feat: reset password
This commit is contained in:
parent
eda0ffd199
commit
7f60bc756f
|
|
@ -58,6 +58,7 @@ MAIL_FROM_ADDRESS="hello@example.com"
|
||||||
MAIL_FROM_NAME="${APP_NAME}"
|
MAIL_FROM_NAME="${APP_NAME}"
|
||||||
|
|
||||||
EXPO_ACCESS_TOKEN=
|
EXPO_ACCESS_TOKEN=
|
||||||
|
MOBILE_PASSWORD_RESET_URL=bowly://reset-password
|
||||||
|
|
||||||
STRAVA_CLIENT_ID=
|
STRAVA_CLIENT_ID=
|
||||||
STRAVA_CLIENT_SECRET=
|
STRAVA_CLIENT_SECRET=
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,14 @@
|
||||||
namespace App\Http\Controllers;
|
namespace App\Http\Controllers;
|
||||||
|
|
||||||
use App\Http\Requests\EmailVerificationNotificationRequest;
|
use App\Http\Requests\EmailVerificationNotificationRequest;
|
||||||
|
use App\Http\Requests\ForgotPasswordRequest;
|
||||||
use App\Http\Requests\LoginRequest;
|
use App\Http\Requests\LoginRequest;
|
||||||
use App\Http\Requests\RegisterRequest;
|
use App\Http\Requests\RegisterRequest;
|
||||||
|
use App\Http\Requests\ResetPasswordRequest;
|
||||||
use App\Http\Requests\UpdateUserRequest;
|
use App\Http\Requests\UpdateUserRequest;
|
||||||
use App\Http\Resources\UserResource;
|
use App\Http\Resources\UserResource;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
|
use Illuminate\Auth\Events\PasswordReset;
|
||||||
use Illuminate\Auth\Events\Verified;
|
use Illuminate\Auth\Events\Verified;
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
|
@ -15,6 +18,7 @@ use Illuminate\Http\Resources\Json\JsonResource;
|
||||||
use Illuminate\Support\Arr;
|
use Illuminate\Support\Arr;
|
||||||
use Illuminate\Support\Facades\DB;
|
use Illuminate\Support\Facades\DB;
|
||||||
use Illuminate\Support\Facades\Hash;
|
use Illuminate\Support\Facades\Hash;
|
||||||
|
use Illuminate\Support\Facades\Password;
|
||||||
use Illuminate\Support\Facades\Storage;
|
use Illuminate\Support\Facades\Storage;
|
||||||
use Illuminate\Support\Str;
|
use Illuminate\Support\Str;
|
||||||
use Illuminate\View\View;
|
use Illuminate\View\View;
|
||||||
|
|
@ -123,6 +127,52 @@ class AuthController extends Controller
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function forgotPassword(ForgotPasswordRequest $request): JsonResponse
|
||||||
|
{
|
||||||
|
$email = strtolower($request->validated('email'));
|
||||||
|
$status = Password::sendResetLink(['email' => $email]);
|
||||||
|
|
||||||
|
if ($status === Password::RESET_THROTTLED) {
|
||||||
|
return response()->json([
|
||||||
|
'message' => __($status),
|
||||||
|
], 429);
|
||||||
|
}
|
||||||
|
|
||||||
|
return response()->json([
|
||||||
|
'message' => __('api.auth.password_reset_link_sent'),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function resetPassword(ResetPasswordRequest $request): JsonResponse
|
||||||
|
{
|
||||||
|
$data = $request->validated();
|
||||||
|
$data['email'] = strtolower($data['email']);
|
||||||
|
|
||||||
|
$status = Password::reset(
|
||||||
|
$data,
|
||||||
|
function (User $user, string $password): void {
|
||||||
|
$user->forceFill([
|
||||||
|
'password' => Hash::make($password),
|
||||||
|
'remember_token' => Str::random(60),
|
||||||
|
])->save();
|
||||||
|
|
||||||
|
$user->tokens()->delete();
|
||||||
|
|
||||||
|
event(new PasswordReset($user));
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
if ($status !== Password::PASSWORD_RESET) {
|
||||||
|
return response()->json([
|
||||||
|
'message' => __($status),
|
||||||
|
], 422);
|
||||||
|
}
|
||||||
|
|
||||||
|
return response()->json([
|
||||||
|
'message' => __('api.auth.password_reset'),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
public function logout(): JsonResponse
|
public function logout(): JsonResponse
|
||||||
{
|
{
|
||||||
$request = request();
|
$request = request();
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,28 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Requests;
|
||||||
|
|
||||||
|
use Illuminate\Foundation\Http\FormRequest;
|
||||||
|
|
||||||
|
class ForgotPasswordRequest extends FormRequest
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine if the user is authorized to make this request.
