From 6a7938be81c8eca07e439950a0ec008b3608ac43 Mon Sep 17 00:00:00 2001 From: Edvenan Date: Thu, 21 Sep 2023 19:05:42 +0200 Subject: [PATCH 1/6] Delete duplicate route and methods for /forget-Password --- app/Http/Controllers/api/ForgetController.php | 72 ------------------- routes/api.php | 1 - 2 files changed, 73 deletions(-) delete mode 100644 app/Http/Controllers/api/ForgetController.php diff --git a/app/Http/Controllers/api/ForgetController.php b/app/Http/Controllers/api/ForgetController.php deleted file mode 100644 index 616ea26..0000000 --- a/app/Http/Controllers/api/ForgetController.php +++ /dev/null @@ -1,72 +0,0 @@ -email; - - $user = User::where('email', $email)->exists(); - - $token = Str::random(10); - - $existingMail = DB::table('password_reset_tokens')->where('email', $email)->exists(); - - try { - if ($user) { - return response()->json(['error' => 'This email doesn\'t exist'], 404); - } else if ($existingMail) { - DB::table('password_reset_tokens')->where('email', $email)->update([ - 'token' => $token, - ]); - } else { - DB::table('password_reset_tokens')->insert([ - 'email' => $email, - 'token' => $token - ]); - } - - // Enviar correo electrónico - Mail::to($email)->send(new ForgetMail($token)); - - if (Mail::failures()) { - return response()->json(['error' => 'Failed to send email'], 500); - } - - return response()->json(['message' => 'Check your email'], 200); - } catch (Exception $exception) { - return response()->json(['message' => $exception->getMessage()], 500); - } - } - - public function resetPassword(ResetRequest $request) - { - $token = $request->token; - - $passwordResets = DB::table('password_reset_tokens')->where('token', $token)->first(); - - if (!$passwordResets) { - return response()->json(['error' => 'Invalid Token!'], 400); - } - - $user = User::where('email', $passwordResets->email)->first(); - $user->password = Hash::make($request->password); - $user->save(); - - return response()->json(['message' => 'Success'], 200); - } -} diff --git a/routes/api.php b/routes/api.php index 34b50bc..d2563b7 100644 --- a/routes/api.php +++ b/routes/api.php @@ -42,7 +42,6 @@ Route::delete('/{id}', [FaqController::class, 'destroy']); }); -Route::post('/forgetpassword', [ForgetController::class, 'forgetPassword'])->name('forgetpassword'); Route::post('/send-code-by-email', [CodeController::class, 'sendCodeByEmail'])->middleware('auth:api'); From 0d7ee757590a52988046557e732baa61bd186b20 Mon Sep 17 00:00:00 2001 From: Edvenan Date: Thu, 21 Sep 2023 19:06:23 +0200 Subject: [PATCH 2/6] Added validation error handling to send client a response containing the message of the error --- app/Exceptions/Handler.