|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace yrc\api\actions; |
|
4
|
|
|
|
|
5
|
|
|
use app\forms\ResetPassword; |
|
6
|
|
|
use yrc\rest\Action as RestAction; |
|
7
|
|
|
use yrc\api\models\Code; |
|
8
|
|
|
|
|
9
|
|
|
use yii\web\HttpException; |
|
10
|
|
|
use Yii; |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* @class ResetPasswordAction |
|
14
|
|
|
* Handles token refresh |
|
15
|
|
|
*/ |
|
16
|
|
|
class ResetPasswordAction extends RestAction |
|
17
|
|
|
{ |
|
18
|
|
|
const SCENARIO_TOKENIZED = 'tokenized'; |
|
19
|
|
|
const SCENARIO_AUTHENTICATED = 'authenticated'; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* The ResetPassword scenario to use |
|
23
|
|
|
* @var string $scenario |
|
24
|
|
|
*/ |
|
25
|
|
|
public $scenario; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* Reset password flow |
|
29
|
|
|
* @param array $params |
|
30
|
|
|
* @return boolean |
|
31
|
|
|
*/ |
|
32
|
|
|
public static function post($params) |
|
33
|
|
|
{ |
|
34
|
|
|
static $form; |
|
35
|
|
|
if ($params['class']['scenario'] === null || $params['class']['scenario'] === static::SCENARIO_TOKENIZED) { |
|
36
|
|
|
$token = Yii::$app->request->get('reset_token', false); |
|
37
|
|
|
|
|
38
|
|
|
// Determine the correct scenario to use based upon the reset token |
|
39
|
|
|
if ($token === false) { |
|
40
|
|
|
$form = new ResetPassword(['scenario' => ResetPassword::SCENARIO_INIT]); |
|
41
|
|
|
} else { |
|
42
|
|
|
$form = new ResetPassword(['scenario' => ResetPassword::SCENARIO_RESET]); |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
// If the user is authenticated, populate the model |
|
46
|
|
|
if (!Yii::$app->user->isGuest) { |
|
47
|
|
|
$user = Yii::$app->yrc->userClass::findOne(['id' => Yii::$app->user->id]); |
|
48
|
|
|
$form->setUser($user); |
|
49
|
|
|
} else { |
|
50
|
|
|
$form->email = Yii::$app->request->post('email', null); |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
|
|
$form->reset_token = Yii::$app->request->get('reset_token', null); |
|
54
|
|
|
} elseif ($params['class']['scenario'] === static::SCENARIO_AUTHENTICATED) { |
|
55
|
|
|
if (Yii::$app->user->isGuest) { |
|
56
|
|
|
throw new HttpException(400, Yii::t('yrc', 'You must be authenticated to reset your password')); |
|
57
|
|
|
return; |
|
|
|
|
|
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
$form = new ResetPassword(['scenario' => ResetPassword::SCENARIO_RESET_AUTHENTICATED]); |
|
61
|
|
|
$form->user_id = Yii::$app->user->id; |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
// Load the model using the helper method |
|
65
|
|
|
if (self::load($form, Yii::$app->request->post())) { |
|
66
|
|
|
// If the form is valid, reset the password |
|
67
|
|
|
if ($form->validate()) { |
|
68
|
|
|
return $form->reset(); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
// If a password reset was requested, (init) return true ALWAYS |
|
72
|
|
|
if ($form->getScenario() === ResetPassword::SCENARIO_INIT) { |
|
73
|
|
|
return true; |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
throw new HttpException(400, \json_encode($form->getErrors())); |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
return false; |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
private static function load(&$form, $attributes) |
|
83
|
|
|
{ |
|
84
|
|
|
foreach ($attributes as $k => $v) { |
|
85
|
|
|
if (property_exists($form, $k)) { |
|
86
|
|
|
$form->$k = $v; |
|
87
|
|
|
} |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
return $form; |
|
91
|
|
|
} |
|
92
|
|
|
} |
charlesportwoodii /
yii2-api-rest-components
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of
return,dieorexitstatements that have been added for debug purposes.In the above example, the last
return falsewill never be executed, because a return statement has already been met in every possible execution path.