Password resets (#54)

SebKay · web-flow · commit 79730b30b54c · 2024-03-06T15:35:32.000Z
* Add reset link below login form

* Add view for resetting password

* Add logic for sending password reset email

* Add view for resetting password

* Add logic for resetting password

* Add tests for `ResetPasswordController`

* Update ResetPasswordController.php
diff --git a/.gitignore b/.gitignore
@@ -19,3 +19,4 @@ yarn-error.log
 /.fleet
 /.idea
 /.vscode
+.phpunit.cache/
diff --git a/app/Http/Controllers/ResetPasswordController.php b/app/Http/Controllers/ResetPasswordController.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\ResetPassword\ResetPasswordStore;
+use App\Http\Requests\ResetPassword\ResetPasswordUpdate;
+use App\Models\User;
+use Illuminate\Auth\Events\PasswordReset;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Str;
+use Illuminate\Validation\ValidationException;
+
+class ResetPasswordController extends Controller
+{
+    public function show(Request $request)
+    {
+        return \inertia('ResetPassword/Show');
+    }
+
+    public function store(ResetPasswordStore $request)
+    {
+        $status = Password::sendResetLink($request->only('email'));
+
+        if ($status !== Password::RESET_LINK_SENT) {
+            throw ValidationException::withMessages([
+                'reset_link' => \__($status),
+            ]);
+        }
+
+        \session()->flash('message', \__('passwords.sent'));
+
+        return \redirect()->route('login');
+    }
+
+    public function edit(Request $request, string $token)
+    {
+        return \inertia('ResetPassword/Edit', [
+            'token' => $token,
+            'email' => $request->string('email'),
+        ]);
+    }
+
+    public function update(ResetPasswordUpdate $request)
+    {
+        $status = Password::reset($request->only('token', 'email', 'password', 'token'), function (User $user, string $password) {
+            $user->forceFill([
+                'password' => $password,
+            ])->setRememberToken(Str::random(60));
+
+            $user->save();
+
+            \event(new PasswordReset($user));
+        });
+
+        if ($status !== Password::PASSWORD_RESET) {
+            throw ValidationException::withMessages([
+                'reset' => __($status),
+            ]);
+        }
+
+        \session()->flash('message', \__('passwords.reset'));
+
+        return \redirect()->route('login');
+    }
+}
diff --git a/app/Http/Requests/ResetPassword/ResetPasswordStore.php b/app/Http/Requests/ResetPassword/ResetPasswordStore.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Http\Requests\ResetPassword;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class ResetPasswordStore extends FormRequest
+{
+    public function rules()
+    {
+        return [
+            'email' => ['required', 'email', 'exists:users'],
+        ];
+    }
+}
diff --git a/app/Http/Requests/ResetPassword/ResetPasswordUpdate.php b/app/Http/Requests/ResetPassword/ResetPasswordUpdate.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Requests\ResetPassword;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rules\Password;
+
+class ResetPasswordUpdate extends FormRequest
+{
+    public function rules()
+    {
+        return [
+            'email' => ['required', 'email', 'exists:users'],
+            'token' => ['required'],
+            'password_confirmation' => ['required', 'same:password'],
+            'password' => [
+                'required',
+                Password::min(6)
+                    ->mixedCase()
+                    ->numbers()
+                    ->symbols()
+                    ->uncompromised(),
+            ],
+        ];
+    }
+}
diff --git a/resources/js/Pages/Login/Show.vue b/resources/js/Pages/Login/Show.vue
@@ -1,4 +1,5 @@
 <template>
+
     <Head :title="title" />
 
     <div class="mx-auto max-w-2xl">
@@ -69,8 +70,17 @@
                 </div>
             </form>
 
-            <div class="mt-5 sm:mt-7">
+            <div class="mt-6 lg:mt-10">
                 <p class="text-center text-slate-800">
+                    <Link
+                        class="underline hover:no-underline"
+                        :href="route('password')"
+                    >
+                    Forgot your password?
+                    </Link>
+                </p>
+
+                <p class="text-center text-slate-800 mt-3">
                     <Link
                         class="underline hover:no-underline"
                         :href="route('register')"
diff --git a/resources/js/Pages/Register/Show.vue b/resources/js/Pages/Register/Show.vue
@@ -100,7 +100,7 @@
                 </div>
             </form>
 
