/** * Send reset password form with KEY */ public function resetPassword() { $input = Input::all(); $validator = Validator::make($input, User::getResetRules()); if ($validator->passes()) { $reset = ResetKey::where('key', $input['key'])->first(); $user = User::where('email', $input['email'])->first(); if (!$reset instanceof ResetKey) { return ApiResponse::errorUnauthorized("Invalid reset key."); } if ($reset->user_id != $user->_id) { return ApiResponse::errorUnauthorized("Reset key does not belong to this user."); } if ($reset->isExpired()) { $reset->delete(); return ApiResponse::errorUnauthorized("Reset key is expired."); } $user = $reset->user; $user->password = Hash::make($input['password']); $user->save(); $reset->delete(); return ApiResponse::json('Password reset successfully!'); } else { return ApiResponse::validation($validator); } }
|-------------------------------------------------------------------------- | Authentication Filters |-------------------------------------------------------------------------- | | The following filters are used to verify that the user of the current | session is logged into this application. The "basic" filter easily | integrates HTTP Basic authentication for quick, simple checking. | */ Route::filter('logged_in', function () { if (!Input::has('token')) { return ApiResponse::errorUnauthorized("No token found."); } $token = Input::get('token'); if (!Token::where('key', '=', $token)->exists()) { return ApiResponse::errorUnauthorized("Token mismatched."); } }); Route::filter('auth', function () { if (Auth::guest()) { return Redirect::guest('login'); } }); Route::filter('auth.basic', function () { return Auth::basic(); }); /* |-------------------------------------------------------------------------- | Guest Filter |-------------------------------------------------------------------------- |