Very rough implementation of forgot password

2024-12-11 21:43:38 +08:00 · 2015-05-26 11:14:06 +09:30 · 2015-05-26 11:14:06 +09:30 · e47678f403
commit e47678f403
parent 35b362e393
18 changed files with 376 additions and 3 deletions
--- a/framework/core/js/forum/src/components/forgot-password-modal.js
+++ b/framework/core/js/forum/src/components/forgot-password-modal.js
@ -0,0 +1,66 @@
+import Component from 'flarum/component';
+import LoadingIndicator from 'flarum/components/loading-indicator';
+import Alert from 'flarum/components/alert';
+import icon from 'flarum/helpers/icon';
+
+export default class ForgotPasswordModal extends Component {
+  constructor(props) {
+    super(props);
+
+    this.email = m.prop();
+    this.loading = m.prop(false);
+    this.success = m.prop(false);
+  }
+
+  view() {
+    return m('div.modal-dialog.modal-sm.modal-forgot-password', [
+      m('div.modal-content', [
+        m('button.btn.btn-icon.btn-link.close.back-control', {onclick: this.hide.bind(this)}, icon('times')),
+        m('form', {onsubmit: this.onsubmit.bind(this)}, [
+          m('div.modal-header', m('h3.title-control', 'Forgot Password')),
+          this.props.message ? m('div.modal-alert.alert', this.props.message) : '',
+          m('div.modal-body', [
+            m('div.form-centered', this.success() ? 'Sent!' : [
+              m('div.form-group', [
+                m('input.form-control[name=email][placeholder=Email]', {onchange: m.withAttr('value', this.email)})
+              ]),
+              m('div.form-group', [
+                m('button.btn.btn-primary.btn-block[type=submit]', 'Recover Password')
+              ])
+            ])
+          ])
+        ])
+      ]),
+      LoadingIndicator.component({className: 'modal-loading'+(this.loading() ? ' active' : '')})
+    ])
+  }
+
+  ready($modal) {
+    $modal.find('[name=email]').focus();
+  }
+
+  hide() {
+    app.modal.close();
+  }
+
+  onsubmit(e) {
+    e.preventDefault();
+    this.loading(true);
+
+    m.request({
+      method: 'POST',
+      url: app.config['api_url']+'/forgot',
+      data: {email: this.email()},
+      background: true
+    }).then(response => {
+      this.loading(false);
+      this.success(true);
+      m.redraw();
+    }, response => {
+      this.loading(false);
+      m.redraw();
+      app.alerts.dismiss(this.errorAlert);
+      app.alerts.show(this.errorAlert = new Alert({ type: 'warning', message: 'Invalid credentials.' }));
+    });
+  }
+}
--- a/framework/core/js/forum/src/components/login-modal.js
+++ b/framework/core/js/forum/src/components/login-modal.js
@ -1,5 +1,6 @@
 import Component from 'flarum/component';
 import LoadingIndicator from 'flarum/components/loading-indicator';
+import ForgotPasswordModal from 'flarum/components/forgot-password-modal';
 import SignupModal from 'flarum/components/signup-modal';
 import Alert from 'flarum/components/alert';
 import icon from 'flarum/helpers/icon';
@ -34,7 +35,7 @@ export default class LoginModal extends Component {
            ])
          ]),
          m('div.modal-footer', [
-            m('p.forgot-password-link', m('a[href=javascript:;]', 'Forgot password?')),
+            m('p.forgot-password-link', m('a[href=javascript:;]', {onclick: () => app.modal.show(new ForgotPasswordModal())}, 'Forgot password?')),
            m('p.sign-up-link', [
              'Don\'t have an account? ',
              m('a[href=javascript:;]', {onclick: () => app.modal.show(new SignupModal())}, 'Sign Up')
--- a/framework/core/js/lib/components/modal.js
+++ b/framework/core/js/lib/components/modal.js
@ -20,6 +20,7 @@ export default class Modal extends Component {
    this.component = component;
    m.redraw(true);
    this.$().modal('show');
+    this.ready();
  }

