invoiceninja/app/Http/Controllers/Auth/ResetPasswordController.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://www.elastic.co/licensing/elastic-license
 */

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Libraries\MultiDB;
use App\Models\Account;
use App\Models\Company;
use App\Utils\Ninja;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;

class ResetPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset requests
    | and uses a simple trait to include this behavior. You're free to
    | explore this trait and override any methods you wish to tweak.
    |
    */

    use ResetsPasswords;

    /**
     * Where to redirect users after resetting their password.
     *
     * @var string
     */
    protected $redirectTo = '/';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }

    public function showResetForm(Request $request, $token = null)
    {
        $company = false;

        if (Ninja::isHosted()) {
            MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));
            /** @var \App\Models\Company $company **/
            $company = Company::where('company_key', $request->session()->get('company_key'))->first();
        }

        if ($company) {
            $account = $company->account;
        } else {
            $account = Account::first();
        }

        
        return $this->render('auth.passwords.reset', ['root' => 'themes', 'token' => $token, 'account' => $account, 'email' => $request->email]);
    }

    /**
     * Reset the given user's password.
     *
     * @param Request $request
     * @return RedirectResponse|JsonResponse
     * @throws \Illuminate\Validation\ValidationException
     */
    public function reset(Request $request)
    {
        $request->validate($this->rules(), $this->validationErrorMessages());

        // Here we will attempt to reset the user's password. If it is successful we
        // will update the password on an actual user model and persist it to the
        // database. Otherwise we will parse the error and return the response.
        $response = $this->broker()->reset(
            $this->credentials($request),
            function ($user, $password) {
                $this->resetPassword($user, $password);
            }
        );

        // Added this because it collides the session between
        // client & main portal giving unlimited redirects.
        auth()->logout();

        // If the password was successfully reset, we will redirect the user back to
        // the application's home authenticated view. If there is an error we can
        // redirect them back to where they came from with their error message.
        return $response == Password::PASSWORD_RESET
            ? $this->sendResetResponse($request, $response)
            : $this->sendResetFailedResponse($request, $response);
    }

    public function afterReset()
    {
        auth()->logout();

        if(request()->has('react') || request()->hasHeader('X-React'))
            return redirect(config('ninja.react_url').'/#/login');

        return redirect('/');
    }

    /**
     * Get the response for a successful password reset.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  string  $response
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
     */
    protected function sendResetResponse(Request $request, $response)
    {
        if ($request->wantsJson()) {
            return new JsonResponse(['message' => trans($response)], 200);
        }

        if($request->hasHeader('X-REACT') || $request->has('react')){
            return redirect(config('ninja.react_url').'/#/login');
        }
        else
            return redirect('/#/login');    

        return redirect($this->redirectPath())
                            ->with('status', trans($response));
    }

}
Initial commit 2018-10-04 19:10:43 +02:00			`<?php`
Update copyright 2019-05-11 05:32:07 +02:00			`/**`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00			`* Invoice Ninja (https://invoiceninja.com).`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright year 2023-01-28 23:21:40 +01:00			`* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)`
Update copyright 2019-05-11 05:32:07 +02:00			`*`
Update license in codebase 2021-06-16 08:58:16 +02:00			`* @license https://www.elastic.co/licensing/elastic-license`
Update copyright 2019-05-11 05:32:07 +02:00			`*/`
Initial commit 2018-10-04 19:10:43 +02:00
			`namespace App\Http\Controllers\Auth;`

			`use App\Http\Controllers\Controller;`
Refactor client portal authentication 2021-12-09 11:50:29 +01:00			`use App\Libraries\MultiDB;`
fixes for password reset screen 2021-06-01 01:02:30 +02:00			`use App\Models\Account;`
Refactor client portal authentication 2021-12-09 11:50:29 +01:00			`use App\Models\Company;`
Minor Fixes 2022-01-17 11:22:10 +01:00			`use App\Utils\Ninja;`
Initial commit 2018-10-04 19:10:43 +02:00			`use Illuminate\Foundation\Auth\ResetsPasswords;`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`use Illuminate\Http\JsonResponse;`
			`use Illuminate\Http\RedirectResponse;`
(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Password;`
Initial commit 2018-10-04 19:10:43 +02:00
			`class ResetPasswordController extends Controller`
			`{`
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Password Reset Controller`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This controller is responsible for handling password reset requests`
			`\| and uses a simple trait to include this behavior. You're free to`
			`\| explore this trait and override any methods you wish to tweak.`
			`\|`
			`*/`

			`use ResetsPasswords;`

			`/**`
			`* Where to redirect users after resetting their password.`
			`*`
			`* @var string`
			`*/`
(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00			`protected $redirectTo = '/';`
Initial commit 2018-10-04 19:10:43 +02:00
			`/**`
			`* Create a new controller instance.`
			`*`
			`* @return void`
			`*/`
			`public function __construct()`
			`{`
			`$this->middleware('guest');`
			`}`
(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00
			`public function showResetForm(Request $request, $token = null)`
			`{`
Minor Fixes 2022-01-17 11:22:10 +01:00			`$company = false;`

Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`if (Ninja::isHosted()) {`
Minor Fixes 2022-01-17 11:22:10 +01:00			`MultiDB::findAndSetDbByCompanyKey($request->session()->get('company_key'));`
Updates for Static Analysis 2023-08-04 08:40:44 +02:00			`/ @var \App\Models\Company $company /`
Minor Fixes 2022-01-17 11:22:10 +01:00			`$company = Company::where('company_key', $request->session()->get('company_key'))->first();`
			`}`
fixes for password reset for admin 2021-12-10 03:10:02 +01:00
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`if ($company) {`
fixes for password reset for admin 2021-12-10 03:10:02 +01:00			`$account = $company->account;`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`} else {`
fixes for password reset for admin 2021-12-10 03:10:02 +01:00			`$account = Account::first();`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`}`

Fixes for correct redirects 2023-10-02 08:20:26 +02:00
Redirect to the appropriate AP depending on headers 2023-06-04 08:11:40 +02:00			`return $this->render('auth.passwords.reset', ['root' => 'themes', 'token' => $token, 'account' => $account, 'email' => $request->email]);`
(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00			`}`

			`/**`
			`* Reset the given user's password.`
			`*`
Psalm cleanup 2020-10-28 11:10:49 +01:00			`* @param Request $request`
			`* @return RedirectResponse\|JsonResponse`
			`* @throws \Illuminate\Validation\ValidationException`
(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00			`*/`
			`public function reset(Request $request)`
			`{`
			`$request->validate($this->rules(), $this->validationErrorMessages());`

			`// Here we will attempt to reset the user's password. If it is successful we`
			`// will update the password on an actual user model and persist it to the`
			`// database. Otherwise we will parse the error and return the response.`
			`$response = $this->broker()->reset(`
Fixes for self-update (#3514) * minor fix for payment notifications * styleci * Limit Self updating to self hosters only : * Fixes for designs * Minor fixes for self-update 2020-03-21 06:37:30 +01:00			`$this->credentials($request),`
			`function ($user, $password) {`
			`$this->resetPassword($user, $password);`
			`}`
(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00			`);`

			`// Added this because it collides the session between`
			`// client & main portal giving unlimited redirects.`
			`auth()->logout();`

			`// If the password was successfully reset, we will redirect the user back to`
			`// the application's home authenticated view. If there is an error we can`
			`// redirect them back to where they came from with their error message.`
			`return $response == Password::PASSWORD_RESET`
			`? $this->sendResetResponse($request, $response)`
			`: $this->sendResetFailedResponse($request, $response);`
			`}`

			`public function afterReset()`
			`{`
			`auth()->logout();`

Fixes for correct redirects 2023-10-02 08:20:26 +02:00			`if(request()->has('react') \|\| request()->hasHeader('X-React'))`
			`return redirect(config('ninja.react_url').'/#/login');`

(Daily sync) Password reset pages & client portal rework (#3492) * Dependency clearing * Tailwind & templates cleanup * Password reset pages & more features: - New $this->render() method - Password reset pages - Tailwind CSS scaffold - New styles for buttons, inputs, alerts - Changed to shorthand syntax for language file (en) - Added app.css and app.js which will be main endpoint - Added new 'theme' field inside of ninja.php - Scaffold for 'ninja2020' theme: both client and global theme - Ignoring local builds of assets, until purgeCSS is there - Overall cleanup * Switch back default template to 'default' * Remove app.css build * Fix Codacy * Fix Codacy 'doublequote' issues 2020-03-13 22:17:08 +01:00			`return redirect('/');`
			`}`
Redirect to the appropriate AP depending on headers 2023-06-04 08:11:40 +02:00
			`/**`
			`* Get the response for a successful password reset.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param string $response`
			`* @return \Illuminate\Http\RedirectResponse\|\Illuminate\Http\JsonResponse`
			`*/`
			`protected function sendResetResponse(Request $request, $response)`
			`{`
			`if ($request->wantsJson()) {`
			`return new JsonResponse(['message' => trans($response)], 200);`
			`}`

Fixes for correct redirects 2023-10-02 08:20:26 +02:00			`if($request->hasHeader('X-REACT') \|\| $request->has('react')){`
Fixes for correct redirects 2023-10-02 07:31:14 +02:00			`return redirect(config('ninja.react_url').'/#/login');`
Redirect to the appropriate AP depending on headers 2023-06-04 08:11:40 +02:00			`}`
Fixes for correct redirects 2023-10-02 08:20:26 +02:00			`else`
Redirect to the appropriate AP depending on headers 2023-06-04 08:11:40 +02:00			`return redirect('/#/login');`

			`return redirect($this->redirectPath())`
			`->with('status', trans($response));`
			`}`

Initial commit 2018-10-04 19:10:43 +02:00			`}`