mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-30 21:20:24 +02:00
Code Issues Releases Wiki Activity

Improve password reset validation/error handling

Browse Source
This commit is contained in:
Toby Zerner
2016-11-13 08:51:38 +10:30
parent dde0de046a
commit b2c691a03d
3 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Forum/Controller/SavePasswordController.php
View File

@@ -15,6 +15,8 @@ use Flarum\Core\Validator\UserValidator;
use Flarum\Forum\UrlGenerator;
use Flarum\Http\Controller\ControllerInterface;
use Flarum\Http\SessionAuthenticator;
use Illuminate\Contracts\Validation\Factory;
use Illuminate\Contracts\Validation\ValidationException;
use Psr\Http\Message\ServerRequestInterface as Request;
use Zend\Diactoros\Response\RedirectResponse;
@@ -35,15 +37,23 @@ class SavePasswordController implements ControllerInterface
*/
protected $authenticator;
/**
* @var Factory
*/
protected $validatorFactory;
/**
* @param UrlGenerator $url
* @param SessionAuthenticator $authenticator
* @param UserValidator $validator
* @param Factory $validatorFactory
*/
public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator)
public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator, Factory $validatorFactory)
{
$this->url = $url;
$this->authenticator = $authenticator;
$this->validator = $validator;
$this->validatorFactory = $validatorFactory;
}
/**
@@ -57,11 +67,19 @@ class SavePasswordController implements ControllerInterface
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
$password = array_get($input, 'password');
$confirmation = array_get($input, 'password_confirmation');
$this->validator->assertValid(compact('password'));
try {
// todo: probably shouldn't use the user validator for this,
// passwords should be validated separately
$this->validator->assertValid(compact('password'));
$validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
if ($validator->fails()) {
throw new ValidationException($validator);
}
} catch (ValidationException $e) {
$request->getAttribute('session')->set('error', $e->errors()->first());
if (! $password || $password !== $confirmation) {
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
}