Skip to content

Commit

Permalink
Crypto-based password resets
Browse files Browse the repository at this point in the history
  • Loading branch information
@tillkruss
tillkruss committed Feb 15, 2017
1 parent 494a177 commit adda004
Show file tree
Hide file tree
Showing 14 changed files with 209 additions and 547 deletions.
81 changes: 38 additions & 43 deletions src/Illuminate/Auth/Console/stubs/make/views/auth/passwords/reset.stub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,60 +14,55 @@
</div>
@endif

<form class="form-horizontal" role="form" method="POST" action="{{ route('password.request') }}">
{{ csrf_field() }}

<input type="hidden" name="token" value="{{ $token }}">

<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
@if (session('warning'))
<div class="alert alert-warning">
{{ session('warning') }}
</div>
@else

<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ $email or old('email') }}" required autofocus>
<form class="form-horizontal" role="form" method="POST" action="{{ route('password.request') }}">
{{ csrf_field() }}

@if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
</div>
<input type="hidden" name="email" value="{{ $email }}">
<input type="hidden" name="expiration" value="{{ $expiration }}">
<input type="hidden" name="token" value="{{ $token }}">

<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>

<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required autofocus>

@if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
@if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
</div>
</div>

<div class="form-group{{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
<label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
<div class="col-md-6">
<input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>
<div class="form-group{{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
<label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
<div class="col-md-6">
<input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>

@if ($errors->has('password_confirmation'))
<span class="help-block">
<strong>{{ $errors->first('password_confirmation') }}</strong>
</span>
@endif
@if ($errors->has('password_confirmation'))
<span class="help-block">
<strong>{{ $errors->first('password_confirmation') }}</strong>
</span>
@endif
</div>
</div>
</div>

<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Reset Password
</button>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Reset Password
</button>
</div>
</div>
</div>
</form>
</form>
@endif
</div>
</div>
</div>
Expand Down
16 changes: 14 additions & 2 deletions src/Illuminate/Auth/Notifications/ResetPassword.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,24 @@ class ResetPassword extends Notification
*/
public $token;

/**
* The password reset expiration date.
*
* @var int
*/
public $expiration;

/**
* Create a notification instance.
*
* @param string $token
* @param int $expiration
* @return void
*/
public function __construct($token)
public function __construct($token, $expiration)
{
$this->token = $token;
$this->expiration = $expiration;
}

/**
Expand All @@ -44,9 +53,12 @@ public function via($notifiable)
*/
public function toMail($notifiable)
{
$email = $notifiable->getEmailForPasswordReset();
$link = url("password/reset?email={$email}&expiration={$this->expiration}&token={$this->token}");

return (new MailMessage)
->line('You are receiving this email because we received a password reset request for your account.')
->action('Reset Password', route('password.reset', $this->token))
->action('Reset Password', $link)
->line('If you did not request a password reset, no further action is required.');
}
}
5 changes: 3 additions & 2 deletions src/Illuminate/Auth/Passwords/CanResetPassword.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,11 @@ public function getEmailForPasswordReset()
* Send the password reset notification.
*
* @param string $token
* @param int $expiration
* @return void
*/
public function sendPasswordResetNotification($token)
public function sendPasswordResetNotification($token, $expiration)
{
$this->notify(new ResetPasswordNotification($token));
$this->notify(new ResetPasswordNotification($token, $expiration));
}
}
204 changes: 0 additions & 204 deletions src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php
View file

This file was deleted.

Loading

0 comments on commit adda004

Please sign in to comment.