Very rough implementation of forgot password

2025-07-26 03:01:22 +02:00 · 2015-05-26 11:14:06 +09:30
parent 35b362e393
commit e47678f403
18 changed files with 376 additions and 3 deletions
--- a/framework/core/src/Api/Actions/JsonApiAction.php
+++ b/framework/core/src/Api/Actions/JsonApiAction.php
@@ -3,6 +3,8 @@
 use Closure;
 use Flarum\Api\Request;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Response;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Flarum\Core\Exceptions\ValidationFailureException;
 use Flarum\Core\Exceptions\PermissionDeniedException;

@@ -29,7 +31,9 @@ abstract class JsonApiAction implements ActionInterface
            }
            return new JsonResponse(['errors' => $errors], 422);
        } catch (PermissionDeniedException $e) {
-            return new JsonResponse(null, 401);
+            return new Response(null, 401);
+        } catch (ModelNotFoundException $e) {
+            return new Response(null, 404);
        }
    }

--- a/framework/core/src/Api/Actions/Users/ForgotAction.php
+++ b/framework/core/src/Api/Actions/Users/ForgotAction.php
@@ -0,0 +1,38 @@
+<?php namespace Flarum\Api\Actions\Users;
+
+use Flarum\Api\Request;
+use Flarum\Api\Actions\JsonApiAction;
+use Flarum\Core\Repositories\UserRepositoryInterface;
+use Flarum\Core\Commands\RequestPasswordResetCommand;
+use Illuminate\Http\Response;
+use Illuminate\Contracts\Bus\Dispatcher;
+
+class ForgotAction extends JsonApiAction
+{
+    protected $users;
+
+    protected $bus;
+
+    public function __construct(UserRepositoryInterface $users, Dispatcher $bus)
+    {
+        $this->users = $users;
+        $this->bus = $bus;
+    }
+
+    /**
+     * Log in and return a token.
+     *
+     * @param \Flarum\Api\Request $request
+     * @return \Flarum\Api\Response
+     */
+    public function respond(Request $request)
+    {
+        $email = $request->get('email');
+
+        $this->bus->dispatch(
+            new RequestPasswordResetCommand($email)
+        );
+
+        return new Response;
+    }
+}
--- a/framework/core/src/Api/routes.php
+++ b/framework/core/src/Api/routes.php
@@ -37,6 +37,12 @@ Route::group(['prefix' => 'api', 'middleware' => 'Flarum\Api\Middleware\LoginWit
        'uses' => $action('Flarum\Api\Actions\TokenAction')
    ]);

+    // Send forgot password email
+    Route::post('forgot', [
+        'as' => 'flarum.api.forgot',
+        'uses' => $action('Flarum\Api\Actions\Users\ForgotAction')
+    ]);
+
    /*
    |--------------------------------------------------------------------------
    | Users
@@ -73,11 +79,13 @@ Route::group(['prefix' => 'api', 'middleware' => 'Flarum\Api\Middleware\LoginWit
        'uses' => $action('Flarum\Api\Actions\Users\DeleteAction')
    ]);

+    // Upload avatar
    Route::post('users/{id}/avatar', [
        'as' => 'flarum.api.users.avatar.upload',
        'uses' => $action('Flarum\Api\Actions\Users\UploadAvatarAction')
    ]);

