2020-03-03 22:09:06 +01:00
|
|
|
<?php
|
|
|
|
|
2022-03-15 14:47:07 +01:00
|
|
|
namespace App\Http\Controllers\Auth;
|
2020-03-03 22:09:06 +01:00
|
|
|
|
|
|
|
use App\Http\Controllers\Controller;
|
2022-11-22 15:15:52 +01:00
|
|
|
use App\Http\Requests\UserPatchPwdRequest;
|
2020-03-03 22:09:06 +01:00
|
|
|
use Illuminate\Support\Facades\Auth;
|
|
|
|
use Illuminate\Support\Facades\Hash;
|
2022-10-18 17:34:56 +02:00
|
|
|
use Illuminate\Support\Facades\Log;
|
2020-03-03 22:09:06 +01:00
|
|
|
|
|
|
|
class PasswordController extends Controller
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Update the user's password.
|
|
|
|
*
|
2021-11-26 11:18:58 +01:00
|
|
|
* @return \Illuminate\Http\JsonResponse
|
2020-03-03 22:09:06 +01:00
|
|
|
*/
|
2021-10-01 13:40:37 +02:00
|
|
|
public function update(UserPatchPwdRequest $request)
|
2020-03-03 22:09:06 +01:00
|
|
|
{
|
2023-12-09 17:22:24 +01:00
|
|
|
$user = $request->user();
|
2021-10-01 13:40:37 +02:00
|
|
|
$validated = $request->validated();
|
2020-03-03 22:09:06 +01:00
|
|
|
|
2023-12-09 17:22:24 +01:00
|
|
|
if (config('auth.defaults.guard') === 'reverse-proxy-guard' || $user->oauth_provider) {
|
|
|
|
Log::notice('Password update rejected: reverse-proxy-guard enabled or account from external sso provider');
|
|
|
|
|
|
|
|
return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);
|
|
|
|
}
|
|
|
|
|
2022-11-22 15:15:52 +01:00
|
|
|
if (! Hash::check($validated['currentPassword'], Auth::user()->password)) {
|
2022-10-18 17:34:56 +02:00
|
|
|
Log::notice('Password update failed: wrong password provided');
|
2022-11-22 15:15:52 +01:00
|
|
|
|
2020-03-03 22:09:06 +01:00
|
|
|
return response()->json(['message' => __('errors.wrong_current_password')], 400);
|
|
|
|
}
|
|
|
|
|
2022-11-22 15:15:52 +01:00
|
|
|
if (! config('2fauth.config.isDemoApp')) {
|
2023-12-09 17:22:24 +01:00
|
|
|
$user->update([
|
2021-10-01 13:40:37 +02:00
|
|
|
'password' => bcrypt($validated['password']),
|
2020-03-18 22:59:45 +01:00
|
|
|
]);
|
2023-12-09 17:22:24 +01:00
|
|
|
Log::info(sprintf('Password of user ID #%s updated', $user->id));
|
2020-03-18 22:59:45 +01:00
|
|
|
}
|
2020-03-03 22:09:06 +01:00
|
|
|
|
|
|
|
return response()->json(['message' => __('auth.forms.password_successfully_changed')]);
|
|
|
|
}
|
2022-11-22 15:15:52 +01:00
|
|
|
}
|