github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-01-21 17:55:33 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #943 from poush/fix_#937

Browse Source 
Validation on password change
This commit is contained in:
Franz Liedke 2016-04-29 20:27:53 +09:00
commit 856053f464
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
framework/core/src/Forum/Controller/SavePasswordController.php
View File

@ -11,6 +11,7 @@
namespace Flarum\Forum\Controller; namespace Flarum\Forum\Controller;
use Flarum\Core\PasswordToken; use Flarum\Core\PasswordToken;
use Flarum\Core\Validator\UserValidator;
use Flarum\Forum\UrlGenerator; use Flarum\Forum\UrlGenerator;
use Flarum\Http\Controller\ControllerInterface; use Flarum\Http\Controller\ControllerInterface;
use Flarum\Http\SessionAuthenticator; use Flarum\Http\SessionAuthenticator;
@ -24,6 +25,11 @@ class SavePasswordController implements ControllerInterface
*/ */
protected $url; protected $url;
/**
* @var UserValidator
*/
protected $validator;
/** /**
* @var SessionAuthenticator * @var SessionAuthenticator
*/ */
@ -33,10 +39,11 @@ class SavePasswordController implements ControllerInterface
* @param UrlGenerator $url * @param UrlGenerator $url
* @param SessionAuthenticator $authenticator * @param SessionAuthenticator $authenticator
*/ */
public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator) public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator)
{ {
$this->url = $url; $this->url = $url;
$this->authenticator = $authenticator; $this->authenticator = $authenticator;
$this->validator = $validator;
} }
/** /**
@ -52,6 +59,8 @@ class SavePasswordController implements ControllerInterface
$password = array_get($input, 'password'); $password = array_get($input, 'password');
$confirmation = array_get($input, 'password_confirmation'); $confirmation = array_get($input, 'password_confirmation');
$this->validator->assertValid(compact('password'));
if (! $password || $password !== $confirmation) { if (! $password || $password !== $confirmation) {
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id])); return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
} }