Add event-admin password reset flow
This commit is contained in:
Codex Agent
@@ -0,0 +1,109 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\TenantAuth;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Auth\TenantAdminForgotPasswordRequest;
|
||||
use App\Http\Requests\Auth\TenantAdminResetPasswordRequest;
|
||||
use App\Models\EventMember;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Events\PasswordReset;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Password;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
class TenantAdminPasswordResetController extends Controller
|
||||
{
|
||||
public function requestLink(TenantAdminForgotPasswordRequest $request): JsonResponse
|
||||
{
|
||||
$email = $request->string('email')->trim()->value();
|
||||
|
||||
$user = User::query()->where('email', $email)->first();
|
||||
|
||||
if (! $user || ! $this->canAccessEventAdmin($user)) {
|
||||
return $this->genericSuccessResponse();
|
||||
}
|
||||
|
||||
Password::sendResetLink([
|
||||
'email' => $email,
|
||||
]);
|
||||
|
||||
return $this->genericSuccessResponse();
|
||||
}
|
||||
|
||||
public function reset(TenantAdminResetPasswordRequest $request): JsonResponse
|
||||
{
|
||||
$status = Password::reset(
|
||||
$request->only('email', 'password', 'password_confirmation', 'token'),
|
||||
function (User $user) use ($request) {
|
||||
$this->ensureUserCanReset($user);
|
||||
|
||||
$user->forceFill([
|
||||
'password' => Hash::make($request->string('password')->value()),
|
||||
'remember_token' => Str::random(60),
|
||||
])->save();
|
||||
|
||||
event(new PasswordReset($user));
|
||||
}
|
||||
);
|
||||
|
||||
if ($status === Password::PasswordReset) {
|
||||
return response()->json([
|
||||
'status' => __($status),
|
||||
]);
|
||||
}
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => [__($status)],
|
||||
]);
|
||||
}
|
||||
|
||||
private function genericSuccessResponse(): JsonResponse
|
||||
{
|
||||
return response()->json([
|
||||
'status' => __('passwords.sent'),
|
||||
]);
|
||||
}
|
||||
|
||||
private function ensureUserCanReset(User $user): void
|
||||
{
|
||||
if ($this->canAccessEventAdmin($user)) {
|
||||
return;
|
||||
}
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => [trans('auth.not_authorized')],
|
||||
]);
|
||||
}
|
||||
|
||||
private function canAccessEventAdmin(User $user): bool
|
||||
{
|
||||
if (in_array($user->role, ['tenant_admin', 'admin', 'super_admin'], true)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($user->role === 'member' && $this->userHasCollaboratorMembership($user)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function userHasCollaboratorMembership(User $user): bool
|
||||
{
|
||||
if (! $user->tenant_id) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return EventMember::query()
|
||||
->where('tenant_id', $user->tenant_id)
|
||||
->where(function ($query) use ($user) {
|
||||
$query->where('user_id', $user->id)
|
||||
->orWhere('email', $user->email);
|
||||
})
|
||||
->whereIn('status', ['active', 'invited'])
|
||||
->exists();
|
||||
}
|
||||
}
|
||||
28
app/Http/Requests/Auth/TenantAdminForgotPasswordRequest.php
Normal file
28
app/Http/Requests/Auth/TenantAdminForgotPasswordRequest.php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Auth;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
class TenantAdminForgotPasswordRequest extends FormRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
||||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the validation rules that apply to the request.
|
||||
*
|
||||
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'email' => ['required', 'email'],
|
||||
];
|
||||
}
|
||||
}
|
||||
31
app/Http/Requests/Auth/TenantAdminResetPasswordRequest.php
Normal file
31
app/Http/Requests/Auth/TenantAdminResetPasswordRequest.php
Normal file
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Auth;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rules;
|
||||
|
||||
class TenantAdminResetPasswordRequest extends FormRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
||||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the validation rules that apply to the request.
|
||||
*
|
||||
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'token' => ['required', 'string'],
|
||||
'email' => ['required', 'email'],
|
||||
'password' => ['required', 'confirmed', Rules\Password::defaults()],
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -18,7 +18,7 @@ class TenantAdminTokenRequest extends FormRequest
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'login' => ['required', 'string'],
|
||||
'login' => ['required', 'email'],
|
||||
'password' => ['required', 'string'],
|
||||
];
|
||||
}
|
||||
@@ -27,10 +27,6 @@ class TenantAdminTokenRequest extends FormRequest
|
||||
{
|
||||
$login = $this->string('login')->trim()->value();
|
||||
|
||||
if (filter_var($login, FILTER_VALIDATE_EMAIL)) {
|
||||
return ['email' => $login, 'password' => $this->string('password')->value()];
|
||||
}
|
||||
|
||||
return ['username' => $login, 'password' => $this->string('password')->value()];
|
||||
return ['email' => $login, 'password' => $this->string('password')->value()];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user