1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-08 20:22:42 +01:00

Fix client password reset

This commit is contained in:
Hillel Coren 2018-01-11 11:27:23 +02:00
parent 4fcf275255
commit b838dad1e8
4 changed files with 34 additions and 13 deletions

View File

@ -4,7 +4,9 @@ namespace App\Http\Controllers\ClientAuth;
use Password;
use Config;
use Utils;
use App\Models\Contact;
use App\Models\Account;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
@ -45,10 +47,6 @@ class ForgotPasswordController extends Controller
'clientauth' => true,
];
if (! session('contact_key')) {
return \Redirect::to('/client/session_expired');
}
return view('clientauth.passwords.email')->with($data);
}
@ -61,15 +59,33 @@ class ForgotPasswordController extends Controller
*/
public function sendResetLinkEmail(Request $request)
{
$contactId = null;
$contactKey = session('contact_key');
if ($contactKey) {
$contact = Contact::where('contact_key', '=', $contactKey)->first();
if ($contact && ! $contact->is_deleted && $contact->email) {
$contactId = $contact->id;
// resolve the email to a contact/account
$account = false;
if (! Utils::isNinja() && Account::count() == 1) {
$account = Account::first();
} elseif ($accountKey = request()->account_key) {
$account = Account::whereAccountKey($accountKey)->first();
} else {
$subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
if ($subdomain && $subdomain != 'app') {
$account = Account::whereSubdomain($subdomain)->first();
}
}
if (! $account || ! request()->email) {
return $this->sendResetLinkFailedResponse($request, Password::INVALID_USER);
}
$contact = Contact::where('email', '=', request()->email)
->where('account_id', '=', $account->id)
->first();
if ($contact) {
$contactId = $contact->id;
} else {
return $this->sendResetLinkFailedResponse($request, Password::INVALID_USER);
}
$response = $this->broker()->sendResetLink(['id' => $contactId], function (Message $message) {
$message->subject($this->getEmailSubject());
});

View File

@ -98,7 +98,7 @@ class LoginController extends Controller
$account = Account::whereAccountKey($accountKey)->first();
} else {
$subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
if ($subdomain != 'app') {
if ($subdomain && $subdomain != 'app') {
$account = Account::whereSubdomain($subdomain)->first();
}
}

View File

@ -50,7 +50,7 @@
<div class="row meta">
<div class="col-md-12 col-sm-12" style="text-align:center;padding-top:8px;">
{!! link_to('/client/recover_password', trans('texts.recover_password')) !!}
{!! link_to('/client/recover_password' . (request()->account_key ? '?account_key=' . request()->account_key : ''), trans('texts.recover_password')) !!}
</div>
</div>
{!! Former::close() !!}

View File

@ -3,7 +3,9 @@
@section('form')
@include('partials.warn_session', ['redirectTo' => '/client/session_expired'])
<div class="container">
{!! Former::open('client/recover_password')->addClass('form-signin') !!}
{!! Former::open()
->rules(['email' => 'required|email'])
->addClass('form-signin') !!}
<h2 class="form-signin-heading">{{ trans('texts.password_recovery') }}</h2>
<hr class="green">
@ -35,6 +37,9 @@
<div class="alert alert-danger">{{ Session::get('error') }}</div>
@endif
<div>
{!! Former::text('email')->placeholder(trans('texts.email_address'))->raw() !!}
</div>
{!! Button::success(trans('texts.send_email'))
->withAttributes(['class' => 'green'])
->large()->submit()->block() !!}