| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  | /** | 
					
						
							|  |  |  |  * ResetPasswordController.php | 
					
						
							| 
									
										
										
										
											2020-01-31 07:32:04 +01:00
										 |  |  |  * Copyright (c) 2019 james@firefly-iii.org | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This file is part of Firefly III (https://github.com/firefly-iii). | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  |  * it under the terms of the GNU Affero General Public License as | 
					
						
							|  |  |  |  * published by the Free Software Foundation, either version 3 of the | 
					
						
							|  |  |  |  * License, or (at your option) any later version. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is distributed in the hope that it will be useful, | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * GNU Affero General Public License for more details. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * You should have received a copy of the GNU Affero General Public License | 
					
						
							|  |  |  |  * along with this program.  If not, see <https://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2017-09-14 17:40:02 +02:00
										 |  |  | declare(strict_types=1); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | namespace FireflyIII\Http\Controllers\Auth; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  | use FireflyIII\Exceptions\FireflyException; | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | use FireflyIII\Http\Controllers\Controller; | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  | use FireflyIII\User; | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  | use Illuminate\Contracts\View\Factory; | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | use Illuminate\Foundation\Auth\ResetsPasswords; | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  | use Illuminate\Http\JsonResponse; | 
					
						
							|  |  |  | use Illuminate\Http\RedirectResponse; | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  | use Illuminate\Http\Request; | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  | use Illuminate\Support\Facades\Password; | 
					
						
							| 
									
										
										
										
											2021-03-21 09:15:40 +01:00
										 |  |  | use Illuminate\Validation\ValidationException; | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  | use Illuminate\View\View; | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-17 14:30:53 +01:00
										 |  |  | /** | 
					
						
							|  |  |  |  * Class ResetPasswordController | 
					
						
							| 
									
										
										
										
											2017-12-17 18:23:10 +01:00
										 |  |  |  * | 
					
						
							|  |  |  |  * This controller is responsible for handling password reset requests | 
					
						
							|  |  |  |  * and uses a simple trait to include this behavior. You're free to | 
					
						
							|  |  |  |  * explore this trait and override any methods you wish to tweak. | 
					
						
							| 
									
										
										
										
											2017-12-17 14:30:53 +01:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | class ResetPasswordController extends Controller | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     use ResetsPasswords; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-09-09 22:03:27 +02:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Where to redirect users after resetting their password. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @var string | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected $redirectTo = '/home'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Create a new controller instance. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function __construct() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-09-16 07:17:58 +02:00
										 |  |  |         parent::__construct(); | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  |         $this->middleware('guest'); | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-11 18:18:46 +02:00
										 |  |  |         if ('web' !== config('firefly.authentication_guard')) { | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  |             throw new FireflyException('Using external identity provider. Cannot continue.'); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-01-02 17:25:59 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Reset the given user's password. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-08-14 09:59:56 +02:00
										 |  |  |      * @return Factory|JsonResponse|RedirectResponse|View | 
					
						
							| 
									
										
										
										
											2020-03-25 07:03:23 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2023-12-20 19:35:52 +01:00
										 |  |  |      * @throws ValidationException | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function reset(Request $request) | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-06-11 18:18:46 +02:00
										 |  |  |         if ('web' !== config('firefly.authentication_guard')) { | 
					
						
							|  |  |  |             $message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard')); | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |             return view('error', compact('message')); | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2024-02-17 08:18:49 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-01-01 14:43:56 +01:00
										 |  |  |         $rules    = [ | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |             'token'    => 'required', | 
					
						
							|  |  |  |             'email'    => 'required|email', | 
					
						
							| 
									
										
										
										
											2020-03-06 18:22:44 +01:00
										 |  |  |             'password' => 'required|confirmed|min:16|secure_password', | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->validate($request, $rules, $this->validationErrorMessages()); | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Here we will attempt to reset the user's password. If it is successful we
 | 
					
						
							|  |  |  |         // will update the password on an actual user model and persist it to the
 | 
					
						
							| 
									
										
										
										
											2024-02-17 08:18:49 +01:00
										 |  |  |         // database. Otherwise, we will parse the error and return the response.
 | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |         $response = $this->broker()->reset( | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |             $this->credentials($request), | 
					
						
							| 
									
										
										
										
											2023-12-21 05:07:26 +01:00
										 |  |  |             function ($user, $password): void { | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |                 $this->resetPassword($user, $password); | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |         ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // If the password was successfully reset, we will redirect the user back to
 | 
					
						
							|  |  |  |         // the application's home authenticated view. If there is an error we can
 | 
					
						
							|  |  |  |         // redirect them back to where they came from with their error message.
 | 
					
						
							| 
									
										
										
										
											2023-12-20 19:35:52 +01:00
										 |  |  |         return Password::PASSWORD_RESET === $response | 
					
						
							| 
									
										
										
										
											2018-10-13 15:06:56 +02:00
										 |  |  |             ? $this->sendResetResponse($request, $response) | 
					
						
							|  |  |  |             : $this->sendResetFailedResponse($request, $response); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-11-25 11:31:02 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |      * Display the password reset view for the given token. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * If no token is present, display the link request form. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2023-12-20 19:35:52 +01:00
										 |  |  |      * @param null $token | 
					
						
							| 
									
										
										
										
											2018-11-25 11:31:02 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * @return Factory|View | 
					
						
							| 
									
										
										
										
											2023-12-20 19:35:52 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-05-24 08:54:58 +02:00
										 |  |  |      * @throws FireflyException | 
					
						
							| 
									
										
										
										
											2018-11-25 11:31:02 +01:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2022-12-31 07:33:44 +01:00
										 |  |  |     public function showResetForm(Request $request, $token = null) | 
					
						
							| 
									
										
										
										
											2018-11-25 11:31:02 +01:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-06-11 18:18:46 +02:00
										 |  |  |         if ('web' !== config('firefly.authentication_guard')) { | 
					
						
							|  |  |  |             $message = sprintf('Cannot reset password when authenticating over "%s".', config('firefly.authentication_guard')); | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |             return view('error', compact('message')); | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // is allowed to register?
 | 
					
						
							| 
									
										
										
										
											2019-02-13 17:38:41 +01:00
										 |  |  |         $singleUserMode    = app('fireflyconfig')->get('single_user_mode', config('firefly.configuration.single_user_mode'))->data; | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |         $userCount         = User::count(); | 
					
						
							|  |  |  |         $allowRegistration = true; | 
					
						
							| 
									
										
										
										
											2022-12-29 19:41:57 +01:00
										 |  |  |         $pageTitle         = (string)trans('firefly.reset_pw_page_title'); | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |         if (true === $singleUserMode && $userCount > 0) { | 
					
						
							|  |  |  |             $allowRegistration = false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |         return view('auth.passwords.reset')->with( | 
					
						
							| 
									
										
										
										
											2018-12-31 07:58:13 +01:00
										 |  |  |             ['token' => $token, 'email' => $request->email, 'allowRegistration' => $allowRegistration, 'pageTitle' => $pageTitle] | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2018-11-25 11:31:02 +01:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-09-16 06:19:40 +02:00
										 |  |  | } |