public function testIsValidGuid() { $this->assertTrue(ForgotPassword::isValidGuid(String::UUID()), 'Valid input was not handled correctly.'); $this->assertFalse(ForgotPassword::isValidGuid(null), 'Invalid input was not handled correctly.'); $this->assertFalse(ForgotPassword::isValidGuid(-1), 'Invalid input was not handled correctly.'); $this->assertFalse(ForgotPassword::isValidGuid(1), 'Invalid input was not handled correctly.'); $this->assertFalse(ForgotPassword::isValidGuid('sdafrgsg'), 'Invalid input was not handled correctly.'); $this->assertFalse(ForgotPassword::isValidGuid(array()), 'Invalid input was not handled correctly.'); }
/** * Generate or complete a forgot password request. * * @param string $guid The id of the request, may be null. */ public function forgotPassword($guid = null) { if ($guid != null) { if (!ForgotPassword::isValidGuid($guid)) { $guid = null; } } $this->set('createRequest', $guid == null); if ($this->request->is('post')) { try { if ($guid == null) { $data = $this->Member->createForgotPassword($this->request->data); if ($data != false) { $this->_sendEmail($data['email'], 'Password Reset Request', 'forgot_password', array('id' => $data['id'])); return $this->redirect(array('controller' => 'pages', 'action' => 'forgot_password_sent')); } else { return $this->redirect(array('controller' => 'pages', 'action' => 'home')); } } else { if ($this->Member->completeForgotPassword($guid, $this->request->data)) { $this->Session->setFlash('Password successfully set.'); return $this->redirect(array('controller' => 'members', 'action' => 'login')); } else { $this->Session->setFlash('Unable to set password'); return $this->redirect(array('controller' => 'pages', 'action' => 'forgot_password_error')); } } } catch (InvalidStatusException $e) { return $this->redirect(array('controller' => 'pages', 'action' => 'home')); } } }
/** * Complete a forgot password request * * @param string $guid The id of the forgot password request. * @param array $data Array of data containing the user submitted e-mail. * @return bool True if password was changed, false otherwise. */ public function completeForgotPassword($guid, $data) { if (!ForgotPassword::isValidGuid($guid)) { return false; } // Need some extra validation $forgotPasswordModel = ClassRegistry::init('ForgotPassword'); if (!isset($data) || !is_array($data)) { return false; } if ((isset($data['ForgotPassword']) && isset($data['ForgotPassword']['email']) && isset($data['ForgotPassword']['new_password']) && isset($data['ForgotPassword']['new_password_confirm'])) == false) { return false; } $forgotPasswordModel->set($data); if ($forgotPasswordModel->validates()) { $emailAddress = Hash::get($data, 'ForgotPassword.email'); $memberInfo = $this->find('first', array('conditions' => array('Member.email' => $emailAddress), 'fields' => array('Member.member_id'))); if ($memberInfo) { $memberId = $this->getIdForMember($memberInfo); if ($memberId > 0 && $forgotPasswordModel->isEntryValid($guid, $memberId)) { $username = $this->getUsernameForMember($memberId); if ($username) { $password = Hash::get($data, 'ForgotPassword.new_password'); $dataSource = $this->getDataSource(); $dataSource->begin(); if ($this->__setPassword($username, $password, true) && $forgotPasswordModel->expireEntry($guid)) { $dataSource->commit(); return true; } $dataSource->rollback(); return false; } } } } return false; }