/** * Send a reset link to a given user. * * @return Response * @TODO: Authenticate the csrf, which must match, from the session. */ public function postEmail(Container $p_dependencies) { $request = RequestWrapper::$request; $error = null; $message = null; $account = null; $email = $request->get('email'); $ninja_name = $request->get('ninja_name'); if (!$email && !$ninja_name) { $error = 'You must specify either an email or a ninja name!'; } else { if ($email) { $account = Account::findByEmail($email); } if (!isset($account)) { $account = Account::findByNinjaName($ninja_name); } if ($account === null || !$account->id()) { $error = 'Sorry, unable to find a matching account!'; } else { // PWR created with default nonce $request = PasswordResetRequest::generate($account); if ($this->sendEmail($request->nonce, $account)) { $message = 'Your reset email was sent!'; } else { $error = 'Sorry, there was a problem sending to your account! Please contact support.'; } } } return new RedirectResponse('/password/?' . ($message ? 'message=' . rawurlencode($message) . '&' : '') . ($error ? 'error=' . rawurlencode($error) : '')); }
public function testPostResetWithInvalidatedTokenYeildsError() { $token = '34838383838'; PasswordResetRequest::generate($this->account, $token); $request = Request::create('/resetpassword.php'); $request->setMethod('POST'); $request->request->set('token', $token); $password = '******'; $request->request->set('new_password', $password); $request->request->set('password_confirmation', $password); $request->request->set('email', $this->account->getActiveEmail()); // Invalidate the token PasswordResetRequest::where('_account_id', '=', $this->account->id())->update(['used' => true]); // Now run the controller method to reset! $controller = new PasswordController(); $response = $controller->postReset($request); $this->assertTrue(stripos($response->getTargetUrl(), url('Token was invalid')) !== false, 'Url was [' . $response->getTargetUrl() . '] instead of expected not long enough password error url.'); // Password should be changed. $this->assertFalse($this->checkTestPasswordMatches($password), 'Password should not have been changed on a rejection!'); }
public function testPerformingAResetInvalidatesUsedRequest() { $account_id = TestAccountCreateAndDestroy::account_id(); $account = AccountFactory::findById($account_id); PasswordResetRequest::generate($account, $this->nonce = '77warkwark', false); PasswordResetRequest::reset($account, 'new_pass34532'); $req = PasswordResetRequest::match($this->nonce); $this->assertEmpty($req); // Request shouldn't match because it should already be used. }