opensupports/server/controllers/user/send-recover-password.php

<?php
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);

/**
 * @api {post} /user/send-recover-password Send password recovery
 * @apiVersion 4.10.0
 *
 * @apiName Send password recovery
 *
 * @apiGroup User
 *
 * @apiDescription This path sends a token to the email of the user/staff to change his password.
 *
 * @apiPermission any
 *
 * @apiParam {String} email The email of the user/staff who forgot the password.
 * @apiParam {Boolean} staff Indicates if the user is a staff member.
 *
 * @apiUse INVALID_EMAIL
 *
 * @apiSuccess {Object} data Empty object.
 *
 */

class SendRecoverPasswordController extends Controller {
    const PATH = '/send-recover-password';
    const METHOD = 'POST';

    private $token;
    private $user;
    private $staff;

    public function validations() {
        return [
            'permission' => 'any',
            'requestData' => [
                'email' => [
                    'validation' => DataValidator::oneOf(
                        DataValidator::email()->userEmail(),
                        DataValidator::email()->staffEmail()
                    ),
                    'error' => ERRORS::INVALID_EMAIL
                ]
            ]
        ];
    }

    public function handler() {
        $this->staff = Controller::request('staff');

        $email = Controller::request('email');

        if($this->staff){
            $this->user = Staff::getUser($email, 'email');
        } else {
            $this->user = User::getUser($email, 'email');
        }

        if(!$this->user->isNull()) {
            $this->token = Hashing::generateRandomToken();

            $recoverPassword = new RecoverPassword();
            $recoverPassword->setProperties(array(
                'email' => $email,
                'token' => $this->token,
                'staff' => !!$this->staff
            ));
            $recoverPassword->store();

            $this->sendEmail();

            Response::respondSuccess();
        } else {
            throw new RequestException(ERRORS::INVALID_EMAIL);
        }
    }

    public function sendEmail() {
        $mailSender = MailSender::getInstance();

        $mailSender->setTemplate(MailTemplate::PASSWORD_FORGOT, [
            'to' => $this->user->email,
            'name' => $this->user->name,
            'url' => Setting::getSetting('url')->getValue(),
            'token' => $this->token
        ]);

        $mailSender->send();
    }
}
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00			`<?php`
Ivan - Add local storage class [skip ci] 2016-07-21 01:39:36 +02:00			`use Respect\Validation\Validator as DataValidator;`
Ivan - Fix Recover Password validations 2016-08-04 21:01:24 +02:00			`DataValidator::with('CustomValidations', true);`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`/**`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @api {post} /user/send-recover-password Send password recovery`
Updates to 4.10.0 (#1061) * change 4.9 to 4.10 * new translations 2021-10-19 03:06:20 +02:00			`* @apiVersion 4.10.0`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiName Send password recovery`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
			`* @apiGroup User`
			`*`
back-end structure and tests of feature #161 #80 2018-07-20 23:21:18 +02:00			`* @apiDescription This path sends a token to the email of the user/staff to change his password.`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiPermission any`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
back-end structure and tests of feature #161 #80 2018-07-20 23:21:18 +02:00			`* @apiParam {String} email The email of the user/staff who forgot the password.`
			`* @apiParam {Boolean} staff Indicates if the user is a staff member.`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiUse INVALID_EMAIL`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiSuccess {Object} data Empty object.`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
			`*/`

Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00			`class SendRecoverPasswordController extends Controller {`
(Guillermo) recover password 2016-07-22 09:44:55 +02:00			`const PATH = '/send-recover-password';`
Ivan - Update backend methods [skip ci] 2017-02-08 19:09:15 +01:00			`const METHOD = 'POST';`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`private $token;`
			`private $user;`
back-end structure and tests of feature #161 #80 2018-07-20 23:21:18 +02:00			`private $staff;`
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00			`public function validations() {`
			`return [`
			`'permission' => 'any',`
Ivan - Add local storage class [skip ci] 2016-07-21 01:39:36 +02:00			`'requestData' => [`
			`'email' => [`
Fix assigment issues, login widget issues, recover password issues. Emails always on lowercase. 2018-08-14 20:21:36 +02:00			`'validation' => DataValidator::oneOf(`
			`DataValidator::email()->userEmail(),`
			`DataValidator::email()->staffEmail()`
			`),`
Ivan - Add local storage class [skip ci] 2016-07-21 01:39:36 +02:00			`'error' => ERRORS::INVALID_EMAIL`
			`]`
			`]`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00			`];`
			`}`

			`public function handler() {`
Fix bug to allow staff members to recover their passwords even if user system is disabled. 2019-11-08 23:42:02 +01:00			`$this->staff = Controller::request('staff');`

Ivan - Add local storage class [skip ci] 2016-07-21 01:39:36 +02:00			`$email = Controller::request('email');`
back-end structure and tests of feature #161 #80 2018-07-20 23:21:18 +02:00
			`if($this->staff){`
Minor style changes 2019-10-29 22:23:20 +01:00			`$this->user = Staff::getUser($email, 'email');`
			`} else {`
			`$this->user = User::getUser($email, 'email');`
back-end structure and tests of feature #161 #80 2018-07-20 23:21:18 +02:00			`}`

(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`if(!$this->user->isNull()) {`
			`$this->token = Hashing::generateRandomToken();`

			`$recoverPassword = new RecoverPassword();`
			`$recoverPassword->setProperties(array(`
			`'email' => $email,`
back-end structure and tests of feature #161 #80 2018-07-20 23:21:18 +02:00			`'token' => $this->token,`
Fix assigment issues, login widget issues, recover password issues. Emails always on lowercase. 2018-08-14 20:21:36 +02:00			`'staff' => !!$this->staff`
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`));`
			`$recoverPassword->store();`

			`$this->sendEmail();`

			`Response::respondSuccess();`
			`} else {`
Use own exception class 2018-11-20 23:41:00 +01:00			`throw new RequestException(ERRORS::INVALID_EMAIL);`
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`}`
			`}`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`public function sendEmail() {`
Ivan - Avoid verification if smtp is not set. Implement singleton pattern in MailSender class 2017-06-05 16:41:52 +02:00			`$mailSender = MailSender::getInstance();`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`$mailSender->setTemplate(MailTemplate::PASSWORD_FORGOT, [`
			`'to' => $this->user->email,`
			`'name' => $this->user->name,`
Guillermo - Issue #46 2017-07-11 08:39:17 +02:00			`'url' => Setting::getSetting('url')->getValue(),`
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`'token' => $this->token`
			`]);`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00
(Guillermo) actualization recover-password [skip ci] 2016-08-16 01:15:09 +02:00			`$mailSender->send();`
Ivan - Add local storage class [skip ci] 2016-07-20 23:38:20 +02:00			`}`
Ivan - Add local storage class [skip ci] 2016-07-21 01:39:36 +02:00			`}`