/** * Check for matching token, and a matching interval period * * @return PasswordResetRequest */ public static function match($token) { $request = PasswordResetRequest::where('nonce', $token)->where('used', false)->first(); if ($request instanceof PasswordResetRequest && $request->isActive()) { return $request; } else { return null; } }
public function testPostResetWithInvalidatedTokenYeildsError() { $token = '34838383838'; PasswordResetRequest::generate($this->account, $token); $request = Request::create('/resetpassword.php'); $request->setMethod('POST'); $request->request->set('token', $token); $password = '******'; $request->request->set('new_password', $password); $request->request->set('password_confirmation', $password); $request->request->set('email', $this->account->getActiveEmail()); // Invalidate the token PasswordResetRequest::where('_account_id', '=', $this->account->id())->update(['used' => true]); // Now run the controller method to reset! $controller = new PasswordController(); $response = $controller->postReset($request); $this->assertTrue(stripos($response->getTargetUrl(), url('Token was invalid')) !== false, 'Url was [' . $response->getTargetUrl() . '] instead of expected not long enough password error url.'); // Password should be changed. $this->assertFalse($this->checkTestPasswordMatches($password), 'Password should not have been changed on a rejection!'); }
public function testGeneratedResetCanBeFoundByAccount() { $req = PasswordResetRequest::generate($this->account); $req_dup = PasswordResetRequest::where('_account_id', '=', $this->account->id())->first(); $this->assertEquals($req->id(), $req_dup->id()); }