| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  | /** | 
					
						
							|  |  |  |  * ForgotPasswordController.php | 
					
						
							| 
									
										
										
										
											2020-01-31 07:32:04 +01:00
										 |  |  |  * Copyright (c) 2019 james@firefly-iii.org | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This file is part of Firefly III (https://github.com/firefly-iii). | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  |  * it under the terms of the GNU Affero General Public License as | 
					
						
							|  |  |  |  * published by the Free Software Foundation, either version 3 of the | 
					
						
							|  |  |  |  * License, or (at your option) any later version. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is distributed in the hope that it will be useful, | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * GNU Affero General Public License for more details. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * You should have received a copy of the GNU Affero General Public License | 
					
						
							|  |  |  |  * along with this program.  If not, see <https://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2017-09-14 17:40:02 +02:00
										 |  |  | declare(strict_types=1); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | namespace FireflyIII\Http\Controllers\Auth; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  | use FireflyIII\Exceptions\FireflyException; | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | use FireflyIII\Http\Controllers\Controller; | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  | use FireflyIII\Repositories\User\UserRepositoryInterface; | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  | use FireflyIII\User; | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  | use Illuminate\Contracts\View\Factory; | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | use Illuminate\Foundation\Auth\SendsPasswordResetEmails; | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  | use Illuminate\Http\RedirectResponse; | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  | use Illuminate\Http\Request; | 
					
						
							| 
									
										
										
										
											2023-05-29 13:56:55 +02:00
										 |  |  | use Illuminate\View\View; | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  | use Psr\Container\ContainerExceptionInterface; | 
					
						
							|  |  |  | use Psr\Container\NotFoundExceptionInterface; | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-17 14:30:53 +01:00
										 |  |  | /** | 
					
						
							|  |  |  |  * Class ForgotPasswordController | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | class ForgotPasswordController extends Controller | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     use SendsPasswordResetEmails; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |      * Create a new controller instance. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function __construct() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         parent::__construct(); | 
					
						
							|  |  |  |         $this->middleware('guest'); | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-11 18:18:46 +02:00
										 |  |  |         if ('web' !== config('firefly.authentication_guard')) { | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  |             throw new FireflyException('Using external identity provider. Cannot continue.'); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Send a reset link to the given user. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-03-25 07:03:23 +01:00
										 |  |  |      * @return Factory|RedirectResponse|View | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function sendResetLinkEmail(Request $request, UserRepositoryInterface $repository) | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-10-29 06:31:27 +01:00
										 |  |  |         app('log')->info('Start of sendResetLinkEmail()'); | 
					
						
							| 
									
										
										
										
											2023-06-11 18:18:46 +02:00
										 |  |  |         if ('web' !== config('firefly.authentication_guard')) { | 
					
						
							|  |  |  |             $message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard')); | 
					
						
							| 
									
										
										
										
											2023-10-29 06:32:00 +01:00
										 |  |  |             app('log')->error($message); | 
					
						
							| 
									
										
										
										
											2019-02-13 17:38:41 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |             return view('error', compact('message')); | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2021-04-07 07:28:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |         $this->validateEmail($request); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // verify if the user is not a demo user. If so, we give him back an error.
 | 
					
						
							| 
									
										
										
										
											2023-12-20 19:35:52 +01:00
										 |  |  |         /** @var null|User $user */ | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |         $user = User::where('email', $request->get('email'))->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-02 15:10:40 +02:00
										 |  |  |         if (null !== $user && $repository->hasRole($user, 'demo')) { | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  |             return back()->withErrors(['email' => (string)trans('firefly.cannot_reset_demo_user')]); | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // We will send the password reset link to this user. Once we have attempted
 | 
					
						
							|  |  |  |         // to send the link, we will examine the response then see the message we
 | 
					
						
							|  |  |  |         // need to show to the user. Finally, we'll send out a proper response.
 | 
					
						
							| 
									
										
										
										
											2021-10-03 18:18:44 +02:00
										 |  |  |         $result = $this->broker()->sendResetLink($request->only('email')); | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |         if ('passwords.throttled' === $result) { | 
					
						
							| 
									
										
										
										
											2023-10-29 06:32:00 +01:00
										 |  |  |             app('log')->error(sprintf('Cowardly refuse to send a password reset message to user #%d because the reset button has been throttled.', $user->id)); | 
					
						
							| 
									
										
										
										
											2021-10-03 18:18:44 +02:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-03 18:18:44 +02:00
										 |  |  |         // always send the same response to the user:
 | 
					
						
							| 
									
										
										
										
											2021-08-02 20:30:26 +02:00
										 |  |  |         $response = trans('firefly.forgot_password_response'); | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-02 20:30:26 +02:00
										 |  |  |         return back()->with('status', trans($response)); | 
					
						
							| 
									
										
										
										
											2018-01-05 07:54:10 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-21 08:06:24 +02:00
										 |  |  |      * Show form for email recovery. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * @return Factory|View | 
					
						
							| 
									
										
										
										
											2023-12-20 19:35:52 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-05-24 08:54:58 +02:00
										 |  |  |      * @throws FireflyException | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  |      * @throws ContainerExceptionInterface | 
					
						
							|  |  |  |      * @throws NotFoundExceptionInterface | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function showLinkRequestForm() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-06-11 18:18:46 +02:00
										 |  |  |         if ('web' !== config('firefly.authentication_guard')) { | 
					
						
							|  |  |  |             $message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard')); | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |             return view('error', compact('message')); | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  |         // is allowed to?
 | 
					
						
							| 
									
										
										
										
											2019-02-13 17:38:41 +01:00
										 |  |  |         $singleUserMode    = app('fireflyconfig')->get('single_user_mode', config('firefly.configuration.single_user_mode'))->data; | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  |         $userCount         = User::count(); | 
					
						
							|  |  |  |         $allowRegistration = true; | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  |         $pageTitle         = (string)trans('firefly.forgot_pw_page_title'); | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  |         if (true === $singleUserMode && $userCount > 0) { | 
					
						
							|  |  |  |             $allowRegistration = false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |         return view('auth.passwords.email')->with(compact('allowRegistration', 'pageTitle')); | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | } |