Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix client password reset

Browse Source
This commit is contained in:
Hillel Coren 2018-01-11 11:27:23 +02:00
parent 4fcf275255
commit b838dad1e8
4 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
app/Http/Controllers/ClientAuth/ForgotPasswordController.php
View File

@ -4,7 +4,9 @@ namespace App\Http\Controllers\ClientAuth;
use Password; use Password;
use Config; use Config;
use Utils;
use App\Models\Contact; use App\Models\Contact;
use App\Models\Account;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails; use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
@ -45,10 +47,6 @@ class ForgotPasswordController extends Controller
'clientauth' => true, 'clientauth' => true,
]; ];
if (! session('contact_key')) {
return \Redirect::to('/client/session_expired');
}
return view('clientauth.passwords.email')->with($data); return view('clientauth.passwords.email')->with($data);
} }
@ -61,15 +59,33 @@ class ForgotPasswordController extends Controller
*/ */
public function sendResetLinkEmail(Request $request) public function sendResetLinkEmail(Request $request)
{ {
$contactId = null; // resolve the email to a contact/account
$contactKey = session('contact_key'); $account = false;
if ($contactKey) { if (! Utils::isNinja() && Account::count() == 1) {
$contact = Contact::where('contact_key', '=', $contactKey)->first(); $account = Account::first();
if ($contact && ! $contact->is_deleted && $contact->email) { } elseif ($accountKey = request()->account_key) {
$contactId = $contact->id; $account = Account::whereAccountKey($accountKey)->first();
} else {
$subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
if ($subdomain && $subdomain != 'app') {
$account = Account::whereSubdomain($subdomain)->first();
} }
} }
if (! $account || ! request()->email) {
return $this->sendResetLinkFailedResponse($request, Password::INVALID_USER);
}
$contact = Contact::where('email', '=', request()->email)
->where('account_id', '=', $account->id)
->first();
if ($contact) {
$contactId = $contact->id;
} else {
return $this->sendResetLinkFailedResponse($request, Password::INVALID_USER);
}
$response = $this->broker()->sendResetLink(['id' => $contactId], function (Message $message) { $response = $this->broker()->sendResetLink(['id' => $contactId], function (Message $message) {
$message->subject($this->getEmailSubject()); $message->subject($this->getEmailSubject());
}); });

2
app/Http/Controllers/ClientAuth/LoginController.php
View File

@ -98,7 +98,7 @@ class LoginController extends Controller
$account = Account::whereAccountKey($accountKey)->first(); $account = Account::whereAccountKey($accountKey)->first();
} else { } else {
$subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST')); $subdomain = Utils::getSubdomain(\Request::server('HTTP_HOST'));
if ($subdomain != 'app') { if ($subdomain && $subdomain != 'app') {
$account = Account::whereSubdomain($subdomain)->first(); $account = Account::whereSubdomain($subdomain)->first();
} }
} }

2
resources/views/clientauth/login.blade.php
View File

@ -50,7 +50,7 @@
<div class="row meta"> <div class="row meta">
<div class="col-md-12 col-sm-12" style="text-align:center;padding-top:8px;"> <div class="col-md-12 col-sm-12" style="text-align:center;padding-top:8px;">
{!! link_to('/client/recover_password', trans('texts.recover_password')) !!} {!! link_to('/client/recover_password' . (request()->account_key ? '?account_key=' . request()->account_key : ''), trans('texts.recover_password')) !!}
</div> </div>
</div> </div>
{!! Former::close() !!} {!! Former::close() !!}

7
resources/views/clientauth/passwords/email.blade.php
View File

@ -3,7 +3,9 @@
@section('form') @section('form')
@include('partials.warn_session', ['redirectTo' => '/client/session_expired']) @include('partials.warn_session', ['redirectTo' => '/client/session_expired'])
<div class="container"> <div class="container">
{!! Former::open('client/recover_password')->addClass('form-signin') !!} {!! Former::open()
->rules(['email' => 'required|email'])
->addClass('form-signin') !!}
<h2 class="form-signin-heading">{{ trans('texts.password_recovery') }}</h2> <h2 class="form-signin-heading">{{ trans('texts.password_recovery') }}</h2>
<hr class="green"> <hr class="green">
@ -35,6 +37,9 @@
<div class="alert alert-danger">{{ Session::get('error') }}</div> <div class="alert alert-danger">{{ Session::get('error') }}</div>
@endif @endif
<div>
{!! Former::text('email')->placeholder(trans('texts.email_address'))->raw() !!}
</div>
{!! Button::success(trans('texts.send_email')) {!! Button::success(trans('texts.send_email'))
->withAttributes(['class' => 'green']) ->withAttributes(['class' => 'green'])
->large()->submit()->block() !!} ->large()->submit()->block() !!}