/**
* @param Request $request
*
* @return $this|\Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector
*/
public function changeLostPassword(Request $request)
{
$validator = Validator::make($request->all(), ['user_id' => 'required', 'token' => 'required', 'password' => $this->userRepository->getModel()->getRules()['password'] . '|confirmed']);
if ($validator->fails()) {
return redirect(route('auth.lostPasswordForm'))->withErrors($validator)->withInput();
}
$token = Input::get('token', false);
try {
$decryptToken = Crypt::decrypt($token);
// try to find the user with the user id and the decrypt token, this will check the token existence
$users = $this->userRepository->where(['id' => Input::get('user_id', false), 'lost_password_token' => $decryptToken]);
if ($users->count() !== 1) {
$request->session()->flash('error', 'auth.user_not_found');
return redirect(route('auth.lostPasswordForm', ['error' => true]));
}
$user = $users->first();
// use a constant for the time validity of the token
if (Carbon::now()->diffInHours($user->lost_password_token_created_at) > 2) {
$request->session()->flash('error', 'auth.token_expired');
return redirect(route('auth.lostPasswordForm'));
}
// remove token
$user->lost_password_token = null;
$user->lost_password_token_created_at = null;
// hash new password
$user->password = \Hash::make(Input::get('password'));
$this->userRepository->update($user);
} catch (ValidationException $e) {
$request->session()->flash('error', 'auth.user_error_update');
return redirect(route('auth.changeLostPasswordForm'));
} catch (DecryptException $e) {
$request->session()->flash('error', 'auth.token_not_valid');
return redirect(route('auth.lostPasswordForm'));
}
$request->session()->flash('success', 'auth.password_changed');
return redirect(route('auth.login'));
}
