github-mirror/framework
github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-21 07:50:24 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow non-admins to reset their password

Browse Source 
The EditUser command requires the actor to have the "edit" permission,
which is only granted to admins. We don't want to allow users to change
their own password via the API, though. So instead of dispatching the
command, we'll just update the user's password directly in the action.
This commit is contained in:
Toby Zerner 2015-08-28 03:38:55 +09:30
parent baed659668
commit b689c9de3b
1 changed files with 2 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Forum/Actions/SavePasswordAction.php
View File

@ -13,24 +13,10 @@ namespace Flarum\Forum\Actions;
use Flarum\Core\Users\PasswordToken;
use Flarum\Core\Users\Commands\EditUser;
use Flarum\Support\Action;
use Illuminate\Contracts\Bus\Dispatcher;
use Psr\Http\Message\ServerRequestInterface as Request;
class SavePasswordAction extends Action
{
/**
* @var Dispatcher
*/
protected $bus;
/**
* @param Dispatcher $bus
*/
public function __construct(Dispatcher $bus)
{
$this->bus = $bus;
}
/**
* @param Request $request
* @param array $routeParams
@ -49,9 +35,8 @@ class SavePasswordAction extends Action
return $this->redirectTo('/reset/'.$token->id); // TODO: Use UrlGenerator
}
$this->bus->dispatch(
new EditUser($token->user_id, $token->user, ['attributes' => ['password' => $password]])
);
$token->user->changePassword($password);
$token->user->save();
$token->delete();