Finally, we'll send out a proper response.
|
2022-09-22 23:54:27 +08:00
|
|
|
$response = Password::broker()->sendResetLink(
|
2016-11-12 19:40:54 +08:00
|
|
|
$request->only('email')
|
|
|
|
);
|
|
|
|
|
2020-11-21 03:33:11 +08:00
|
|
|
if ($response === Password::RESET_LINK_SENT) {
|
|
|
|
$this->logActivity(ActivityType::AUTH_PASSWORD_RESET, $request->get('email'));
|
|
|
|
}
|
|
|
|
|
2021-10-09 06:19:37 +08:00
|
|
|
if (in_array($response, [Password::RESET_LINK_SENT, Password::INVALID_USER, Password::RESET_THROTTLED])) {
|
2020-04-10 20:38:08 +08:00
|
|
|
$message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
|
2019-10-05 19:55:01 +08:00
|
|
|
$this->showSuccessNotification($message);
|
2021-06-26 23:23:15 +08:00
|
|
|
|
2023-12-10 20:37:21 +08:00
|
|
|
return redirect('/password/email')->with('status', trans($response));
|
2016-11-12 19:40:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// If an error was returned by the password broker, we will get this message
|
|
|
|
// translated so we can notify a user of the problem. We'll redirect back
|
|
|
|
// to where the users came from so they can attempt this process again.
|
2023-12-10 20:37:21 +08:00
|
|
|
return redirect('/password/email')->withErrors(
|
2016-11-12 19:40:54 +08:00
|
|
|
['email' => trans($response)]
|
|
|
|
);
|
|
|
|
}
|
2018-01-29 00:58:52 +08:00
|
|
|
}
|