|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace Cortex\Auth\Http\Requests\Adminarea; |
|
6
|
|
|
|
|
7
|
|
|
use Rinvex\Auth\Contracts\PasswordResetBrokerContract; |
|
8
|
|
|
|
|
9
|
|
|
class PasswordResetProcessRequest extends PasswordResetRequest |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* Configure the validator instance. |
|
13
|
|
|
* |
|
14
|
|
|
* @param \Illuminate\Validation\Validator $validator |
|
15
|
|
|
* |
|
16
|
|
|
* @return void |
|
17
|
|
|
*/ |
|
18
|
|
|
public function withValidator($validator): void |
|
19
|
|
|
{ |
|
20
|
|
|
$credentials = $this->only('email', 'expiration', 'token'); |
|
21
|
|
|
$passwordResetBroker = app('auth.password')->broker($this->route('passwordResetBroker')); |
|
22
|
|
|
|
|
23
|
|
|
$validator->after(function ($validator) use ($passwordResetBroker, $credentials) { |
|
24
|
|
|
if (! ($user = $passwordResetBroker->getUser($credentials))) { |
|
25
|
|
|
$validator->errors()->add('email', trans('cortex/auth::'.PasswordResetBrokerContract::INVALID_USER)); |
|
26
|
|
|
} |
|
27
|
|
|
|
|
28
|
|
|
if ($user && ! $passwordResetBroker->validateToken($user, $credentials)) { |
|
29
|
|
|
$validator->errors()->add('email', trans('cortex/auth::'.PasswordResetBrokerContract::INVALID_TOKEN)); |
|
30
|
|
|
} |
|
31
|
|
|
|
|
32
|
|
|
if (! $passwordResetBroker->validateTimestamp($credentials['expiration'])) { |
|
33
|
|
|
$validator->errors()->add('email', trans('cortex/auth::'.PasswordResetBrokerContract::EXPIRED_TOKEN)); |
|
34
|
|
|
} |
|
35
|
|
|
}); |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
|
|
/** |
|
39
|
|
|
* Get the validation rules that apply to the request. |
|
40
|
|
|
* |
|
41
|
|
|
* @return array |
|
42
|
|
|
*/ |
|
43
|
|
|
public function rules(): array |
|
44
|
|
|
{ |
|
45
|
|
|
return [ |
|
46
|
|
|
// Do not validate `token` here since at this stage we can NOT generate viewable error, |
|
47
|
|
|
// and it is been processed in the controller through PasswordResetBroker anyway |
|
48
|
|
|
//'token' => 'required|regex:/^([0-9a-f]*)$/', |
|
|
|
|
|
|
49
|
|
|
'email' => 'required|email|min:3|max:150|exists:'.config('cortex.auth.tables.admins').',email', |
|
50
|
|
|
]; |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
|
|
/** |
|
54
|
|
|
* {@inheritdoc} |
|
55
|
|
|
*/ |
|
56
|
|
|
protected function getRedirectUrl() |
|
57
|
|
|
{ |
|
58
|
|
|
return $this->redirector->getUrlGenerator()->route('adminarea.passwordreset.request'); |
|
59
|
|
|
} |
|
60
|
|
|
} |
|
61
|
|
|
|
rinvex /
cortex-auth
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.