firefly-iii/app/Http/Controllers/Auth/ResetPasswordController.php

<?php

/**
 * ResetPasswordController.php
 * Copyright (c) 2019 james@firefly-iii.org
 *
 * This file is part of Firefly III (https://github.com/firefly-iii).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
declare(strict_types=1);

namespace FireflyIII\Http\Controllers\Auth;

use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Http\Controllers\Controller;
use FireflyIII\User;
use Illuminate\Contracts\View\Factory;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
use Illuminate\Validation\ValidationException;
use Illuminate\View\View;

/**
 * Class ResetPasswordController
 *
 * This controller is responsible for handling password reset requests
 * and uses a simple trait to include this behavior. You're free to
 * explore this trait and override any methods you wish to tweak.
 */
class ResetPasswordController extends Controller
{
    use ResetsPasswords;

    /**
     * Where to redirect users after resetting their password.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Create a new controller instance.
     */
    public function __construct()
    {
        parent::__construct();
        $this->middleware('guest');

        if ('web' !== config('firefly.authentication_guard')) {
            throw new FireflyException('Using external identity provider. Cannot continue.');
        }
    }

    /**
     * Reset the given user's password.
     *
     * @return Factory|JsonResponse|RedirectResponse|View
     *
     * @throws ValidationException
     */
    public function reset(Request $request)
    {
        if ('web' !== config('firefly.authentication_guard')) {
            $message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard'));

            return view('error', compact('message'));
        }

        $rules    = [
            'token'    => 'required',
            'email'    => 'required|email',
            'password' => 'required|confirmed|min:16|secure_password',
        ];

        $this->validate($request, $rules, $this->validationErrorMessages());

        // Here we will attempt to reset the user's password. If it is successful we
        // will update the password on an actual user model and persist it to the
        // database. Otherwise, we will parse the error and return the response.
        $response = $this->broker()->reset(
            $this->credentials($request),
            function ($user, $password): void {
                $this->resetPassword($user, $password);
            }
        );

        // If the password was successfully reset, we will redirect the user back to
        // the application's home authenticated view. If there is an error we can
        // redirect them back to where they came from with their error message.
        return Password::PASSWORD_RESET === $response
            ? $this->sendResetResponse($request, $response)
            : $this->sendResetFailedResponse($request, $response);
    }

    /**
     * Display the password reset view for the given token.
     *
     * If no token is present, display the link request form.
     *
     * @param null $token
     *
     * @return Factory|View
     *
     * @throws FireflyException
     */
    public function showResetForm(Request $request, $token = null)
    {
        if ('web' !== config('firefly.authentication_guard')) {
            $message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard'));

            return view('error', compact('message'));
        }

        // is allowed to register?
        $singleUserMode    = app('fireflyconfig')->get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;
        $userCount         = User::count();
        $allowRegistration = true;
        $pageTitle         = (string)trans('firefly.reset_pw_page_title');
        if (true === $singleUserMode && $userCount > 0) {
            $allowRegistration = false;
        }

        return view('auth.passwords.reset')->with(
            ['token' => $token, 'email' => $request->email, 'allowRegistration' => $allowRegistration, 'pageTitle' => $pageTitle]
        );
    }
}
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`<?php`
Various PSR12 code cleanup 2022-12-29 19:41:57 +01:00
New copyright notice. 2017-10-21 08:40:00 +02:00			`/**`
			`* ResetPasswordController.php`
Update email address 2020-01-31 07:32:04 +01:00			`* Copyright (c) 2019 james@firefly-iii.org`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This file is part of Firefly III (https://github.com/firefly-iii).`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is distributed in the hope that it will be useful,`
New copyright notice. 2017-10-21 08:40:00 +02:00			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* GNU Affero General Public License for more details.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
New copyright notice. 2017-10-21 08:40:00 +02:00			`*/`
Various code cleanup. 2017-09-14 17:40:02 +02:00			`declare(strict_types=1);`

First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`namespace FireflyIII\Http\Controllers\Auth;`

Fix #3586 2020-08-14 09:59:56 +02:00			`use FireflyIII\Exceptions\FireflyException;`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`use FireflyIII\Http\Controllers\Controller;`
Internationalise several forms for #1090 2018-01-02 17:25:59 +01:00			`use FireflyIII\User;`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:01:00 +01:00			`use Illuminate\Contracts\View\Factory;`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`use Illuminate\Foundation\Auth\ResetsPasswords;`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:01:00 +01:00			`use Illuminate\Http\JsonResponse;`
			`use Illuminate\Http\RedirectResponse;`
Internationalise several forms for #1090 2018-01-02 17:25:59 +01:00			`use Illuminate\Http\Request;`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`use Illuminate\Support\Facades\Password;`
Code cleanup 2021-03-21 09:15:40 +01:00			`use Illuminate\Validation\ValidationException;`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:01:00 +01:00			`use Illuminate\View\View;`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00
Expand tests, do code cleanup. 2017-12-17 14:30:53 +01:00			`/**`
			`* Class ResetPasswordController`
Expand test code. 2017-12-17 18:23:10 +01:00			`*`
			`* This controller is responsible for handling password reset requests`
			`* and uses a simple trait to include this behavior. You're free to`
			`* explore this trait and override any methods you wish to tweak.`
Expand tests, do code cleanup. 2017-12-17 14:30:53 +01:00			`*/`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`class ResetPasswordController extends Controller`
			`{`
			`use ResetsPasswords;`