|
||||||
|
*/
|
||||||
|
public function authorize(): bool
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the validation rules that apply to the request.
|
||||||
|
*
|
||||||
|
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
|
||||||
|
*/
|
||||||
|
public function rules(): array
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'email' => ['required', 'string', 'email', 'max:255'],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Requests;
|
||||||
|
|
||||||
|
use Illuminate\Foundation\Http\FormRequest;
|
||||||
|
|
||||||
|
class ResetPasswordRequest extends FormRequest
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine if the user is authorized to make this request.
|
||||||
|
*/
|
||||||
|
public function authorize(): bool
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the validation rules that apply to the request.
|
||||||
|
*
|
||||||
|
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
|
||||||
|
*/
|
||||||
|
public function rules(): array
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'email' => ['required', 'string', 'email', 'max:255'],
|
||||||
|
'password' => ['required', 'string', 'min:8', 'confirmed'],
|
||||||
|
'token' => ['required', 'string'],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -5,6 +5,7 @@ namespace App\Providers;
|
||||||
use App\Broadcasting\ExpoPushChannel;
|
use App\Broadcasting\ExpoPushChannel;
|
||||||
use App\Mail\VerifyAccount;
|
use App\Mail\VerifyAccount;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
|
use Illuminate\Auth\Notifications\ResetPassword;
|
||||||
use Illuminate\Auth\Notifications\VerifyEmail;
|
use Illuminate\Auth\Notifications\VerifyEmail;
|
||||||
use Illuminate\Support\Facades\Gate;
|
use Illuminate\Support\Facades\Gate;
|
||||||
use Illuminate\Support\Facades\Notification;
|
use Illuminate\Support\Facades\Notification;
|
||||||
|
|
@ -61,6 +62,16 @@ class AppServiceProvider extends ServiceProvider
|
||||||
->to($notifiable->getEmailForVerification())
|
->to($notifiable->getEmailForVerification())
|
||||||
);
|
);
|
||||||
|
|
||||||
|
ResetPassword::createUrlUsing(function (User $notifiable, string $token): string {
|
||||||
|
$passwordResetUrl = rtrim((string) config('services.mobile.password_reset_url'), '?&');
|
||||||
|
$query = http_build_query([
|
||||||
|
'email' => $notifiable->getEmailForPasswordReset(),
|
||||||
|
'token' => $token,
|
||||||
|
], '', '&', PHP_QUERY_RFC3986);
|
||||||
|
|
||||||
|
return "{$passwordResetUrl}?{$query}";
|
||||||
|
});
|
||||||
|
|
||||||
Gate::define('viewApiDocs', function ($user = null) {
|
Gate::define('viewApiDocs', function ($user = null) {
|
||||||
// Option A : Autoriser tout le monde (Attention : la doc sera publique hors local)
|
// Option A : Autoriser tout le monde (Attention : la doc sera publique hors local)
|
||||||
return true;
|
return true;
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,10 @@ return [
|
||||||
'access_token' => env('EXPO_ACCESS_TOKEN'),
|
'access_token' => env('EXPO_ACCESS_TOKEN'),
|
||||||
],
|
],
|
||||||
|
|
||||||
|
'mobile' => [
|
||||||
|
'password_reset_url' => env('MOBILE_PASSWORD_RESET_URL', 'bowly://reset-password'),
|
||||||
|
],
|
||||||
|
|
||||||
'strava' => [
|
'strava' => [
|
||||||
'client_id' => env('STRAVA_CLIENT_ID'),
|
'client_id' => env('STRAVA_CLIENT_ID'),
|
||||||
'client_secret' => env('STRAVA_CLIENT_SECRET'),
|
'client_secret' => env('STRAVA_CLIENT_SECRET'),
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ return [
