Make password reset impossible for blocked users.

2024-11-28 03:34:32 -06:00 · 2015-12-02 13:28:11 +01:00 · 2015-12-02 13:28:11 +01:00 · d4e759754d
commit d4e759754d
parent a96e171cbf
3 changed files with 39 additions and 1 deletions
--- a/app/Http/Controllers/Auth/PasswordController.php
+++ b/app/Http/Controllers/Auth/PasswordController.php
@ -2,7 +2,12 @@

 use FireflyIII\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
-
+use FireflyIII\User;
+use Illuminate\Http\Request;
+use Illuminate\Mail\Message;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Password;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 /**
 * Class PasswordController
 *
@ -41,4 +46,35 @@ class PasswordController extends Controller
        $this->middleware('guest');
    }

+    /**
+     * Send a reset link to the given user.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\Response
+     */
+    public function postEmail(Request $request)
+    {
+        $this->validate($request, ['email' => 'required|email']);
+
+        $user = User::whereEmail($request->get('email'))->first();
+
+        if (!is_null($user) && intval($user->blocked) === 1) {
+            $response = 'passwords.blocked';
+        } else {
+            $response = Password::sendResetLink($request->only('email'), function (Message $message) {
+                $message->subject($this->getEmailSubject());
+            });
+        }
+
+        switch ($response) {
+            case Password::RESET_LINK_SENT:
+                return redirect()->back()->with('status', trans($response));
+
+            case Password::INVALID_USER:
+            case 'passwords.blocked':
+                return redirect()->back()->withErrors(['email' => trans($response)]);
+
+        }
+    }
+
 }
--- a/resources/lang/en/passwords.php
+++ b/resources/lang/en/passwords.php
@ -17,5 +17,6 @@ return [
    "token"    => "This password reset token is invalid.",
    "sent"     => "We have e-mailed your password reset link!",
    "reset"    => "Your password has been reset!",
+    'blocked'  => 'Nice try though.'

 ];
--- a/resources/lang/nl/passwords.php
+++ b/resources/lang/nl/passwords.php
@ -17,5 +17,6 @@ return [
    "token"    => "Ongeldig token! Sorry",
    "sent"     => "Je krijgt een mailtje met een linkje om je wachtwoord te herstellen!",
    "reset"    => "Je wachtwoord is hersteld!",
+    'blocked'  => 'Leuk geprobeerd wel.'

 ];