Adds password reset support

Author: syropian

.editorconfig

@@ -9,5 +9,7 @@ trim_trailing_whitespace = true
 insert_final_newline = true
 [*.php]
 indent_size = 4
+[*.blade.php]
+indent_size = 2
 [*.md]
 trim_trailing_whitespace = false

app/Http/Controllers/AuthController.php

@@ -17,7 +17,7 @@ public function store(Request $request)
             return response()->json(['error' => 'Invalid Credentials'], 401);
         }
 
-        return response()->json([], 204);
+        return response()->noContent();
     }
 
     public function destroy()

app/Http/Controllers/PasswordResetsController.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace Knot\Http\Controllers;
+
+use Illuminate\Support\Str;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Auth\Events\PasswordReset;
+
+class PasswordResetsController extends Controller
+{
+    public function show(Request $request, $token)
+    {
+        return view('auth.reset-password', ['token' => $token]);
+    }
+
+    public function store(Request $request)
+    {
+        $validated = $request->validate([
+            'email' => 'required|email|exists:users',
+        ]);
+
+        $status = Password::sendResetLink(
+            $request->only('email')
+        );
+
+        if ($status === Password::RESET_LINK_SENT) {
+            response()->noContent();
+        }
+
+        return response(['email' => $status], 500);
+    }
+
+    public function update(Request $request)
+    {
+        $request->validate([
+            'token' => 'required',
+            'email' => 'required|email',
+            'password' => 'required|confirmed',
+        ]);
+
+        $status = Password::reset(
+            $request->only('email', 'password', 'password_confirmation', 'token'),
+            function ($user, $password) {
+                $user->forceFill([
+                    'password' => $password
+                ])->save();
+
+                $user->setRememberToken(Str::random(60));
+
+                event(new PasswordReset($user));
+            }
+        );
+
+        return $status == Password::PASSWORD_RESET
+                ? response('Your password has been successfully reset. You may now go back to the app and sign in with your new password.', 200)
+                : back()->withErrors(['email' => trans($status)]);
+    }
+}

app/Http/Controllers/ProfileController.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\Rule;
 use Knot\Models\User;
 
 class ProfileController extends Controller
@@ -40,14 +41,18 @@ public function updateInfo(Request $request)
 
         $request->validate([
             'first_name' => 'required',
-            'email' => 'required|email|unique:users',
-            'current_password' => 'required_with:password',
-            'password' => 'confirmed',
+            'email' => [
+                'required',
+                'email',
+                Rule::unique('users')->ignore(auth()->id()),
+            ],
+            'current_password' => 'nullable|required_with:password',
+            'password' => 'nullable|confirmed',
         ]);
 
         $user->update($request->only('first_name', 'last_name', 'email'));
 
-        if ($request->has('current_password')) {
+        if ($request->filled('current_password')) {
             if (Hash::check($request->current_password, $user->password)) {
                 $user->update(['password' => $request->password]);
             } else {

app/Http/Middleware/VerifyCsrfToken.php

@@ -20,5 +20,6 @@ class VerifyCsrfToken extends Middleware
      */
     protected $except = [
         'register',
+        'forgot-password'
     ];
 }

config/cors.php

@@ -21,6 +21,7 @@
         'logout',
         'register',
         'api/*',
+        'forgot-password',
     ],
 
     'allowed_methods' => ['*'],

resources/views/auth/reset-password.blade.php

@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+<html lang="{{ config('app.locale') }}">
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <title>Reset Your Password</title>
+
+  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap">
+
+  <!-- Styles -->
+  <style>
+    *,*::before,*::after {
+      box-sizing: border-box;
+    }
+    html, body {
+      font-family: 'Inter UI var', 'Inter UI', sans-serif;
+      font-size: 16px;
+      height: 100vh;
+      margin: 0;
+    }
+
+    form {
+      display: flex;
+      flex-direction: column;
+    }
+
+    .container {
+      width: 100%;
+      max-width: 90vw;
+      margin: 0 auto;
+    }
+
+    h1 {
+      color: #4b5563;
+    }
+
+    input {
+      -webkit-appearance: none;
+      appearance: none;
+      transition: border-color 150ms ease;
+      border: 2px solid #e5e7eb;
+      border-radius: 0.25rem;
+      color: #374151;
+      height: 3rem;
+      margin-top: 16px;
+      outline: none;
+      padding: 0 0.75rem;
+
+    }
+
+    input:focus {
+      border-color: #f56565;
+    }
+
+    button {
+      background-color: #e02424;
+      border-radius: 0.25rem;
+      border: none;
+      color: #fff;
+      cursor: pointer;
+      font-weight: 700;
+      letter-spacing: 0.1em;
+      margin-top: 16px;
+      padding: 0.75rem 0;
+      text-transform: uppercase;
+    }
+
+    button:focus {
+      outline: 0;
+      box-shadow: 0 0 0 3px rgba(248, 180, 180, 0.45);
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Reset Your Password</h1>
+    <form action="/reset-password" method="POST">
+      @csrf
+      <input type="hidden" name="token" value="{{ $token }}">
+      <input type="hidden" name="email" value="{{ request('email') }}">
+      <input type="password" name="password" placeholder="Enter a new password">
+      <input type="password" name="password_confirmation" placeholder="Confirm password">
+      <button type="submit">Reset Password</button>
+    </form>
+  </div>
+</body>
+</html>

resources/views/welcome.blade.php

@@ -39,6 +39,11 @@
     Route::post('/friendships/unfriend/{friend}', 'FriendshipsController@unfriend');
 
     Route::post('/generate-cloudinary-signature', function (Request $request) {
-        return ApiUtils::signParameters(config('services.cloudinary.secret'), $request->only('timestamp', 'upload_preset'));
+
+        $request->validate([
+            'timestamp' => 'required',
+        ]);
+
+        return ApiUtils::signParameters(config('services.cloudinary.secret'), $request->only('timestamp', 'upload_preset', 'folder'));
     });
 });

routes/api.php

@@ -18,3 +18,6 @@
 Route::post('login', 'AuthController@store');
 Route::post('register', 'UserController@store');
 Route::post('logout', 'AuthController@destroy');
+Route::post('forgot-password', 'PasswordResetsController@store');
+Route::get('reset-password/{token}', 'PasswordResetsController@show')->name('password.reset');
+Route::post('reset-password', 'PasswordResetsController@update')->name('password.update');