  close() {
--- a/framework/core/migrations/2015_02_24_000000_create_reset_tokens_table.php
+++ b/framework/core/migrations/2015_02_24_000000_create_reset_tokens_table.php
@ -0,0 +1,30 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class CreateResetTokensTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('reset_tokens', function (Blueprint $table) {
+            $table->string('id');
+            $table->integer('user_id')->unsigned();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::drop('reset_tokens');
+    }
+}
--- a/framework/core/migrations/2015_02_24_000000_create_users_table.php
+++ b/framework/core/migrations/2015_02_24_000000_create_users_table.php
@ -14,7 +14,6 @@ class CreateUsersTable extends Migration
    public function up()
    {
        Schema::create('users', function (Blueprint $table) {
-        
            $table->increments('id');
            $table->string('username', 100)->unique();
            $table->string('email', 150)->unique();
--- a/framework/core/src/Api/Actions/JsonApiAction.php
+++ b/framework/core/src/Api/Actions/JsonApiAction.php
@ -3,6 +3,8 @@
 use Closure;
 use Flarum\Api\Request;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Response;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Flarum\Core\Exceptions\ValidationFailureException;
 use Flarum\Core\Exceptions\PermissionDeniedException;

@ -29,7 +31,9 @@ abstract class JsonApiAction implements ActionInterface
            }
            return new JsonResponse(['errors' => $errors], 422);
        } catch (PermissionDeniedException $e) {
-            return new JsonResponse(null, 401);
+            return new Response(null, 401);
+        } catch (ModelNotFoundException $e) {
+            return new Response(null, 404);
        }
    }

--- a/framework/core/src/Api/Actions/Users/ForgotAction.php
+++ b/framework/core/src/Api/Actions/Users/ForgotAction.php
@ -0,0 +1,38 @@
+<?php namespace Flarum\Api\Actions\Users;
+
+use Flarum\Api\Request;
+use Flarum\Api\Actions\JsonApiAction;
+use Flarum\Core\Repositories\UserRepositoryInterface;
+use Flarum\Core\Commands\RequestPasswordResetCommand;
+use Illuminate\Http\Response;
+use Illuminate\Contracts\Bus\Dispatcher;
+
+class ForgotAction extends JsonApiAction
+{
+    protected $users;
+
+    protected $bus;
+
+    public function __construct(UserRepositoryInterface $users, Dispatcher $bus)
+    {
+        $this->users = $users;
+        $this->bus = $bus;
+    }
+
+    /**
+     * Log in and return a token.
+     *
+     * @param \Flarum\Api\Request $request
+     * @return \Flarum\Api\Response
+     */
+    public function respond(Request $request)
+    {
+        $email = $request->get('email');
+
+        $this->bus->dispatch(
+            new RequestPasswordResetCommand($email)
+        );
+
+        return new Response;
+    }
+}
--- a/framework/core/src/Api/routes.php
+++ b/framework/core/src/Api/routes.php
@ -37,6 +37,12 @@ Route::group(['prefix' => 'api', 'middleware' => 'Flarum\Api\Middleware\LoginWit
        'uses' => $action('Flarum\Api\Actions\TokenAction')
    ]);

+    // Send forgot password email
+    Route::post('forgot', [
+        'as' => 'flarum.api.forgot',
+        'uses' => $action('Flarum\Api\Actions\Users\ForgotAction')
+    ]);
+
    /*
    |--------------------------------------------------------------------------
    | Users
@ -73,11 +79,13 @@ Route::group(['prefix' => 'api', 'middleware' => 'Flarum\Api\Middleware\LoginWit
        'uses' => $action('Flarum\Api\Actions\Users\DeleteAction')
    ]);

+    // Upload avatar
    Route::post('users/{id}/avatar', [
        'as' => 'flarum.api.users.avatar.upload',
        'uses' => $action('Flarum\Api\Actions\Users\UploadAvatarAction')
    ]);

