if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
session_destroy();
JsonView::render($_SESSION);
})->name('auth_clear_session');
// debug helper
$app->get("/{$v}/auth/reset-password/:token/?", function ($token) use($app, $acl, $ZendDb) {
$DirectusUsersTableGateway = new DirectusUsersTableGateway($acl, $ZendDb);
$user = $DirectusUsersTableGateway->findOneBy('reset_token', $token);
if (!$user) {
$app->halt(200, __t('password_reset_incorrect_token'));
}
$expirationDate = new DateTime($user['reset_expiration'], new DateTimeZone('UTC'));
if (DateUtils::hasPassed($expirationDate)) {
$app->halt(200, __t('password_reset_expired_token'));
}
$password = StringUtils::randomString();
$set = [];
// @NOTE: this is not being used for hashing the password anymore
$set['salt'] = StringUtils::randomString();
$set['password'] = Auth::hashPassword($password, $set['salt']);
$set['reset_token'] = '';
// Skip ACL
$DirectusUsersTableGateway = new \Zend\Db\TableGateway\TableGateway('directus_users', $ZendDb);
$affectedRows = $DirectusUsersTableGateway->update($set, ['id' => $user['id']]);
if (1 !== $affectedRows) {
$app->halt(200, __t('password_reset_error'));
}
$data = ['new_password' => $password];
public function testPassed()
{
$datetime = new DateTime('now');
$datetime->modify('-1 days');
$this->assertTrue(DateUtils::hasPassed($datetime));
$datetime->modify('2 days');
$this->assertFalse(DateUtils::hasPassed($datetime));
$datetime->modify('-3 days');
$this->assertTrue(DateUtils::hasPassed($datetime->format('Y-m-d H:i:s')));
$datetime->modify('4 days');
$this->assertFalse(DateUtils::hasPassed($datetime->format('Y-m-d H:i:s')));
}
