diff options
author | Camil Staps | 2015-05-13 13:43:16 +0200 |
---|---|---|
committer | Camil Staps | 2015-05-13 13:43:16 +0200 |
commit | 497549300ce8231f5b25c93a4f95aeb35baad027 (patch) | |
tree | f50e0dcf8120f7589826f9f2932f4d7d8f9ccfaf /src | |
parent | Fixed security issue: safer random token generator using openssl (diff) |
Password reminders start
Diffstat (limited to 'src')
-rw-r--r-- | src/CamilStaps/BotleaguesApi/PasswordReminder.php | 40 | ||||
-rw-r--r-- | src/CamilStaps/BotleaguesApi/User.php | 16 | ||||
-rw-r--r-- | src/controllers/PasswordReminderController.php | 35 | ||||
-rw-r--r-- | src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php | 36 | ||||
-rw-r--r-- | src/routes.php | 3 | ||||
-rw-r--r-- | src/views/emails/auth/reminder.blade.php | 14 |
6 files changed, 141 insertions, 3 deletions
diff --git a/src/CamilStaps/BotleaguesApi/PasswordReminder.php b/src/CamilStaps/BotleaguesApi/PasswordReminder.php new file mode 100644 index 0000000..a129dc8 --- /dev/null +++ b/src/CamilStaps/BotleaguesApi/PasswordReminder.php @@ -0,0 +1,40 @@ +<?php +/** + * Created by PhpStorm. + * User: camilstaps + * Date: 13-5-15 + * Time: 13:12 + */ + +namespace CamilStaps\BotleaguesApi; + + +use Illuminate\Database\Eloquent\Model; +use Illuminate\Support\Facades\Mail; + +class PasswordReminder extends Model { + + protected $table = 'password_reminders'; + protected $hidden = ['token']; + protected $fillable = ['userId', 'token', 'valid_till']; + + /** + * Override the parent's save() function to automatically update the valid_till timestamp, and send an email + */ + public function save(array $options = array()) { + $this->valid_till = date("Y-m-d H:i:s", time() + 3600); + + $user = User::find($this->userId); + Mail::send('packages.camil-staps.botleagues-api.emails.auth.reminder', ['token' => $this->token], function($message) use ($user) { + $message->to($user->email, "User " . $user->id); + }); + + return parent::save($options); + } + + /** + * Disable updated_at timestamp + */ + public function setUpdatedAtAttribute($value) {} + +}
\ No newline at end of file diff --git a/src/CamilStaps/BotleaguesApi/User.php b/src/CamilStaps/BotleaguesApi/User.php index 220db36..560f737 100644 --- a/src/CamilStaps/BotleaguesApi/User.php +++ b/src/CamilStaps/BotleaguesApi/User.php @@ -1,10 +1,11 @@ <?php namespace CamilStaps\BotleaguesApi; +use Illuminate\Auth\Reminders\RemindableInterface; use Illuminate\Auth\UserInterface; use Illuminate\Database\Eloquent\Model; -class User extends Model implements UserInterface { +class User extends Model implements UserInterface, RemindableInterface { protected $table = 'users'; protected $hidden = ['password', 'remember_token', 'api_key']; @@ -24,7 +25,7 @@ class User extends Model implements UserInterface { * @return mixed */ public function getAuthIdentifier() { - return $this->email; + return $this->getKey(); } /** @@ -33,7 +34,7 @@ class User extends Model implements UserInterface { * @return string */ public function getAuthPassword() { - return null; + return $this->password; } /** @@ -63,4 +64,13 @@ class User extends Model implements UserInterface { public function getRememberTokenName() { return null; } + + /** + * Get the e-mail address where password reminders are sent. + * + * @return string + */ + public function getReminderEmail() { + return $this->email; + } }
\ No newline at end of file diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php new file mode 100644 index 0000000..0c2a087 --- /dev/null +++ b/src/controllers/PasswordReminderController.php @@ -0,0 +1,35 @@ +<?php +/** + * Created by PhpStorm. + * User: camilstaps + * Date: 13-5-15 + * Time: 13:13 + */ + +namespace CamilStaps\BotleaguesApi; + +use Illuminate\Support\Facades\Input; + +class PasswordReminderController extends BaseController { + + protected $passwordReminder; + + public function __construct(PasswordReminder $passwordReminder) { + $this->passwordReminder = $passwordReminder; + } + + /** + * Set the userId and create a random token + */ + public function store() { + $this->passwordReminder->userId = Input::get('user_id'); + $this->passwordReminder->token = base64_encode(openssl_random_pseudo_bytes(64)); + + if ($this->passwordReminder->save()) { + return $this->passwordReminder; + } else { + throw new \Dingo\Api\Exception\StoreResourceFailedException; + } + } + +}
\ No newline at end of file diff --git a/src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php b/src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php new file mode 100644 index 0000000..a2473fb --- /dev/null +++ b/src/migrations/2015_05_13_105945_botleaguesapi-create_password_reminders.php @@ -0,0 +1,36 @@ +<?php + +use Illuminate\Database\Schema\Blueprint; +use Illuminate\Database\Migrations\Migration; + +class BotleaguesApiCreatePasswordReminders extends Migration { + + /** + * Run the migrations. + * + * @return void + */ + public function up() + { + Schema::create('password_reminders', function(Blueprint $table) + { + $table->integer('userId')->unsigned(); + $table->foreign('userId')->references('id')->on('users'); + $table->string('token')->index(); + $table->timestamp('created_at'); + $table->timestamp('valid_till'); + $table->timestamp('used_at')->nullable(); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::drop('password_reminders'); + } + +} diff --git a/src/routes.php b/src/routes.php index 13b73da..8ec4e38 100644 --- a/src/routes.php +++ b/src/routes.php @@ -21,6 +21,9 @@ Route::group(array('https'), function() { Route::resource('user', 'CamilStaps\BotleaguesApi\UserController', ['only' => ['index','show','store']]); + Route::resource('password_reminder', 'CamilStaps\BotleaguesApi\PasswordReminderController', + ['only' => ['store']]); + }); Route::api(['version' => 'v1', 'protected' => true, 'providers' => 'basic'], function () { diff --git a/src/views/emails/auth/reminder.blade.php b/src/views/emails/auth/reminder.blade.php new file mode 100644 index 0000000..bd8ad22 --- /dev/null +++ b/src/views/emails/auth/reminder.blade.php @@ -0,0 +1,14 @@ +<!DOCTYPE html> +<html lang="en-US"> +<head> + <meta charset="utf-8"> +</head> +<body> +<h2>Password Reset</h2> + +<div> + To reset your password, use the following token:<br/> + {{{ $token }}} +</div> +</body> +</html> |