Exemple #1
0
 public function testPerformingAResetInvalidatesUsedRequest()
 {
     $account_id = TestAccountCreateAndDestroy::account_id();
     $account = AccountFactory::findById($account_id);
     PasswordResetRequest::generate($account, $this->nonce = '77warkwark', false);
     PasswordResetRequest::reset($account, 'new_pass34532');
     $req = PasswordResetRequest::match($this->nonce);
     $this->assertEmpty($req);
     // Request shouldn't match because it should already be used.
 }
Exemple #2
0
 /**
  * Reset the given user's password.
  *
  * @return Response
  */
 public function postReset(Container $p_dependencies)
 {
     $request = RequestWrapper::$request;
     $token = $request->get('token');
     $newPassword = $request->get('new_password');
     $passwordConfirmation = $request->get('password_confirmation');
     if ($passwordConfirmation === null || $passwordConfirmation !== $newPassword) {
         return $this->renderError('Password Confirmation did not match.', $token);
     }
     if (!$token) {
         return $this->renderError('No Valid Token to allow for password reset! Try again.', $token);
     } else {
         $req = PasswordResetRequest::match($token);
         $account = $req instanceof PasswordResetRequest ? $req->account() : null;
         if (!$account || !$account->id()) {
             return $this->renderError('Token was invalid or expired! Please reset again.', $token);
         } else {
             if (strlen(trim($newPassword)) < 4 || $newPassword !== $passwordConfirmation) {
                 return $this->renderError('Password not long enough or does not match password confirmation!', $token);
             } else {
                 PasswordResetRequest::reset($account, $newPassword);
                 return new RedirectResponse('/password/?message=' . rawurlencode('Password reset!'));
             }
         }
     }
 }