+    // Remove avatar
    Route::delete('users/{id}/avatar', [
        'as' => 'flarum.api.users.avatar.delete',
        'uses' => $action('Flarum\Api\Actions\Users\DeleteAvatarAction')
--- a/framework/core/src/Core/Commands/RequestPasswordResetCommand.php
+++ b/framework/core/src/Core/Commands/RequestPasswordResetCommand.php
@ -0,0 +1,11 @@
+<?php namespace Flarum\Core\Commands;
+
+class RequestPasswordResetCommand
+{
+    public $email;
+
+    public function __construct($email)
+    {
+        $this->email = $email;
+    }
+}
--- a/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
+++ b/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
@ -0,0 +1,52 @@
+<?php namespace Flarum\Core\Handlers\Commands;
+
+use Flarum\Core\Commands\RequestPasswordResetCommand;
+use Flarum\Core\Models\ResetToken;
+use Flarum\Core\Repositories\UserRepositoryInterface;
+use Illuminate\Contracts\Mail\Mailer;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
+
+class RequestPasswordResetCommandHandler
+{
+    /**
+     * @var UserRepositoryInterface
+     */
+    protected $users;
+
+    /**
+     * The mailer instance.
+     *
+     * @var \Illuminate\Contracts\Mail\Mailer
+     */
+    protected $mailer;
+
+    public function __construct(UserRepositoryInterface $users, Mailer $mailer)
+    {
+        $this->users = $users;
+        $this->mailer = $mailer;
+    }
+
+    public function handle(RequestPasswordResetCommand $command)
+    {
+        $user = $this->users->findByEmail($command->email);
+
+        if (! $user) {
+            throw new ModelNotFoundException;
+        }
+
+        $token = ResetToken::generate($user->id);
+        $token->save();
+
+        $data = [
+            'username' => $user->username,
+            'url' => route('flarum.forum.resetPassword', ['token' => $token->id])
+        ];
+
+        $this->mailer->send(['text' => 'flarum::emails.reset'], $data, function ($message) use ($user) {
+            $message->to($user->email);
+            $message->subject('Reset Your Password');
+        });
+
+        return $user;
+    }
+}
--- a/framework/core/src/Core/Models/ResetToken.php
+++ b/framework/core/src/Core/Models/ResetToken.php
@ -0,0 +1,44 @@
+<?php namespace Flarum\Core\Models;
+
+class ResetToken extends Model
+{
+    /**
+     * The table associated with the model.
+     *
+     * @var string
+     */
+    protected $table = 'reset_tokens';
+
+    /**
+     * Use a custom primary key for this model.
+     *
+     * @var boolean
+     */
+    public $incrementing = false;
+
+    /**
+     * Generate a reset token for the specified user.
+     *
+     * @param  int  $userId
+     * @return static
+     */
+    public static function generate($userId)
+    {
+        $token = new static;
+
+        $token->id = str_random(40);
+        $token->user_id = $userId;
+
+        return $token;
+    }
+
+    /**
+     * Define the relationship with the owner of this reset token.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     */
+    public function user()
+    {
+        return $this->belongsTo('Flarum\Core\Models\User');
+    }
+}
--- a/framework/core/src/Core/Repositories/EloquentUserRepository.php
+++ b/framework/core/src/Core/Repositories/EloquentUserRepository.php
@ -45,6 +45,17 @@ class EloquentUserRepository implements UserRepositoryInterface
        return User::where($field, $identification)->first();
    }

+    /**
+     * Find a user by email.
+     *
+     * @param  string  $email
+     * @return \Flarum\Core\Models\User|null
+     */
+    public function findByEmail($email)
+    {
+        return User::where('email', $email)->first();
+    }
+
    /**
     * Get the ID of a user with the given username.
     *
--- a/framework/core/src/Core/Repositories/UserRepositoryInterface.php
+++ b/framework/core/src/Core/Repositories/UserRepositoryInterface.php
@ -31,6 +31,14 @@ interface UserRepositoryInterface
     */
    public function findByIdentification($identification);

