Get login/forgot password working again

2025-02-17 12:12:52 +08:00 · 2015-06-19 11:19:49 +09:30 · 2015-06-19 11:19:49 +09:30 · d14716fa4d
commit d14716fa4d
parent a714f12f8f
5 changed files with 31 additions and 28 deletions
--- a/src/Api/Actions/Users/ForgotAction.php
+++ b/src/Api/Actions/Users/ForgotAction.php
@ -1,4 +1,4 @@
-<?php namespace Flarum\Api\Actions\Users;
+<?php namespace Flarum\Api\Actions;

 use Flarum\Api\Request;
 use Flarum\Api\Actions\JsonApiAction;
--- a/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
+++ b/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
@ -6,6 +6,7 @@ use Flarum\Core\Repositories\UserRepositoryInterface;
 use Illuminate\Contracts\Mail\Mailer;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Flarum\Core;
+use Flarum\Http\UrlGeneratorInterface;

 class RequestPasswordResetCommandHandler
 {
@ -21,10 +22,11 @@ class RequestPasswordResetCommandHandler
     */
    protected $mailer;

-    public function __construct(UserRepositoryInterface $users, Mailer $mailer)
+    public function __construct(UserRepositoryInterface $users, Mailer $mailer, UrlGeneratorInterface $url)
    {
        $this->users = $users;
        $this->mailer = $mailer;
+        $this->url = $url;
    }

    public function handle(RequestPasswordResetCommand $command)
@ -38,9 +40,12 @@ class RequestPasswordResetCommandHandler
        $token = PasswordToken::generate($user->id);
        $token->save();

+        // TODO: Need to use UrlGenerator, but since this is part of core we
+        // don't know that the forum routes will be loaded. Should the reset
+        // password route be part of core??
        $data = [
            'username' => $user->username,
-            'url' => route('flarum.forum.resetPassword', ['token' => $token->id]),
+            'url' => Core::config('base_url').'/reset/'.$token->id,
            'forumTitle' => Core::config('forum_title')
        ];

--- a/src/Forum/Actions/LoginAction.php
+++ b/src/Forum/Actions/LoginAction.php
@ -4,6 +4,7 @@ use Flarum\Api\Client;
 use Flarum\Forum\Events\UserLoggedIn;
 use Flarum\Core\Repositories\UserRepositoryInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
+use Zend\Diactoros\Response;

 class LoginAction extends BaseAction
 {
@ -25,15 +26,21 @@ class LoginAction extends BaseAction

        $data = $this->apiClient->send('Flarum\Api\Actions\TokenAction', $params);

-        event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));
+        // TODO: The client needs to pass through exceptions(?) or the whole
+        // response so we can look at the response code. For now if there isn't
+        // any useful data we just assume it's a 401.
+        if (isset($data->userId)) {
+            event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token));

-        // TODO: The client needs to pass through exceptions
-        $response = $this->success();
-        $response->getBody()->write(json_encode($data));
+            $response = $this->success();
+            $response->getBody()->write(json_encode($data));

-        return $this->withRememberCookie(
-            $response,
-            $data->token
-        );
+            return $this->withRememberCookie(
+                $response,
+                $data->token
+            );
+        } else {
+            return new Response('php://memory', 401);
+        }
    }
 }
--- a/src/Forum/Actions/SavePasswordAction.php
+++ b/src/Forum/Actions/SavePasswordAction.php
@ -8,13 +8,15 @@ class SavePasswordAction extends BaseAction
 {
    public function handle(Request $request, $routeParams = [])
    {
-        $token = PasswordToken::findOrFail($request->getAttribute('token'));
+        $input = $request->getParsedBody();

-        $password = $request->getAttribute('password');
-        $confirmation = $request->getAttribute('password_confirmation');
+        $token = PasswordToken::findOrFail(array_get($input, 'token'));
+
+        $password = array_get($input, 'password');
+        $confirmation = array_get($input, 'password_confirmation');

        if (! $password || $password !== $confirmation) {
-            return $this->redirectTo(''); // TODO: Redirect back
+            return $this->redirectTo('/reset/'.$token->id); // TODO: Use UrlGenerator
        }

        $this->dispatch(
@ -23,6 +25,6 @@ class SavePasswordAction extends BaseAction

        $token->delete();

-        return $this->redirectTo('');
+        return $this->redirectTo('/');
    }
 }
--- a/views/reset.blade.php
+++ b/views/reset.blade.php
@ -11,18 +11,7 @@
  <body>
    <h1>Reset Your Password</h1>

-    @if (count($errors) > 0)
-      <div class="alert alert-danger">
-        <strong>Whoops!</strong> There were some problems with your input.<br><br>
-        <ul>
-          @foreach ($errors->all() as $error)
-            <li>{{ $error }}</li>
-          @endforeach
-        </ul>
-      </div>
-    @endif
-
-    <form class="form-horizontal" role="form" method="POST" action="{{ route('flarum.forum.savePassword') }}">
+    <form class="form-horizontal" role="form" method="POST" action="{{ app('Flarum\Http\UrlGeneratorInterface')->toRoute('flarum.forum.savePassword') }}">
      <input type="hidden" name="token" value="{{ $token }}">

      <div class="form-group">