From ec8db249421e48780e61927603a857d50a8d0985 Mon Sep 17 00:00:00 2001 From: Aleksander Kowalski Date: Sun, 8 May 2022 20:34:10 +0200 Subject: [PATCH 1/2] feat: update dockerfile (#105) Co-authored-by: aleksander.kowalski --- environment/dev/php/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/dev/php/Dockerfile b/environment/dev/php/Dockerfile index 2b8c0a18..653e369a 100644 --- a/environment/dev/php/Dockerfile +++ b/environment/dev/php/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/blumilksoftware/php:8.1 +FROM ghcr.io/blumilksoftware/php:8.1.5 ARG XDEBUG_VERSION=3.1.2 ARG INSTALL_XDEBUG=false From 9a47c511a7897b8e652878b0877172d6fc1faddc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ga=C5=82=C4=99zyka?= <72552648+Majkulnn@users.noreply.github.com> Date: Mon, 9 May 2022 16:31:05 +0200 Subject: [PATCH 2/2] #93 - reset password validation (#94) * #93 - fix routing and seeder * #93 - add password validation * #93 - change exception * #93 - Apply suggestions from code review Co-authored-by: Krzysztof Rewak * #93 - change password hashing * #93 - rename exception * #93 - change hashing method * #93 - change hashing method * #93 - changes after review Co-authored-by: Krzysztof Rewak --- database/seeders/DummyDataSeeder.php | 3 +- .../user/password/forgot-password.blade.php | 2 +- .../user/password/reset-password.blade.php | 8 +++-- .../PasswordIsTheSameAsOldException.php | 12 ++++++++ .../Auth/PasswordResetController.php | 22 ++++++++++++-- .../Controllers/Auth/RegisterController.php | 15 +++++----- src/Observers/UserObserver.php | 20 ------------- src/Providers/EventServiceProvider.php | 3 -- .../Authentication/PasswordResetService.php | 14 +++++++++ .../Authentication/UserLoginService.php | 2 ++ src/Services/UserRegisterService.php | 29 +++++++++++++++++++ 11 files changed, 93 insertions(+), 37 deletions(-) create mode 100644 src/Exceptions/PasswordIsTheSameAsOldException.php delete mode 100644 src/Observers/UserObserver.php create mode 100644 src/Services/UserRegisterService.php diff --git a/database/seeders/DummyDataSeeder.php b/database/seeders/DummyDataSeeder.php index 48924842..b348f216 100755 --- a/database/seeders/DummyDataSeeder.php +++ b/database/seeders/DummyDataSeeder.php @@ -11,6 +11,7 @@ use Blumilk\Meetup\Core\Models\User; use Illuminate\Database\Seeder; use Illuminate\Support\Carbon; +use Illuminate\Support\Facades\Hash; class DummyDataSeeder extends Seeder { @@ -19,7 +20,7 @@ public function run(): void $user = User::factory([ "name" => "Admin", "email" => "admin@example.com", - "password" => "password", + "password" => Hash::make("password"), "email_verified_at" => Carbon::createFromDate(2022, 01, 01), ])->create(); diff --git a/resources/views/user/password/forgot-password.blade.php b/resources/views/user/password/forgot-password.blade.php index 0b3aa339..7dd56f1f 100644 --- a/resources/views/user/password/forgot-password.blade.php +++ b/resources/views/user/password/forgot-password.blade.php @@ -10,7 +10,7 @@

Forgot your password?

- Please enter the email adress and we will send you + Please enter the email address and we will send you instructions to reset your password

diff --git a/resources/views/user/password/reset-password.blade.php b/resources/views/user/password/reset-password.blade.php index 75295a12..0443b312 100644 --- a/resources/views/user/password/reset-password.blade.php +++ b/resources/views/user/password/reset-password.blade.php @@ -10,6 +10,11 @@