+    /**
+     * Find a user by email.
+     *
+     * @param  string  $email
+     * @return \Flarum\Core\Models\User|null
+     */
+    public function findByEmail($email);
+
    /**
     * Get the ID of a user with the given username.
     *
--- a/framework/core/src/Forum/Actions/ResetPasswordAction.php
+++ b/framework/core/src/Forum/Actions/ResetPasswordAction.php
@ -0,0 +1,16 @@
+<?php namespace Flarum\Forum\Actions;
+
+use Flarum\Core\Models\ResetToken;
+use Illuminate\Http\Request;
+
+class ResetPasswordAction extends BaseAction
+{
+    public function handle(Request $request, $routeParams = [])
+    {
+        $token = array_get($routeParams, 'token');
+
+        $token = ResetToken::findOrFail($token);
+
+        return view('flarum::reset')->with('token', $token->id);
+    }
+}
--- a/framework/core/src/Forum/Actions/SavePasswordAction.php
+++ b/framework/core/src/Forum/Actions/SavePasswordAction.php
@ -0,0 +1,28 @@
+<?php namespace Flarum\Forum\Actions;
+
+use Flarum\Core\Models\ResetToken;
+use Flarum\Core\Commands\EditUserCommand;
+use Illuminate\Http\Request;
+
+class SavePasswordAction extends BaseAction
+{
+    public function handle(Request $request, $routeParams = [])
+    {
+        $token = ResetToken::findOrFail($request->get('token'));
+
+        $password = $request->get('password');
+        $confirmation = $request->get('password_confirmation');
+
+        if (! $password || $password !== $confirmation) {
+            return redirect()->back();
+        }
+
+        $this->dispatch(
+            new EditUserCommand($token->user_id, $token->user, ['password' => $password])
+        );
+
+        $token->delete();
+
+        return redirect('');
+    }
+}
--- a/framework/core/src/Forum/routes.php
+++ b/framework/core/src/Forum/routes.php
@ -32,3 +32,13 @@ Route::get('confirm/{id}/{token}', [
    'as' => 'flarum.forum.confirm',
    'uses' => $action('Flarum\Forum\Actions\ConfirmAction')
 ]);
+
+Route::get('reset/{token}', [
+    'as' => 'flarum.forum.resetPassword',
+    'uses' => $action('Flarum\Forum\Actions\ResetPasswordAction')
+]);
+
+Route::post('reset', [
+    'as' => 'flarum.forum.savePassword',
+    'uses' => $action('Flarum\Forum\Actions\SavePasswordAction')
+]);
--- a/framework/core/views/emails/reset.blade.php
+++ b/framework/core/views/emails/reset.blade.php
@ -0,0 +1,3 @@
+Hey {{ $username }}!
+
+Click here to reset your password: {{ $url }}
--- a/framework/core/views/reset.blade.php
+++ b/framework/core/views/reset.blade.php
@ -0,0 +1,43 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title>Reset Your Password</title>
+    <meta name="description" content="">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1">
+  </head>
+
+  <body>
+    <h1>Reset Your Password</h1>
+
+    @if (count($errors) > 0)
+      <div class="alert alert-danger">
+        <strong>Whoops!</strong> There were some problems with your input.<br><br>
+        <ul>
+          @foreach ($errors->all() as $error)
+            <li>{{ $error }}</li>
+          @endforeach
+        </ul>
+      </div>
+    @endif
+
+    <form class="form-horizontal" role="form" method="POST" action="{{ route('flarum.forum.savePassword') }}">
+      <input type="hidden" name="token" value="{{ $token }}">
+
+      <div class="form-group">
+        <label class="control-label">Password</label>
+        <input type="password" class="form-control" name="password">
+      </div>
+
+      <div class="form-group">
+        <label class="control-label">Confirm Password</label>
+        <input type="password" class="form-control" name="password_confirmation">
+      </div>
+
+      <div class="form-group">
+        <button type="submit" class="btn btn-primary">Reset Password</button>
+      </div>
+    </form>
+  </body>
+</html>