diff --git a/framework/core/src/Forum/Controller/ResetPasswordController.php b/framework/core/src/Forum/Controller/ResetPasswordController.php
index 182f4a2fe..c27c44012 100644
--- a/framework/core/src/Forum/Controller/ResetPasswordController.php
+++ b/framework/core/src/Forum/Controller/ResetPasswordController.php
@@ -57,6 +57,7 @@ class ResetPasswordController extends AbstractHtmlController
return $this->view->make('flarum::reset')
->with('translator', $this->translator)
->with('passwordToken', $token->id)
- ->with('csrfToken', $request->getAttribute('session')->get('csrf_token'));
+ ->with('csrfToken', $request->getAttribute('session')->get('csrf_token'))
+ ->with('error', $request->getAttribute('session')->get('error'));
}
}
diff --git a/framework/core/src/Forum/Controller/SavePasswordController.php b/framework/core/src/Forum/Controller/SavePasswordController.php
index fbd3dedbd..91b756adb 100644
--- a/framework/core/src/Forum/Controller/SavePasswordController.php
+++ b/framework/core/src/Forum/Controller/SavePasswordController.php
@@ -15,6 +15,8 @@ use Flarum\Core\Validator\UserValidator;
use Flarum\Forum\UrlGenerator;
use Flarum\Http\Controller\ControllerInterface;
use Flarum\Http\SessionAuthenticator;
+use Illuminate\Contracts\Validation\Factory;
+use Illuminate\Contracts\Validation\ValidationException;
use Psr\Http\Message\ServerRequestInterface as Request;
use Zend\Diactoros\Response\RedirectResponse;
@@ -35,15 +37,23 @@ class SavePasswordController implements ControllerInterface
*/
protected $authenticator;
+ /**
+ * @var Factory
+ */
+ protected $validatorFactory;
+
/**
* @param UrlGenerator $url
* @param SessionAuthenticator $authenticator
+ * @param UserValidator $validator
+ * @param Factory $validatorFactory
*/
- public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator)
+ public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator, Factory $validatorFactory)
{
$this->url = $url;
$this->authenticator = $authenticator;
$this->validator = $validator;
+ $this->validatorFactory = $validatorFactory;
}
/**
@@ -57,11 +67,19 @@ class SavePasswordController implements ControllerInterface
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
$password = array_get($input, 'password');
- $confirmation = array_get($input, 'password_confirmation');
- $this->validator->assertValid(compact('password'));
+ try {
+ // todo: probably shouldn't use the user validator for this,
+ // passwords should be validated separately
+ $this->validator->assertValid(compact('password'));
+
+ $validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
+ if ($validator->fails()) {
+ throw new ValidationException($validator);
+ }
+ } catch (ValidationException $e) {
+ $request->getAttribute('session')->set('error', $e->errors()->first());
- if (! $password || $password !== $confirmation) {
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
}
diff --git a/framework/core/views/reset.blade.php b/framework/core/views/reset.blade.php
index 60422b2e5..bc3af3ace 100644
--- a/framework/core/views/reset.blade.php
+++ b/framework/core/views/reset.blade.php
@@ -11,6 +11,10 @@
{{ $translator->trans('core.views.reset.title') }}
+ @if (! empty($error))
+ {{ $error }}
+ @endif
+