Reset Password

+ @if (!empty($error)) +
+ {{ $error }} +
+ @endif
@@ -19,8 +24,7 @@ Email
- diff --git a/src/Exceptions/PasswordIsTheSameAsOldException.php b/src/Exceptions/PasswordIsTheSameAsOldException.php new file mode 100644 index 00000000..e2ebd5d0 --- /dev/null +++ b/src/Exceptions/PasswordIsTheSameAsOldException.php @@ -0,0 +1,12 @@ +withErrors(["email" => __($status)]); } - public function edit(PasswordResetRequest $request, string $token): View + public function edit(string $token, Request $request): View { - return view("user.password.reset-password")->with(["email" => $request->validated("email"), "token" => $token]); + $email = $request->email; + + return view("user.password.reset-password")->with([ + "token" => $token, + "email" => $email, + ]); } /** @@ -54,6 +61,17 @@ public function edit(PasswordResetRequest $request, string $token): View */ public function update(PasswordUpdateRequest $request, PasswordResetService $service): RedirectResponse|View { + try { + $service->validatePassword($request->get("password"), $request->get("email")); + } catch (PasswordIsTheSameAsOldException $exception) { + return view("user.password.reset-password") + ->with([ + "error" => $exception->getMessage(), + "token" => $request->validated("token"), + "email" => $request->validated("email"), + ]); + } + $status = $service->resetPassword($request->validated()); if ($status === PasswordBroker::PASSWORD_RESET) { diff --git a/src/Http/Controllers/Auth/RegisterController.php b/src/Http/Controllers/Auth/RegisterController.php index 1ba7a91a..2e180449 100644 --- a/src/Http/Controllers/Auth/RegisterController.php +++ b/src/Http/Controllers/Auth/RegisterController.php @@ -6,25 +6,24 @@ use Blumilk\Meetup\Core\Http\Controllers\Controller; use Blumilk\Meetup\Core\Http\Requests\Authentication\RegisterUserRequest; -use Blumilk\Meetup\Core\Models\User; -use Illuminate\Auth\Events\Registered; +use Blumilk\Meetup\Core\Services\UserRegisterService; use Illuminate\Contracts\View\View; +use Illuminate\Http\Request; class RegisterController extends Controller { - public function create(): View + public function create(Request $request): View { - if (request()->has("email")) { - return view("user.register")->with("email", request()->get("email")); + if ($request->has("email")) { + return view("user.register")->with("email", $request->email); } return view("user.register")->with("email", old("email")); } - public function store(RegisterUserRequest $request): View + public function store(RegisterUserRequest $request, UserRegisterService $service): View { - $user = User::query()->create($request->validated()); - event(new Registered($user)); + $service->register($request->validated("email"), $request->validated("name"), $request->validated("password")); return view("user.registered"); } diff --git a/src/Observers/UserObserver.php b/src/Observers/UserObserver.php deleted file mode 100644 index 67c5164c..00000000 --- a/src/Observers/UserObserver.php +++ /dev/null @@ -1,20 +0,0 @@ -password = $this->hasher->make($user->password); - } -} diff --git a/src/Providers/EventServiceProvider.php b/src/Providers/EventServiceProvider.php index b2f1880c..5865ecde 100755 --- a/src/Providers/EventServiceProvider.php +++ b/src/Providers/EventServiceProvider.php @@ -7,11 +7,9 @@ use Blumilk\Meetup\Core\Models\Contact; use Blumilk\Meetup\Core\Models\Meetup; use Blumilk\Meetup\Core\Models\NewsletterSubscriber; -use Blumilk\Meetup\Core\Models\User; use Blumilk\Meetup\Core\Observers\ContactObserver; use Blumilk\Meetup\Core\Observers\MeetupObserver; use Blumilk\Meetup\Core\Observers\NewsletterSubscriberObserver; -use Blumilk\Meetup\Core\Observers\UserObserver; use Illuminate\Auth\Events\Registered; use Illuminate\Auth\Listeners\SendEmailVerificationNotification; use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider; @@ -26,7 +24,6 @@ class EventServiceProvider extends ServiceProvider public function boot(): void { - User::observe(UserObserver::class); Contact::observe(ContactObserver::class); Meetup::observe(MeetupObserver::class); NewsletterSubscriber::observe(NewsletterSubscriberObserver::class); diff --git a/src/Services/Authentication/PasswordResetService.php b/src/Services/Authentication/PasswordResetService.php index 8efded46..def32475 100644 --- a/src/Services/Authentication/PasswordResetService.php +++ b/src/Services/Authentication/PasswordResetService.php @@ -4,6 +4,8 @@ namespace Blumilk\Meetup\Core\Services\Authentication; +use Blumilk\Meetup\Core\Exceptions\PasswordIsTheSameAsOldException; +use Blumilk\Meetup\Core\Models\User; use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\Passwords\PasswordBrokerManager; use Illuminate\Contracts\Hashing\Hasher; @@ -16,6 +18,18 @@ public function __construct( protected Hasher $hash, ) {} + /** + * @throws PasswordIsTheSameAsOldException + */ + public function validatePassword(string $password, string $email): void + { + $user = User::query()->where("email", $email)->first(); + + if ($this->hash->check($password, $user?->password)) { + throw new PasswordIsTheSameAsOldException(); + } + } + /** * @throws AuthenticationException */ diff --git a/src/Services/Authentication/UserLoginService.php b/src/Services/Authentication/UserLoginService.php index 314fb49d..503f4741 100644 --- a/src/Services/Authentication/UserLoginService.php +++ b/src/Services/Authentication/UserLoginService.php @@ -24,9 +24,11 @@ public function __construct( public function loginUser(string $email, string $password): void { $user = User::where("email", $email)->first(); + if (!$this->hasher->check($password, $user?->password)) { throw new AuthenticationException("Bad credentials"); } + $this->authManager->login($user); $this->session->regenerate(); } diff --git a/src/Services/UserRegisterService.php b/src/Services/UserRegisterService.php new file mode 100644 index 00000000..48bed917 --- /dev/null +++ b/src/Services/UserRegisterService.php @@ -0,0 +1,29 @@ +hasher->make($password); + + $user = User::query()->firstOrCreate([ + "email" => $email, + "name" => $name, + "password" => $hashedPassword, + ]); + + event(new Registered($user)); + } +}