From af5bbacfe7f70ee2999b9aa22a32c89037a78c26 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Mon, 15 Jan 2024 13:44:39 +0200 Subject: [PATCH] Fixed CP password reset --- cp/app/Auth/Auth.php | 10 +-- .../Controllers/Auth/PasswordController.php | 5 +- cp/composer.json | 2 +- .../views/auth/mail/reset-password.html | 33 ++++++++-- .../views/auth/password/forgot-password.twig | 1 - .../views/auth/password/update-password.twig | 62 +++++++++++-------- 6 files changed, 77 insertions(+), 36 deletions(-) diff --git a/cp/app/Auth/Auth.php b/cp/app/Auth/Auth.php index ae1643d..73060f5 100644 --- a/cp/app/Auth/Auth.php +++ b/cp/app/Auth/Auth.php @@ -183,14 +183,16 @@ class Auth * @param $email * @throws \Pinga\Auth\AuthError */ - public static function forgotPassword($email){ + public static function forgotPassword($email,$username){ $auth = self::$auth; try { - $auth->forgotPassword($email, function ($selector, $token) use ($email) { + $auth->forgotPassword($email, function ($selector, $token) use ($email,$username) { $link = url('reset.password',[],['selector'=>urlencode($selector),'token'=>urlencode($token)]); $message = file_get_contents(__DIR__.'/../../resources/views/auth/mail/reset-password.html'); - $message = str_replace(['{link}','{app_name}'],[$link,envi('APP_NAME')],$message); - $subject = 'Reset Password'; + $placeholders = ['{user_first_name}', '{link}', '{app_name}']; + $replacements = [ucfirst($username), $link, envi('APP_NAME')]; + $message = str_replace($placeholders, $replacements, $message); + $subject = '[' . envi('APP_NAME') . '] Action Required: Reset Your Password'; $from = ['email'=>envi('MAIL_FROM_ADDRESS'), 'name'=>envi('MAIL_FROM_NAME')]; $to = ['email'=>$email, 'name'=>'']; // send message diff --git a/cp/app/Controllers/Auth/PasswordController.php b/cp/app/Controllers/Auth/PasswordController.php index 8685ae1..2187ee4 100644 --- a/cp/app/Controllers/Auth/PasswordController.php +++ b/cp/app/Controllers/Auth/PasswordController.php @@ -32,8 +32,11 @@ class PasswordController extends Controller * @throws \Pinga\Auth\AuthError */ public function forgotPassword(Request $request, Response $response){ + global $container; + $db = $container->get('db'); $data = $request->getParsedBody(); - Auth::forgotPassword($data['email']); + $username = $db->selectValue('SELECT username FROM users WHERE email = ?', [$data['email']]); + Auth::forgotPassword($data['email'],$username); } /** diff --git a/cp/composer.json b/cp/composer.json index 6239389..01f17b9 100644 --- a/cp/composer.json +++ b/cp/composer.json @@ -24,7 +24,7 @@ "php-di/php-di": "^7.0.6", "nyholm/psr7": "^1.8.1", "nyholm/psr7-server": "^1.1.0", - "pinga/auth": "^0.3.3", + "pinga/auth": "^0.3.4", "filp/whoops": "^2.15.3", "imefisto/psr-swoole-native": "^1.1.2", "chubbyphp/chubbyphp-static-file": "^1.2", diff --git a/cp/resources/views/auth/mail/reset-password.html b/cp/resources/views/auth/mail/reset-password.html index 3014c0c..6770b22 100644 --- a/cp/resources/views/auth/mail/reset-password.html +++ b/cp/resources/views/auth/mail/reset-password.html @@ -173,9 +173,9 @@ - @@ -189,7 +189,16 @@ @@ -216,7 +225,23 @@ diff --git a/cp/resources/views/auth/password/forgot-password.twig b/cp/resources/views/auth/password/forgot-password.twig index ae6e05d..9ea6af7 100644 --- a/cp/resources/views/auth/password/forgot-password.twig +++ b/cp/resources/views/auth/password/forgot-password.twig @@ -23,7 +23,6 @@
diff --git a/cp/resources/views/auth/password/update-password.twig b/cp/resources/views/auth/password/update-password.twig index fa2e0f1..2070cb8 100644 --- a/cp/resources/views/auth/password/update-password.twig +++ b/cp/resources/views/auth/password/update-password.twig @@ -1,29 +1,41 @@ {% extends "layouts/auth.twig" %} -{% block title %}Update Password{% endblock %} +{% block title %}Reset Password{% endblock %} {% block content %} -
- {{ csrf.field | raw }} - - -
-
-
-
Reset Password
-
- - {% if errors.password %} - {{ errors.password | first }} - {% endif %} -
-
- -
- -
-
-
- -{% endblock %} - +
+
+
+ + {% include 'partials/flash.twig' %} +
+
+ {{ csrf.field | raw }} + + +
+

Reset Password

+

You're just a step away from resetting your password. Please enter your new password below. Make sure it's strong and unique to keep your account secure.

+
+ + {% if errors.password %} + {{ errors.password | first }} + {% endif %} +
+
+ +
+
+ +
+
+ +
+ Forget it, send me back to the sign in screen. +
+
+
+{% endblock %} \ No newline at end of file
+ - +
- Password reset request +

Dear {user_first_name},

+

We received a request to reset the password for your account. If you did not initiate this request, please rest assured that your account remains secure and you can safely disregard this email.

+
+ +
+

To Reset Your Password:

+
    +
  1. Click the button below within the next 24 hours. If the link expires, you can initiate a new password reset request.
    2. +
  2. Follow the instructions to create a new password.
    3. +
- If you did not make this request, just ignore this email. Otherwise please click the button above to reset your password. +

For your security, please ensure your new password:

+
    +
  • Is at least 8 characters long.
    • +
  • Contains a mix of letters, numbers, and symbols.
    • +
  • Is not used for any other accounts.
    • +
+
+ +
+

Didn't Request a Password Reset?

+

If you did not request a password reset, no further action is required. However, it's a good practice to regularly update your password and review your account security settings.

+

Thank you for taking the time to keep your account secure.

+
+ +
+

Best regards,
+ {app_name} Support Team