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php index 9b518b8..0e3f368 100644 --- a/app/Exceptions/Handler.php +++ b/app/Exceptions/Handler.php @@ -4,7 +4,8 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler; use Throwable; -use Illuminate\Database\Eloquent\ModelNotFoundException; +use Illuminate\Database\Eloquent\ModelNotFoundException; +use Illuminate\Validation\ValidationException; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Exception\HttpException; @@ -55,8 +56,12 @@ public function render($request, Throwable $exception) return response()->json(['error' => 'Resource not found'], Response::HTTP_NOT_FOUND); } + if ($exception instanceof ValidationException) { + return response()->json(['error' => $exception->getMessage()], Response::HTTP_INTERNAL_SERVER_ERROR); + } + if ($exception instanceof HttpException) { - return response()->json(['error' => 'Somethings wrong with the server'], Response::HTTP_INTERNAL_SERVER_ERROR); + return response()->json(['error' => 'Somethings wrong with the server: '.$exception->getMessage()], Response::HTTP_INTERNAL_SERVER_ERROR); } return parent::render($request, $exception); From 5d04b3473e411e7dec4986721b81d366a280fad3 Mon Sep 17 00:00:00 2001 From: Edvenan Date: Thu, 21 Sep 2023 19:09:47 +0200 Subject: [PATCH 3/6] File renamed for readeability and email body content updated --- ...{ForgetMail.php => ForgetPasswordMail.php} | 15 +- ...get.blade.php => forgetPassword.blade.php} | 146 +++++++++--------- 2 files changed, 81 insertions(+), 80 deletions(-) rename app/Mail/{ForgetMail.php => ForgetPasswordMail.php} (76%) rename resources/views/mail/{forget.blade.php => forgetPassword.blade.php} (90%) diff --git a/app/Mail/ForgetMail.php b/app/Mail/ForgetPasswordMail.php similarity index 76% rename from app/Mail/ForgetMail.php rename to app/Mail/ForgetPasswordMail.php index 9994329..8228648 100644 --- a/app/Mail/ForgetMail.php +++ b/app/Mail/ForgetPasswordMail.php @@ -11,18 +11,21 @@ -class ForgetMail extends Mailable +class ForgetPasswordMail extends Mailable { use Queueable, SerializesModels; + public $name; public $token; + /** * Create a new message instance. */ - public function __construct($token) + public function __construct($name, $token) { - $this->data = $token; + $this->name = $name; + $this->token = $token; } /** @@ -31,7 +34,7 @@ public function __construct($token) public function envelope(): Envelope { return new Envelope( - subject: 'Password Reset', + subject: 'Please reset your password', ); } @@ -41,10 +44,8 @@ public function envelope(): Envelope public function content(): Content { - $data = $this->data; - return new Content( - view: 'mail.forget', + view: 'mail.forgetPassword', ); } diff --git a/resources/views/mail/forget.blade.php b/resources/views/mail/forgetPassword.blade.php similarity index 90% rename from resources/views/mail/forget.blade.php rename to resources/views/mail/forgetPassword.blade.php index 6da7f52..362c091 100644 --- a/resources/views/mail/forget.blade.php +++ b/resources/views/mail/forgetPassword.blade.php @@ -17,75 +17,75 @@ @@ -237,9 +237,9 @@
-

