public function testResetPassword() { $userId = 1; $timestamp = time(); $hash = Mailer::getPasswordResetHash($userId, $timestamp); $this->get(Router::url(['controller' => 'Users', 'action' => 'resetPassword', $userId, $timestamp, $hash])); $this->assertResponseOk(); }
/** * Sends an email with a link that can be used in the next * 24 hours to give the user access to the password-reset page * * @param int $userId * @return boolean */ public static function sendPasswordResetEmail($userId) { $timestamp = time(); $hash = Mailer::getPasswordResetHash($userId, $timestamp); $resetUrl = Router::url(['prefix' => false, 'controller' => 'Users', 'action' => 'resetPassword', $userId, $timestamp, $hash], true); $email = new Email(); $usersTable = TableRegistry::get('Users'); $user = $usersTable->get($userId); $email->template('reset_password')->subject('MACC website password reset')->to($user->email)->viewVars(compact('user', 'resetUrl')); return $email->send(); }
public function resetPassword($userId = null, $timestamp = null, $hash = null) { if (!$userId || !$timestamp && !$hash) { throw new NotFoundException('Incomplete URL for password-resetting. Did you leave out part of the URL when you copied and pasted it?'); } if (time() - $timestamp > 60 * 60 * 24) { throw new ForbiddenException('Sorry, that link has expired.'); } $expectedHash = Mailer::getPasswordResetHash($userId, $timestamp); if ($hash != $expectedHash) { throw new ForbiddenException('Invalid security key'); } $user = $this->Users->get($userId); $email = $user->email; if ($this->request->is(['post', 'put'])) { $this->request->data['password'] = $this->request->data('new_password'); $user = $this->Users->patchEntity($user, $this->request->data(), ['fieldList' => ['password']]); if ($this->Users->save($user)) { $this->Flash->success('Your password has been updated.'); return $this->redirect(['action' => 'login']); } } $this->request->data = []; $this->set(['email' => $email, 'pageTitle' => 'Reset Password', 'user' => $this->Users->newEntity()]); }