|
||||||
'verified' => 'Account verified successfully.',
|
'verified' => 'Account verified successfully.',
|
||||||
'verification_sent' => 'Verification email sent.',
|
'verification_sent' => 'Verification email sent.',
|
||||||
'verification_sent_if_unverified' => 'If an unverified account exists for this address, a verification email has been sent.',
|
'verification_sent_if_unverified' => 'If an unverified account exists for this address, a verification email has been sent.',
|
||||||
|
'password_reset_link_sent' => 'If an account exists for this address, a password reset link has been sent.',
|
||||||
|
'password_reset' => 'Password reset successfully.',
|
||||||
'logout' => 'Logged out successfully.',
|
'logout' => 'Logged out successfully.',
|
||||||
'unauthenticated' => 'Unauthenticated.',
|
'unauthenticated' => 'Unauthenticated.',
|
||||||
'deleted' => 'Account deleted successfully.',
|
'deleted' => 'Account deleted successfully.',
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ return [
|
||||||
'verified' => 'Compte vérifié avec succès.',
|
'verified' => 'Compte vérifié avec succès.',
|
||||||
'verification_sent' => 'Email de vérification envoyé.',
|
'verification_sent' => 'Email de vérification envoyé.',
|
||||||
'verification_sent_if_unverified' => 'Si un compte non vérifié existe avec cette adresse, un email de vérification vient d’être envoyé.',
|
'verification_sent_if_unverified' => 'Si un compte non vérifié existe avec cette adresse, un email de vérification vient d’être envoyé.',
|
||||||
|
'password_reset_link_sent' => 'Si un compte existe avec cette adresse, un lien de réinitialisation vient d’être envoyé.',
|
||||||
|
'password_reset' => 'Mot de passe réinitialisé avec succès.',
|
||||||
'logout' => 'Déconnecté avec succès.',
|
'logout' => 'Déconnecté avec succès.',
|
||||||
'unauthenticated' => 'Non authentifié.',
|
'unauthenticated' => 'Non authentifié.',
|
||||||
'deleted' => 'Compte supprimé avec succès.',
|
'deleted' => 'Compte supprimé avec succès.',
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,12 @@ use Illuminate\Support\Facades\Route;
|
||||||
Route::prefix('auth')->group(function (): void {
|
Route::prefix('auth')->group(function (): void {
|
||||||
Route::post('register', [AuthController::class, 'register']);
|
Route::post('register', [AuthController::class, 'register']);
|
||||||
Route::post('login', [AuthController::class, 'login']);
|
Route::post('login', [AuthController::class, 'login']);
|
||||||
|
Route::post('forgot-password', [AuthController::class, 'forgotPassword'])
|
||||||
|
->middleware('throttle:6,1')
|
||||||
|
->name('password.email');
|
||||||
|
Route::post('reset-password', [AuthController::class, 'resetPassword'])
|
||||||
|
->middleware('throttle:6,1')
|
||||||
|
->name('password.update');
|
||||||
Route::get('email/verify/{id}/{hash}', [AuthController::class, 'verifyEmail'])
|
Route::get('email/verify/{id}/{hash}', [AuthController::class, 'verifyEmail'])
|
||||||
->middleware(['signed:relative', 'throttle:6,1'])
|
->middleware(['signed:relative', 'throttle:6,1'])
|
||||||
->name('verification.verify');
|
->name('verification.verify');
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,104 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use App\Models\User;
|
||||||
|
use Illuminate\Auth\Notifications\ResetPassword;
|
||||||
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||||
|
use Illuminate\Support\Facades\Hash;
|
||||||
|