Hello,

+

Hello {{$name}},

 

-

We have sent you this email in response to your request to reset your password on company name.

+

We have sent you this email in response to your request to reset your password on IT Academy Landing.

 

To reset your password, please follow the link below:

@@ -255,9 +255,9 @@ -
+
- + Reset Password From c534b8747d0ee3da438593e3a3b486def6acb89c Mon Sep 17 00:00:00 2001 From: Edvenan Date: Thu, 21 Sep 2023 19:10:50 +0200 Subject: [PATCH 4/6] Updated forgetPassword method in UserController --- app/Http/Controllers/api/UserController.php | 59 ++++++++++----------- 1 file changed, 27 insertions(+), 32 deletions(-) diff --git a/app/Http/Controllers/api/UserController.php b/app/Http/Controllers/api/UserController.php index 1a4f696..b9f97fb 100644 --- a/app/Http/Controllers/api/UserController.php +++ b/app/Http/Controllers/api/UserController.php @@ -11,7 +11,7 @@ use App\Models\Code; use App\Http\Requests\ForgetRequest; use App\Http\Requests\ResetRequest; -use App\Mail\ForgetMail; +use App\Mail\ForgetPasswordMail; use Illuminate\Support\Str; use Illuminate\Support\Facades\DB; use Exception; @@ -121,8 +121,8 @@ private function is_usedUpdated($code, $userId) * @OA\Post( * path="/forget-password", * tags={"User"}, - * summary="send email to recovery password", - * description="This endpoint is used send an email to a register user to reset the password.", + * summary="send email to reset password", + * description="This endpoint is used to send an email to a registered user to reset the password.", * @OA\RequestBody( * required=true, * @OA\MediaType( @@ -138,11 +138,11 @@ private function is_usedUpdated($code, $userId) * ), * @OA\Response( * response="200", - * description="check your email" + * description="Password reset email sent out. Check your email" * ), * @OA\Response( * response="404", - * description="The email don\'t exist" + * description="The email does not exist" * ) * ) */ @@ -151,37 +151,32 @@ public function forgetPassword(ForgetRequest $request){ $email = $request->email; - $user= User::where('email',$email)->doesntExist(); - - $token= Str::random(10); - - $existingMail = DB::table('password_reset_tokens')->where('email', $email)->first(); - - try{ + // check if user with such email exists + $user= User::where('email',$email)->first(); - if($user){ - return response()->json(['error' => 'The email don\'t exist'],404); - - }else if($existingMail){ + if(!$user){ + return response()->json(['error' => 'The email does not exist'],404); + } - DB::table('password_reset_tokens')->where('email', $email)->update([ - 'token' => $token, - ]); + // Generate password reset token + $token= Str::random(10); + // Assign password reset token to user's email in 'password_reset_token' table + if(DB::table('password_reset_tokens')->where('email', $email)->first()) { + DB::table('password_reset_tokens')->where('email', $email)->update([ 'token' => $token, ]); } else { - DB::table('password_reset_tokens')->insert([ 'email' => $email, 'token' => $token - ]); - } + ]); + }; - //send email + //send password reset email + Mail::to($email)->send(new ForgetPasswordMail($user->name, $token)); - Mail::to($email)->send(new ForgetMail($token)); - - return response()->json(['message'=>'check your email'],200); + // send confirmation response + return response()->json(['message'=>'Password reset email sent out. Check your email'],200); }catch(Exception $exception){ @@ -196,8 +191,8 @@ public function forgetPassword(ForgetRequest $request){ * @OA\Post( * path="/reset-password/{token}", * tags={"User"}, - * summary="User recovery password", - * description="This endpoint is used to update the password of the user.", + * summary="Reset user password", + * description="This endpoint is used to reset the user password.", * @OA\RequestBody( * required=true, * @OA\MediaType( @@ -214,7 +209,7 @@ public function forgetPassword(ForgetRequest $request){ * example="password" * ), * @OA\Property( - * property="password_confirm", + * property="password_confirmation", * type="string", * example="password" * ), @@ -223,7 +218,7 @@ public function forgetPassword(ForgetRequest $request){ * ), * @OA\Response( * response="200", - * description="success" + * description="User password reset successfully" * ), * @OA\Response( * response="400", @@ -249,10 +244,10 @@ public function resetPassword(ResetRequest $request){ $user= User::where('email',$passwordResets->email)->first(); $user->password = Hash::make($request->password); $user->save(); - DB::table('password_reset_tokens')->where('email', $passwordResets->email)->update(['token' => null]); + DB::table('password_reset_tokens')->where('email', $passwordResets->email)->delete(); return response()->json([ - 'message' => 'success' + 'message' => 'User password reset successfully' ],200); } From b10476dce6dcaf25d8abde734f2cfda71f972d24 Mon Sep 17 00:00:00 2001 From: Edvenan Date: Thu, 21 Sep 2023 19:11:34 +0200 Subject: [PATCH 5/6] Updated password rules to match those in store process (register) of UserController.php --- app/Http/Requests/ResetRequest.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/Http/Requests/ResetRequest.php b/app/Http/Requests/ResetRequest.php index 4afe72b..e7d31cd 100644 --- a/app/Http/Requests/ResetRequest.php +++ b/app/Http/Requests/ResetRequest.php @@ -22,8 +22,7 @@ public function authorize(): bool public function rules(): array { return [ - 'password' =>'required', - 'password_confirm' => 'required|same:password' + 'password' => 'required|string|min:8|confirmed' ]; } } From bc31361867363f5a03d023632029a632a5b10db7 Mon Sep 17 00:00:00 2001 From: Edvenan Date: Thu, 21 Sep 2023 19:16:29 +0200 Subject: [PATCH 6/6] Reverted url contained in the reset password link of the email to localhost:3000 --- resources/views/mail/forgetPassword.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/mail/forgetPassword.blade.php b/resources/views/mail/forgetPassword.blade.php index 362c091..a9dd05a 100644 --- a/resources/views/mail/forgetPassword.blade.php +++ b/resources/views/mail/forgetPassword.blade.php @@ -257,7 +257,7 @@