-            <div class="mt-5 sm:mt-7">
+            <div class="mt-6 lg:mt-10">
                 <p class="text-center text-slate-800">
                     <Link
                         class="underline hover:no-underline"
diff --git a/resources/js/Pages/ResetPassword/Edit.vue b/resources/js/Pages/ResetPassword/Edit.vue
@@ -0,0 +1,86 @@
+<template>
+
+    <Head :title="title" />
+
+    <div class="mx-auto max-w-2xl">
+        <h1
+            v-text="title"
+            class="lg:text-4xl text-3xl font-medium text-slate-800 text-center lg:mb-8 mb-4"
+        ></h1>
+
+        <div class="bg-white rounded-2xl lg:p-10 p-6 border border-slate-200">
+            <form @submit.prevent="submitResetPasswordForm">
+                <div class="grid grid-cols-1 gap-5 sm:gap-7 sm:grid-cols-6">
+                    <div class="col-span-full">
+                        <label
+                            class="label"
+                            for="password"
+                        >
+                            Password
+                        </label>
+                        <input
+                            id="password"
+                            type="password"
+                            class="input"
+                            required
+                            v-model="resetPasswordForm.password"
+                        />
+                    </div>
+
+                    <div class="col-span-full">
+                        <label
+                            class="label"
+                            for="password-confirmation"
+                        >
+                            Confirm Password
+                        </label>
+                        <input
+                            id="password-confirmation"
+                            type="password"
+                            class="input"
+                            required
+                            v-model="resetPasswordForm.password_confirmation"
+                        />
+                    </div>
+
+                    <div class="col-span-full">
+                        <Button
+                            text="Reset Password"
+                            class="w-full text-center justify-center"
+                            :disabled="resetPasswordForm.processing"
+                        />
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</template>
+
+<script>
+    import { useForm } from "@inertiajs/vue3";
+
+    export default {
+        props: {
+            email: String,
+            token: String,
+        },
+
+        data() {
+            return {
+                title: "Reset Password",
+                resetPasswordForm: useForm({
+                    email: this.email,
+                    password: "",
+                    password_confirmation: "",
+                    token: this.token,
+                }),
+            };
+        },
+
+        methods: {
+            submitResetPasswordForm() {
+                this.resetPasswordForm.patch(route("password.update"));
+            },
+        },
+    };
+</script>
diff --git a/resources/js/Pages/ResetPassword/Show.vue b/resources/js/Pages/ResetPassword/Show.vue
@@ -0,0 +1,73 @@
+<template>
+
+    <Head :title="title" />
+
+    <div class="mx-auto max-w-2xl">
+        <h1
+            v-text="title"
+            class="lg:text-4xl text-3xl font-medium text-slate-800 text-center lg:mb-8 mb-4"
+        ></h1>
+
+        <div class="bg-white rounded-2xl lg:p-10 p-6 border border-slate-200">
+            <form @submit.prevent="submitForgotPasswordForm">
+                <div class="grid grid-cols-1 gap-5 sm:gap-7 sm:grid-cols-6">
+                    <div class="col-span-full">
+                        <label
+                            class="label"
+                            for="email"
+                        >
+                            Email
+                        </label>
+                        <input
+                            id="email"
+                            type="email"
+                            required
+                            class="input"
+                            v-model="forgotPasswordForm.email"
+                        />
+                    </div>
+
+                    <div class="col-span-full">
+                        <Button
+                            text="Email Password Reset Link"
+                            class="w-full text-center justify-center"
+                            :disabled="forgotPasswordForm.processing"
+                        />
+                    </div>
+                </div>
+            </form>
+
+            <div class="mt-6 lg:mt-10">
+                <p class="text-center text-slate-800">
+                    <Link
+                        class="underline hover:no-underline"
+                        :href="route('login')"
+                    >
+                    Login
+                    </Link>
+                </p>
+            </div>
+        </div>
+    </div>
+</template>
+
+<script>
+    import { useForm } from "@inertiajs/vue3";
+
+    export default {
+        data() {
+            return {
+                title: "Forgot Password",
+                forgotPasswordForm: useForm({
+                    email: "",
+                }),
+            };
+        },
+
+        methods: {
+            submitForgotPasswordForm() {
+                this.forgotPasswordForm.post(route("password.store"));
+            },
+        },
+    };
+</script>
diff --git a/routes/web.php b/routes/web.php
@@ -16,6 +16,14 @@
         Route::post('login', 'store')->name('login.store');
     });
 
+Route::controller(App\Http\Controllers\ResetPasswordController::class)
+    ->group(function () {
+        Route::get('forgot-password', 'show')->name('password');
+        Route::post('forgot-password', 'store')->name('password.store');
+        Route::get('reset-password/{token}', 'edit')->name('password.reset');
+        Route::patch('reset-password', 'update')->name('password.update');
+    });
+
 Route::post('logout', App\Http\Controllers\LogoutController::class)
     ->middleware(['auth'])
     ->name('logout');
diff --git a/tests/Feature/Controllers/ResetPasswordControllerTest.php b/tests/Feature/Controllers/ResetPasswordControllerTest.php
