url = $url; $this->authenticator = $authenticator; $this->validator = $validator; $this->validatorFactory = $validatorFactory; $this->events = $events; } /** * @param Request $request * @return ResponseInterface */ public function handle(Request $request): ResponseInterface { $input = $request->getParsedBody(); $token = PasswordToken::findOrFail(Arr::get($input, 'passwordToken')); $password = Arr::get($input, 'password'); try { // todo: probably shouldn't use the user validator for this, // passwords should be validated separately $this->validator->assertValid(compact('password')); $validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']); if ($validator->fails()) { throw new ValidationException($validator); } } catch (ValidationException $e) { $request->getAttribute('session')->put('errors', new MessageBag($e->errors())); return new RedirectResponse($this->url->to('forum')->route('resetPassword', ['token' => $token->token])); } $token->user->changePassword($password); $token->user->save(); $this->dispatchEventsFor($token->user); $token->delete(); $session = $request->getAttribute('session'); $this->authenticator->logIn($session, $token->user->id); return new RedirectResponse($this->url->to('forum')->base()); } }