Authentication in separate commit. 2017-09-09 22:03:27 +02:00			`/**`
			`* Where to redirect users after resetting their password.`
			`*`
			`* @var string`
			`*/`
			`protected $redirectTo = '/home';`

First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`/**`
			`* Create a new controller instance.`
			`*/`
			`public function __construct()`
			`{`
Various code cleanup 2017-09-16 07:17:58 +02:00			`parent::__construct();`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`$this->middleware('guest');`
Fix #3586 2020-08-14 09:59:56 +02:00
Release v6.0.13 fixes an issue with the authentication controllers. 2023-06-11 18:18:46 +02:00			`if ('web' !== config('firefly.authentication_guard')) {`
Fix #3586 2020-08-14 09:59:56 +02:00			`throw new FireflyException('Using external identity provider. Cannot continue.');`
			`}`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`}`
Internationalise several forms for #1090 2018-01-02 17:25:59 +01:00
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`/**`
			`* Reset the given user's password.`
			`*`
Fix #3586 2020-08-14 09:59:56 +02:00			`* @return Factory\|JsonResponse\|RedirectResponse\|View`
Update some phpdocs, courtesy of Psalm. 2020-03-25 07:03:23 +01:00			`*`
Code cleanup. 2023-12-20 19:35:52 +01:00			`* @throws ValidationException`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`*/`
			`public function reset(Request $request)`
			`{`
Release v6.0.13 fixes an issue with the authentication controllers. 2023-06-11 18:18:46 +02:00			`if ('web' !== config('firefly.authentication_guard')) {`
			`$message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard'));`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00
Remove reference to a method no longer used. 2022-01-29 14:11:12 +01:00			`return view('error', compact('message'));`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`}`
Add host header validation 2024-02-17 08:18:49 +01:00
Various code cleanup and fixed alignments. 2024-01-01 14:43:56 +01:00			`$rules = [`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`'token' => 'required',`
			`'email' => 'required\|email',`
Push minimum password length to 16 characters. 2020-03-06 18:22:44 +01:00			`'password' => 'required\|confirmed\|min:16\|secure_password',`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`];`

			`$this->validate($request, $rules, $this->validationErrorMessages());`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00
			`// Here we will attempt to reset the user's password. If it is successful we`
			`// will update the password on an actual user model and persist it to the`
Add host header validation 2024-02-17 08:18:49 +01:00			`// database. Otherwise, we will parse the error and return the response.`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`$response = $this->broker()->reset(`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:01:00 +01:00			`$this->credentials($request),`
Fix code 2023-12-21 05:07:26 +01:00			`function ($user, $password): void {`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:01:00 +01:00			`$this->resetPassword($user, $password);`
			`}`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`);`

			`// If the password was successfully reset, we will redirect the user back to`
			`// the application's home authenticated view. If there is an error we can`
			`// redirect them back to where they came from with their error message.`
Code cleanup. 2023-12-20 19:35:52 +01:00			`return Password::PASSWORD_RESET === $response`
Initial code for LDAP authentication. 2018-10-13 15:06:56 +02:00			`? $this->sendResetResponse($request, $response)`
			`: $this->sendResetFailedResponse($request, $response);`
			`}`

New views for password reset, login and other user forms. 2018-11-25 11:31:02 +01:00			`/**`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`* Display the password reset view for the given token.`
			`*`
			`* If no token is present, display the link request form.`
			`*`
Code cleanup. 2023-12-20 19:35:52 +01:00			`* @param null $token`
New views for password reset, login and other user forms. 2018-11-25 11:31:02 +01:00			`*`
Code cleanup that (hopefully) matches style CI 2020-03-17 15:01:00 +01:00			`* @return Factory\|View`
Code cleanup. 2023-12-20 19:35:52 +01:00			`*`
Various code cleanup. 2021-05-24 08:54:58 +02:00			`* @throws FireflyException`
New views for password reset, login and other user forms. 2018-11-25 11:31:02 +01:00			`*/`
Clean up some code 2022-12-31 07:33:44 +01:00			`public function showResetForm(Request $request, $token = null)`
New views for password reset, login and other user forms. 2018-11-25 11:31:02 +01:00			`{`
Release v6.0.13 fixes an issue with the authentication controllers. 2023-06-11 18:18:46 +02:00			`if ('web' !== config('firefly.authentication_guard')) {`
			`$message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard'));`
Refactor code to traits. 2018-12-31 07:58:13 +01:00
Remove reference to a method no longer used. 2022-01-29 14:11:12 +01:00			`return view('error', compact('message'));`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`}`

			`// is allowed to register?`
Code cleaning stuff. 2019-02-13 17:38:41 +01:00			`$singleUserMode = app('fireflyconfig')->get('single_user_mode', config('firefly.configuration.single_user_mode'))->data;`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`$userCount = User::count();`
			`$allowRegistration = true;`
Various PSR12 code cleanup 2022-12-29 19:41:57 +01:00			`$pageTitle = (string)trans('firefly.reset_pw_page_title');`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`if (true === $singleUserMode && $userCount > 0) {`
			`$allowRegistration = false;`
			`}`

Remove reference to a method no longer used. 2022-01-29 14:11:12 +01:00			`return view('auth.passwords.reset')->with(`
Refactor code to traits. 2018-12-31 07:58:13 +01:00			`['token' => $token, 'email' => $request->email, 'allowRegistration' => $allowRegistration, 'pageTitle' => $pageTitle]`
			`);`
New views for password reset, login and other user forms. 2018-11-25 11:31:02 +01:00			`}`
First set of upgrade to 5.3 stuff. 2016-09-16 06:19:40 +02:00			`}`