aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCamil Staps2015-05-13 13:43:16 +0200
committerCamil Staps2015-05-13 13:43:16 +0200
commit497549300ce8231f5b25c93a4f95aeb35baad027 (patch)
treef50e0dcf8120f7589826f9f2932f4d7d8f9ccfaf
parentFixed security issue: safer random token generator using openssl (diff)
Password reminders start
-rw-r--r--src/CamilStaps/BotleaguesApi/PasswordReminder.php40
-rw-r--r--src/CamilStaps/BotleaguesApi/User.php16
-rw-r--r--src/controllers/PasswordReminderController.php35
-rw-r--r--src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php36
-rw-r--r--src/routes.php3
-rw-r--r--src/views/emails/auth/reminder.blade.php14
6 files changed, 141 insertions, 3 deletions
diff --git a/src/CamilStaps/BotleaguesApi/PasswordReminder.php b/src/CamilStaps/BotleaguesApi/PasswordReminder.php
new file mode 100644
index 0000000..a129dc8
--- /dev/null
+++ b/src/CamilStaps/BotleaguesApi/PasswordReminder.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: camilstaps
+ * Date: 13-5-15
+ * Time: 13:12
+ */
+
+namespace CamilStaps\BotleaguesApi;
+
+
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Facades\Mail;
+
+class PasswordReminder extends Model {
+
+ protected $table = 'password_reminders';
+ protected $hidden = ['token'];
+ protected $fillable = ['userId', 'token', 'valid_till'];
+
+ /**
+ * Override the parent's save() function to automatically update the valid_till timestamp, and send an email
+ */
+ public function save(array $options = array()) {
+ $this->valid_till = date("Y-m-d H:i:s", time() + 3600);
+
+ $user = User::find($this->userId);
+ Mail::send('packages.camil-staps.botleagues-api.emails.auth.reminder', ['token' => $this->token], function($message) use ($user) {
+ $message->to($user->email, "User " . $user->id);
+ });
+
+ return parent::save($options);
+ }
+
+ /**
+ * Disable updated_at timestamp
+ */
+ public function setUpdatedAtAttribute($value) {}
+
+} \ No newline at end of file
diff --git a/src/CamilStaps/BotleaguesApi/User.php b/src/CamilStaps/BotleaguesApi/User.php
index 220db36..560f737 100644
--- a/src/CamilStaps/BotleaguesApi/User.php
+++ b/src/CamilStaps/BotleaguesApi/User.php
@@ -1,10 +1,11 @@
<?php
namespace CamilStaps\BotleaguesApi;
+use Illuminate\Auth\Reminders\RemindableInterface;
use Illuminate\Auth\UserInterface;
use Illuminate\Database\Eloquent\Model;
-class User extends Model implements UserInterface {
+class User extends Model implements UserInterface, RemindableInterface {
protected $table = 'users';
protected $hidden = ['password', 'remember_token', 'api_key'];
@@ -24,7 +25,7 @@ class User extends Model implements UserInterface {
* @return mixed
*/
public function getAuthIdentifier() {
- return $this->email;
+ return $this->getKey();
}
/**
@@ -33,7 +34,7 @@ class User extends Model implements UserInterface {
* @return string
*/
public function getAuthPassword() {
- return null;
+ return $this->password;
}
/**
@@ -63,4 +64,13 @@ class User extends Model implements UserInterface {
public function getRememberTokenName() {
return null;
}
+
+ /**
+ * Get the e-mail address where password reminders are sent.
+ *
+ * @return string
+ */
+ public function getReminderEmail() {
+ return $this->email;
+ }
} \ No newline at end of file
diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php
new file mode 100644
index 0000000..0c2a087
--- /dev/null
+++ b/src/controllers/PasswordReminderController.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: camilstaps
+ * Date: 13-5-15
+ * Time: 13:13
+ */
+
+namespace CamilStaps\BotleaguesApi;
+
+use Illuminate\Support\Facades\Input;
+
+class PasswordReminderController extends BaseController {
+
+ protected $passwordReminder;
+
+ public function __construct(PasswordReminder $passwordReminder) {
+ $this->passwordReminder = $passwordReminder;
+ }
+
+ /**
+ * Set the userId and create a random token
+ */
+ public function store() {
+ $this->passwordReminder->userId = Input::get('user_id');
+ $this->passwordReminder->token = base64_encode(openssl_random_pseudo_bytes(64));
+
+ if ($this->passwordReminder->save()) {
+ return $this->passwordReminder;
+ } else {
+ throw new \Dingo\Api\Exception\StoreResourceFailedException;
+ }
+ }
+
+} \ No newline at end of file
diff --git a/src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php b/src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php
new file mode 100644
index 0000000..a2473fb
--- /dev/null
+++ b/src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php
@@ -0,0 +1,36 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class BotleaguesApiCreatePasswordReminders extends Migration {
+
+ /**
+ * Run the migrations.
+ *
+ * @return void
+ */
+ public function up()
+ {
+ Schema::create('password_reminders', function(Blueprint $table)
+ {
+ $table->integer('userId')->unsigned();
+ $table->foreign('userId')->references('id')->on('users');
+ $table->string('token')->index();
+ $table->timestamp('created_at');
+ $table->timestamp('valid_till');
+ $table->timestamp('used_at')->nullable();
+ });
+ }
+
+ /**
+ * Reverse the migrations.
+ *
+ * @return void
+ */
+ public function down()
+ {
+ Schema::drop('password_reminders');
+ }
+
+}
diff --git a/src/routes.php b/src/routes.php
index 13b73da..8ec4e38 100644
--- a/src/routes.php
+++ b/src/routes.php
@@ -21,6 +21,9 @@ Route::group(array('https'), function() {
Route::resource('user', 'CamilStaps\BotleaguesApi\UserController',
['only' => ['index','show','store']]);
+ Route::resource('password_reminder', 'CamilStaps\BotleaguesApi\PasswordReminderController',
+ ['only' => ['store']]);
+
});
Route::api(['version' => 'v1', 'protected' => true, 'providers' => 'basic'], function () {
diff --git a/src/views/emails/auth/reminder.blade.php b/src/views/emails/auth/reminder.blade.php
new file mode 100644
index 0000000..bd8ad22
--- /dev/null
+++ b/src/views/emails/auth/reminder.blade.php
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en-US">
+<head>
+ <meta charset="utf-8">
+</head>
+<body>
+<h2>Password Reset</h2>
+
+<div>
+ To reset your password, use the following token:<br/>
+ {{{ $token }}}
+</div>
+</body>
+</html>