From 1f2e16c4bb23682c6e6d6a5e58011c40546a22ce Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Fri, 19 Jun 2015 11:19:49 +0930
Subject: [PATCH] Get login/forgot password working again

---
 .../Api/Actions/{Users => }/ForgotAction.php  |  2 +-
 .../RequestPasswordResetCommandHandler.php    |  9 ++++++--
 .../core/src/Forum/Actions/LoginAction.php    | 23 ++++++++++++-------
 .../src/Forum/Actions/SavePasswordAction.php  | 12 ++++++----
 framework/core/views/reset.blade.php          | 13 +----------
 5 files changed, 31 insertions(+), 28 deletions(-)
 rename framework/core/src/Api/Actions/{Users => }/ForgotAction.php (95%)

diff --git a/framework/core/src/Api/Actions/Users/ForgotAction.php b/framework/core/src/Api/Actions/ForgotAction.php
similarity index 95%
rename from framework/core/src/Api/Actions/Users/ForgotAction.php
rename to framework/core/src/Api/Actions/ForgotAction.php
index d2427a338..cf1edbdcf 100644
--- a/framework/core/src/Api/Actions/Users/ForgotAction.php
+++ b/framework/core/src/Api/Actions/ForgotAction.php
@@ -1,4 +1,4 @@
-<?php namespace Flarum\Api\Actions\Users;
+<?php namespace Flarum\Api\Actions;
 
 use Flarum\Api\Request;
 use Flarum\Api\Actions\JsonApiAction;
diff --git a/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php b/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
index b8e7e3c2b..13845c63b 100644
--- a/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
+++ b/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
@@ -6,6 +6,7 @@ use Flarum\Core\Repositories\UserRepositoryInterface;
 use Illuminate\Contracts\Mail\Mailer;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Flarum\Core;
+use Flarum\Http\UrlGeneratorInterface;
 
 class RequestPasswordResetCommandHandler
 {
@@ -21,10 +22,11 @@ class RequestPasswordResetCommandHandler
      */
     protected $mailer;
 
-    public function __construct(UserRepositoryInterface $users, Mailer $mailer)
+    public function __construct(UserRepositoryInterface $users, Mailer $mailer, UrlGeneratorInterface $url)
     {
         $this->users = $users;
         $this->mailer = $mailer;
+        $this->url = $url;
     }
 
     public function handle(RequestPasswordResetCommand $command)
@@ -38,9 +40,12 @@ class RequestPasswordResetCommandHandler
         $token = PasswordToken::generate($user->id);
         $token->save();
 
+        // TODO: Need to use UrlGenerator, but since this is part of core we
+        // don't know that the forum routes will be loaded. Should the reset
+        // password route be part of core??
         $data = [
             'username' => $user->username,
-            'url' => route('flarum.forum.resetPassword', ['token' => $token->id]),
+            'url' => Core::config('base_url').'/reset/'.$token->id,
             'forumTitle' => Core::config('forum_title')
         ];
 
diff --git a/framework/core/src/Forum/Actions/LoginAction.php b/framework/core/src/Forum/Actions/LoginAction.php
index b46f177e6..9c29ef06b 100644
--- a/framework/core/src/Forum/Actions/LoginAction.php
+++ b/framework/core/src/Forum/Actions/LoginAction.php
@@ -4,6 +4,7 @@ use Flarum\Api\Client;
 use Flarum\Forum\Events\UserLoggedIn;
 use Flarum\Core\Repositories\UserRepositoryInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
+use Zend\Diactoros\Response;
 
 class LoginAction extends BaseAction
 {
@@ -25,15 +26,21 @@ class LoginAction extends BaseAction
 
         $data = $this->apiClient->send('Flarum\Api\Actions\TokenAction', $params);
 
-        event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));
+        // TODO: The client needs to pass through exceptions(?) or the whole
+        // response so we can look at the response code. For now if there isn't
+        // any useful data we just assume it's a 401.
+        if (isset($data->userId)) {
+            event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));
 
-        // TODO: The client needs to pass through exceptions
-        $response = $this->success();
-        $response->getBody()->write(json_encode($data));
+            $response = $this->success();
+            $response->getBody()->write(json_encode($data));
 
-        return $this->withRememberCookie(
-            $response,
-            $data->token
-        );
+            return $this->withRememberCookie(
+                $response,
+                $data->token
+            );
+        } else {
+            return new Response('php://memory', 401);
+        }
     }
 }
diff --git a/framework/core/src/Forum/Actions/SavePasswordAction.php b/framework/core/src/Forum/Actions/SavePasswordAction.php
index 6c33156a8..e3a82965d 100644
--- a/framework/core/src/Forum/Actions/SavePasswordAction.php
+++ b/framework/core/src/Forum/Actions/SavePasswordAction.php
@@ -8,13 +8,15 @@ class SavePasswordAction extends BaseAction
 {
     public function handle(Request $request, $routeParams = [])
     {
-        $token = PasswordToken::findOrFail($request->getAttribute('token'));
+        $input = $request->getParsedBody();
 
-        $password = $request->getAttribute('password');
-        $confirmation = $request->getAttribute('password_confirmation');
+        $token = PasswordToken::findOrFail(array_get($input, 'token'));
+
+        $password = array_get($input, 'password');
+        $confirmation = array_get($input, 'password_confirmation');
 
         if (! $password || $password !== $confirmation) {
-            return $this->redirectTo(''); // TODO: Redirect back
+            return $this->redirectTo('/reset/'.$token->id); // TODO: Use UrlGenerator
         }
 
         $this->dispatch(
@@ -23,6 +25,6 @@ class SavePasswordAction extends BaseAction
 
         $token->delete();
 
-        return $this->redirectTo('');
+        return $this->redirectTo('/');
     }
 }
diff --git a/framework/core/views/reset.blade.php b/framework/core/views/reset.blade.php
index c8bfdc72c..68db7b097 100644
--- a/framework/core/views/reset.blade.php
+++ b/framework/core/views/reset.blade.php
@@ -11,18 +11,7 @@
   <body>
     <h1>Reset Your Password</h1>
 
-    @if (count($errors) > 0)
-      <div class="alert alert-danger">
-        <strong>Whoops!</strong> There were some problems with your input.<br><br>
-        <ul>
-          @foreach ($errors->all() as $error)
-            <li>{{ $error }}</li>
-          @endforeach
-        </ul>
-      </div>
-    @endif
-
-    <form class="form-horizontal" role="form" method="POST" action="{{ route('flarum.forum.savePassword') }}">
+    <form class="form-horizontal" role="form" method="POST" action="{{ app('Flarum\Http\UrlGeneratorInterface')->toRoute('flarum.forum.savePassword') }}">
       <input type="hidden" name="token" value="{{ $token }}">
 
       <div class="form-group">