+    // Remove avatar
    Route::delete('users/{id}/avatar', [
        'as' => 'flarum.api.users.avatar.delete',
        'uses' => $action('Flarum\Api\Actions\Users\DeleteAvatarAction')
--- a/framework/core/src/Core/Commands/RequestPasswordResetCommand.php
+++ b/framework/core/src/Core/Commands/RequestPasswordResetCommand.php
@@ -0,0 +1,11 @@
+<?php namespace Flarum\Core\Commands;
+
+class RequestPasswordResetCommand
+{
+    public $email;
+
+    public function __construct($email)
+    {
+        $this->email = $email;
+    }
+}
--- a/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
+++ b/framework/core/src/Core/Handlers/Commands/RequestPasswordResetCommandHandler.php
@@ -0,0 +1,52 @@
+<?php namespace Flarum\Core\Handlers\Commands;
+
+use Flarum\Core\Commands\RequestPasswordResetCommand;
+use Flarum\Core\Models\ResetToken;
+use Flarum\Core\Repositories\UserRepositoryInterface;
+use Illuminate\Contracts\Mail\Mailer;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
+
+class RequestPasswordResetCommandHandler
+{
+    /**
+     * @var UserRepositoryInterface
+     */
+    protected $users;
+
+    /**
+     * The mailer instance.
+     *
+     * @var \Illuminate\Contracts\Mail\Mailer
+     */
+    protected $mailer;
+
+    public function __construct(UserRepositoryInterface $users, Mailer $mailer)
+    {
+        $this->users = $users;
+        $this->mailer = $mailer;
+    }
+
+    public function handle(RequestPasswordResetCommand $command)
+    {
+        $user = $this->users->findByEmail($command->email);
+
+        if (! $user) {
+            throw new ModelNotFoundException;
+        }
+
+        $token = ResetToken::generate($user->id);
+        $token->save();
+
+        $data = [
+            'username' => $user->username,
+            'url' => route('flarum.forum.resetPassword', ['token' => $token->id])
+        ];
+
+        $this->mailer->send(['text' => 'flarum::emails.reset'], $data, function ($message) use ($user) {
+            $message->to($user->email);
+            $message->subject('Reset Your Password');
+        });
+
+        return $user;
+    }
+}
--- a/framework/core/src/Core/Models/ResetToken.php
+++ b/framework/core/src/Core/Models/ResetToken.php
@@ -0,0 +1,44 @@
+<?php namespace Flarum\Core\Models;
+
+class ResetToken extends Model
+{
+    /**
+     * The table associated with the model.
+     *
+     * @var string
+     */
+    protected $table = 'reset_tokens';
+
+    /**
+     * Use a custom primary key for this model.
+     *
+     * @var boolean
+     */
+    public $incrementing = false;
+
+    /**
+     * Generate a reset token for the specified user.
+     *
+     * @param  int  $userId
+     * @return static
+     */
+    public static function generate($userId)
+    {
+        $token = new static;
+
+        $token->id = str_random(40);
+        $token->user_id = $userId;
+
+        return $token;
+    }
+
+    /**
+     * Define the relationship with the owner of this reset token.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+     */
+    public function user()
+    {
+        return $this->belongsTo('Flarum\Core\Models\User');
+    }
+}
--- a/framework/core/src/Core/Repositories/EloquentUserRepository.php
+++ b/framework/core/src/Core/Repositories/EloquentUserRepository.php
@@ -45,6 +45,17 @@ class EloquentUserRepository implements UserRepositoryInterface
        return User::where($field, $identification)->first();
    }

+    /**
+     * Find a user by email.
+     *
+     * @param  string  $email
+     * @return \Flarum\Core\Models\User|null
+     */
+    public function findByEmail($email)
+    {
+        return User::where('email', $email)->first();
+    }
+
    /**
     * Get the ID of a user with the given username.
     *
--- a/framework/core/src/Core/Repositories/UserRepositoryInterface.php
+++ b/framework/core/src/Core/Repositories/UserRepositoryInterface.php
@@ -31,6 +31,14 @@ interface UserRepositoryInterface
     */
    public function findByIdentification($identification);

+    /**
+     * Find a user by email.
+     *
+     * @param  string  $email
+     * @return \Flarum\Core\Models\User|null
+     */
+    public function findByEmail($email);
+
    /**
     * Get the ID of a user with the given username.
     *
--- a/framework/core/src/Forum/Actions/ResetPasswordAction.php
+++ b/framework/core/src/Forum/Actions/ResetPasswordAction.php
@@ -0,0 +1,16 @@
+<?php namespace Flarum\Forum\Actions;
+
+use Flarum\Core\Models\ResetToken;
+use Illuminate\Http\Request;
+
+class ResetPasswordAction extends BaseAction
+{
+    public function handle(Request $request, $routeParams = [])
+    {
+        $token = array_get($routeParams, 'token');
+
+        $token = ResetToken::findOrFail($token);
+
+        return view('flarum::reset')->with('token', $token->id);
+    }
+}
--- a/framework/core/src/Forum/Actions/SavePasswordAction.php
+++ b/framework/core/src/Forum/Actions/SavePasswordAction.php
@@ -0,0 +1,28 @@
+<?php namespace Flarum\Forum\Actions;
+
+use Flarum\Core\Models\ResetToken;
+use Flarum\Core\Commands\EditUserCommand;
+use Illuminate\Http\Request;
+
+class SavePasswordAction extends BaseAction
+{
+    public function handle(Request $request, $routeParams = [])
+    {
+        $token = ResetToken::findOrFail($request->get('token'));
+
+        $password = $request->get('password');
+        $confirmation = $request->get('password_confirmation');
+
+        if (! $password || $password !== $confirmation) {
+            return redirect()->back();
+        }
+
+        $this->dispatch(
+            new EditUserCommand($token->user_id, $token->user, ['password' => $password])
+        );
+
+        $token->delete();
+
+        return redirect('');
+    }
+}
--- a/framework/core/src/Forum/routes.php
+++ b/framework/core/src/Forum/routes.php
@@ -32,3 +32,13 @@ Route::get('confirm/{id}/{token}', [
    'as' => 'flarum.forum.confirm',
    'uses' => $action('Flarum\Forum\Actions\ConfirmAction')
 ]);
+
+Route::get('reset/{token}', [
+    'as' => 'flarum.forum.resetPassword',
+    'uses' => $action('Flarum\Forum\Actions\ResetPasswordAction')
+]);
+
+Route::post('reset', [
+    'as' => 'flarum.forum.savePassword',
+    'uses' => $action('Flarum\Forum\Actions\SavePasswordAction')
+]);