mirror of
https://github.com/flarum/framework.git
synced 2024-12-02 23:23:52 +08:00
Improve password reset validation/error handling
This commit is contained in:
parent
28999bfed7
commit
327949495d
|
@ -57,6 +57,7 @@ class ResetPasswordController extends AbstractHtmlController
|
||||||
return $this->view->make('flarum::reset')
|
return $this->view->make('flarum::reset')
|
||||||
->with('translator', $this->translator)
|
->with('translator', $this->translator)
|
||||||
->with('passwordToken', $token->id)
|
->with('passwordToken', $token->id)
|
||||||
->with('csrfToken', $request->getAttribute('session')->get('csrf_token'));
|
->with('csrfToken', $request->getAttribute('session')->get('csrf_token'))
|
||||||
|
->with('error', $request->getAttribute('session')->get('error'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,8 @@ use Flarum\Core\Validator\UserValidator;
|
||||||
use Flarum\Forum\UrlGenerator;
|
use Flarum\Forum\UrlGenerator;
|
||||||
use Flarum\Http\Controller\ControllerInterface;
|
use Flarum\Http\Controller\ControllerInterface;
|
||||||
use Flarum\Http\SessionAuthenticator;
|
use Flarum\Http\SessionAuthenticator;
|
||||||
|
use Illuminate\Contracts\Validation\Factory;
|
||||||
|
use Illuminate\Contracts\Validation\ValidationException;
|
||||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||||
use Zend\Diactoros\Response\RedirectResponse;
|
use Zend\Diactoros\Response\RedirectResponse;
|
||||||
|
|
||||||
|
@ -35,15 +37,23 @@ class SavePasswordController implements ControllerInterface
|
||||||
*/
|
*/
|
||||||
protected $authenticator;
|
protected $authenticator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Factory
|
||||||
|
*/
|
||||||
|
protected $validatorFactory;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param UrlGenerator $url
|
* @param UrlGenerator $url
|
||||||
* @param SessionAuthenticator $authenticator
|
* @param SessionAuthenticator $authenticator
|
||||||
|
* @param UserValidator $validator
|
||||||
|
* @param Factory $validatorFactory
|
||||||
*/
|
*/
|
||||||
public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator)
|
public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator, Factory $validatorFactory)
|
||||||
{
|
{
|
||||||
$this->url = $url;
|
$this->url = $url;
|
||||||
$this->authenticator = $authenticator;
|
$this->authenticator = $authenticator;
|
||||||
$this->validator = $validator;
|
$this->validator = $validator;
|
||||||
|
$this->validatorFactory = $validatorFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -57,11 +67,19 @@ class SavePasswordController implements ControllerInterface
|
||||||
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
|
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
|
||||||
|
|
||||||
$password = array_get($input, 'password');
|
$password = array_get($input, 'password');
|
||||||
$confirmation = array_get($input, 'password_confirmation');
|
|
||||||
|
|
||||||
$this->validator->assertValid(compact('password'));
|
try {
|
||||||
|
// todo: probably shouldn't use the user validator for this,
|
||||||
|
// passwords should be validated separately
|
||||||
|
$this->validator->assertValid(compact('password'));
|
||||||
|
|
||||||
|
$validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
|
||||||
|
if ($validator->fails()) {
|
||||||
|
throw new ValidationException($validator);
|
||||||
|
}
|
||||||
|
} catch (ValidationException $e) {
|
||||||
|
$request->getAttribute('session')->set('error', $e->errors()->first());
|
||||||
|
|
||||||
if (! $password || $password !== $confirmation) {
|
|
||||||
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
|
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,10 @@
|
||||||
<body>
|
<body>
|
||||||
<h1>{{ $translator->trans('core.views.reset.title') }}</h1>
|
<h1>{{ $translator->trans('core.views.reset.title') }}</h1>
|
||||||
|
|
||||||
|
@if (! empty($error))
|
||||||
|
<p>{{ $error }}</p>
|
||||||
|
@endif
|
||||||
|
|
||||||
<form class="form-horizontal" role="form" method="POST" action="{{ app('Flarum\Forum\UrlGenerator')->toRoute('savePassword') }}">
|
<form class="form-horizontal" role="form" method="POST" action="{{ app('Flarum\Forum\UrlGenerator')->toRoute('savePassword') }}">
|
||||||
<input type="hidden" name="csrfToken" value="{{ $csrfToken }}">
|
<input type="hidden" name="csrfToken" value="{{ $csrfToken }}">
|
||||||
<input type="hidden" name="passwordToken" value="{{ $passwordToken }}">
|
<input type="hidden" name="passwordToken" value="{{ $passwordToken }}">
|
||||||
|
|
Loading…
Reference in New Issue
Block a user