Skip to content

Commit

Permalink
Crypto-based password resets
Browse files Browse the repository at this point in the history
  • Loading branch information
tillkruss committed Jan 24, 2017
1 parent 0d3f0bc commit 3da8d64
Show file tree
Hide file tree
Showing 15 changed files with 210 additions and 535 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
Login
</button>

<a class="btn btn-link" href="{{ url('/password/reset') }}">
<a class="btn btn-link" href="{{ url('/password/request') }}">
Forgot Your Password?
</a>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,60 +14,55 @@
</div>
@endif

<form class="form-horizontal" role="form" method="POST" action="{{ url('/password/reset') }}">
{{ csrf_field() }}

<input type="hidden" name="token" value="{{ $token }}">

<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
@if (session('warning'))
<div class="alert alert-warning">
{{ session('warning') }}
</div>
@else

<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ $email or old('email') }}" required autofocus>
<form class="form-horizontal" role="form" method="POST" action="{{ url('/password/reset') }}">
{{ csrf_field() }}

@if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
</div>
<input type="hidden" name="email" value="{{ $email }}">
<input type="hidden" name="expiration" value="{{ $expiration }}">
<input type="hidden" name="token" value="{{ $token }}">

<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>

<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required autofocus>

@if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
@if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
</div>
</div>

<div class="form-group{{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
<label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
<div class="col-md-6">
<input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>
<div class="form-group{{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
<label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
<div class="col-md-6">
<input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>

@if ($errors->has('password_confirmation'))
<span class="help-block">
<strong>{{ $errors->first('password_confirmation') }}</strong>
</span>
@endif
@if ($errors->has('password_confirmation'))
<span class="help-block">
<strong>{{ $errors->first('password_confirmation') }}</strong>
</span>
@endif
</div>
</div>
</div>

<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Reset Password
</button>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Reset Password
</button>
</div>
</div>
</div>
</form>
</form>
@endif
</div>
</div>
</div>
Expand Down
16 changes: 14 additions & 2 deletions src/Illuminate/Auth/Notifications/ResetPassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,24 @@ class ResetPassword extends Notification
*/
public $token;

/**
* The password reset expiration date.
*
* @var int
*/
public $expiration;

/**
* Create a notification instance.
*
* @param string $token
* @param int $expiration
* @return void
*/
public function __construct($token)
public function __construct($token, $expiration)
{
$this->token = $token;
$this->expiration = $expiration;
}

/**
Expand All @@ -44,9 +53,12 @@ public function via($notifiable)
*/
public function toMail($notifiable)
{
$email = $notifiable->getEmailForPasswordReset();
$link = url("password/reset?email={$email}&expiration={$this->expiration}&token={$this->token}");

return (new MailMessage)
->line('You are receiving this email because we received a password reset request for your account.')
->action('Reset Password', url('password/reset', $this->token))
->action('Reset Password', $link)
->line('If you did not request a password reset, no further action is required.');
}
}
5 changes: 3 additions & 2 deletions src/Illuminate/Auth/Passwords/CanResetPassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,11 @@ public function getEmailForPasswordReset()
* Send the password reset notification.
*
* @param string $token
* @param int $expiration
* @return void
*/
public function sendPasswordResetNotification($token)
public function sendPasswordResetNotification($token, $expiration)
{
$this->notify(new ResetPasswordNotification($token));
$this->notify(new ResetPasswordNotification($token, $expiration));
}
}
204 changes: 0 additions & 204 deletions src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php

This file was deleted.

Loading

0 comments on commit 3da8d64

Please sign in to comment.