use Illuminate\Support\Facades\Notification;
|
||||||
|
use Illuminate\Support\Facades\Password;
|
||||||
|
|
||||||
|
uses(RefreshDatabase::class);
|
||||||
|
|
||||||
|
beforeEach(function (): void {
|
||||||
|
config()->set('services.mobile.password_reset_url', 'bowly://reset-password');
|
||||||
|
});
|
||||||
|
|
||||||
|
it('sends a password reset email with a mobile app url', function () {
|
||||||
|
Notification::fake();
|
||||||
|
|
||||||
|
$user = User::factory()->create([
|
||||||
|
'email' => 'leon@example.com',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this
|
||||||
|
->postJson('/api/auth/forgot-password', [
|
||||||
|
'email' => 'LEON@example.com',
|
||||||
|
])
|
||||||
|
->assertOk()
|
||||||
|
->assertJsonPath('message', __('api.auth.password_reset_link_sent'));
|
||||||
|
|
||||||
|
Notification::assertSentTo(
|
||||||
|
$user,
|
||||||
|
ResetPassword::class,
|
||||||
|
function (ResetPassword $notification) use ($user): bool {
|
||||||
|
$mail = $notification->toMail($user);
|
||||||
|
$url = $mail->actionUrl;
|
||||||
|
|
||||||
|
expect($url)->toStartWith('bowly://reset-password?');
|
||||||
|
|
||||||
|
parse_str((string) parse_url($url, PHP_URL_QUERY), $query);
|
||||||
|
|
||||||
|
expect($query['email'])->toBe($user->email)
|
||||||
|
->and($query['token'])->not->toBeEmpty();
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('does not reveal whether a reset email can be sent', function () {
|
||||||
|
Notification::fake();
|
||||||
|
|
||||||
|
$this
|
||||||
|
->postJson('/api/auth/forgot-password', [
|
||||||
|
'email' => 'missing@example.com',
|
||||||
|
])
|
||||||
|
->assertOk()
|
||||||
|
->assertJsonPath('message', __('api.auth.password_reset_link_sent'));
|
||||||
|
|
||||||
|
Notification::assertNothingSent();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('resets the password and invalidates existing api tokens', function () {
|
||||||
|
$user = User::factory()->create([
|
||||||
|
'email' => 'leon@example.com',
|
||||||
|
'password' => 'old-password',
|
||||||
|
]);
|
||||||
|
$token = Password::broker()->createToken($user);
|
||||||
|
|
||||||
|
$user->createToken('api');
|
||||||
|
|
||||||
|
$this
|
||||||
|
->postJson('/api/auth/reset-password', [
|
||||||
|
'email' => 'LEON@example.com',
|
||||||
|
'password' => 'new-password',
|
||||||
|
'password_confirmation' => 'new-password',
|
||||||
|
'token' => $token,
|
||||||
|
])
|
||||||
|
->assertOk()
|
||||||
|
->assertJsonPath('message', __('api.auth.password_reset'));
|
||||||
|
|
||||||
|
expect(Hash::check('new-password', $user->fresh()->password))->toBeTrue();
|
||||||
|
|
||||||
|
$this->assertDatabaseMissing('personal_access_tokens', [
|
||||||
|
'tokenable_id' => $user->getKey(),
|
||||||
|
]);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('rejects an invalid password reset token', function () {
|
||||||
|
$user = User::factory()->create([
|
||||||
|
'email' => 'leon@example.com',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this
|
||||||
|
->postJson('/api/auth/reset-password', [
|
||||||
|
'email' => $user->email,
|
||||||
|
'password' => 'new-password',
|
||||||
|
'password_confirmation' => 'new-password',
|
||||||
|
'token' => 'invalid-token',
|
||||||
|
])
|
||||||
|
->assertUnprocessable()
|
||||||
|
->assertJsonPath('message', __('passwords.token'));
|
||||||
|
|
||||||
|
expect(Hash::check('new-password', $user->fresh()->password))->toBeFalse();
|
||||||
|
});
|
||||||
Loading…
Reference in New Issue