feat: Allow additional reset password params, introduce ForgotPasswordValidator (#3671)

* feat: Allow additional reset password params, introduce 'ForgotPasswordValidator' * Apply fixes from StyleCI Co-authored-by: StyleCI Bot <bot@styleci.io>
2025-02-18 22:12:50 +08:00 · 2022-11-07 15:06:00 +00:00 · 2022-11-07 15:06:00 +00:00 · 87cdb5b4d8
commit 87cdb5b4d8
parent bc4b0b864c
3 changed files with 87 additions and 38 deletions
--- a/framework/core/js/src/forum/components/ForgotPasswordModal.tsx
+++ b/framework/core/js/src/forum/components/ForgotPasswordModal.tsx
@ -5,6 +5,7 @@ import extractText from '../../common/utils/extractText';
 import Stream from '../../common/utils/Stream';
 import Mithril from 'mithril';
 import RequestError from '../../common/utils/RequestError';
+import ItemList from '../../common/utils/ItemList';

 export interface IForgotPasswordModalAttrs extends IInternalModalAttrs {
  email?: string;
@ -52,12 +53,23 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
      );
    }

-    const emailLabel = extractText(app.translator.trans('core.forum.forgot_password.email_placeholder'));
-
    return (
      <div className="Modal-body">
        <div className="Form Form--centered">
          <p className="helpText">{app.translator.trans('core.forum.forgot_password.text')}</p>
+          {this.fields().toArray()}
+        </div>
+      </div>
+    );
+  }
+
+  fields() {
+    const items = new ItemList();
+
+    const emailLabel = extractText(app.translator.trans('core.forum.forgot_password.email_placeholder'));
+
+    items.add(
+      'email',
      <div className="Form-group">
        <input
          className="FormControl"
@ -68,7 +80,12 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
          bidi={this.email}
          disabled={this.loading}
        />
-          </div>
+      </div>,
+      50
+    );
+
+    items.add(
+      'submit',
      <div className="Form-group">
        {Button.component(
          {
@ -78,10 +95,11 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
          },
          app.translator.trans('core.forum.forgot_password.submit_button')
        )}
-          </div>
-        </div>
-      </div>
+      </div>,
+      -10
    );
+
+    return items;
  }

  onsubmit(e: SubmitEvent) {
@ -93,7 +111,7 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
      .request({
        method: 'POST',
        url: app.forum.attribute('apiUrl') + '/forgot',
-        body: { email: this.email() },
+        body: this.requestParams(),
        errorHandler: this.onerror.bind(this),
      })
      .then(() => {
@ -104,6 +122,14 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
      .then(this.loaded.bind(this));
  }

+  requestParams(): Record<string, unknown> {
+    const data = {
+      email: this.email(),
+    };
+
+    return data;
+  }
+
  onerror(error: RequestError) {
    if (error.status === 404 && error.alert) {
      error.alert.content = app.translator.trans('core.forum.forgot_password.not_found_message');
--- a/framework/core/src/Api/Controller/ForgotPasswordController.php
+++ b/framework/core/src/Api/Controller/ForgotPasswordController.php
@ -9,11 +9,10 @@

 namespace Flarum\Api\Controller;

+use Flarum\Api\ForgotPasswordValidator;
 use Flarum\User\Job\RequestPasswordResetJob;
 use Illuminate\Contracts\Queue\Queue;
-use Illuminate\Contracts\Validation\Factory;
 use Illuminate\Support\Arr;
-use Illuminate\Validation\ValidationException;
 use Laminas\Diactoros\Response\EmptyResponse;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@ -27,14 +26,14 @@ class ForgotPasswordController implements RequestHandlerInterface
    protected $queue;

    /**
-     * @var Factory
+     * @var ForgotPasswordValidator
     */
-    protected $validatorFactory;
+    protected $validator;

-    public function __construct(Queue $queue, Factory $validatorFactory)
+    public function __construct(Queue $queue, ForgotPasswordValidator $validator)
    {
        $this->queue = $queue;
-        $this->validatorFactory = $validatorFactory;
+        $this->validator = $validator;
    }

    /**
@ -42,16 +41,11 @@ class ForgotPasswordController implements RequestHandlerInterface
     */
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
-        $email = Arr::get($request->getParsedBody(), 'email');
+        $params = $request->getParsedBody();

-        $validation = $this->validatorFactory->make(
-            compact('email'),
-            ['email' => 'required|email']
-        );
+        $this->validator->assertValid($params);

-        if ($validation->fails()) {
-            throw new ValidationException($validation);
-        }
+        $email = Arr::get($params, 'email');

        // Prevents leaking user existence by not throwing an error.
        // Prevents leaking user existence by duration by using a queued job.
--- a/framework/core/src/Api/ForgotPasswordValidator.php
+++ b/framework/core/src/Api/ForgotPasswordValidator.php
@ -0,0 +1,29 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Api;
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+use Flarum\Foundation\AbstractValidator;
+
+class ForgotPasswordValidator extends AbstractValidator
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected $rules = [
+        'email' => ['required', 'email']
+    ];
+}