Updated to use validate_password and fixed identation

e358c0a3 · Ben Hayward · a3364097 · e358c0a3
Commit e358c0a3 authored 5 years ago by Ben Hayward
--- a/Controllers/api/v1/forgotpassword.php
+++ b/Controllers/api/v1/forgotpassword.php
@@ -43,81 +43,87 @@ class forgotpassword implements Interfaces\Api, Interfaces\ApiIgnorePam

        switch ($pages[0]) {
        case "request":
-          $user = new Entities\User(strtolower($_POST['username']));
-          if (!$user->guid) {
-              $response['status'] = "error";
-              $response['message'] = "Could not find @" . $_POST['username'];
-              break;
-          }
-          $code = Core\Security\Password::reset($user);
-          $link = elgg_get_site_url() . "forgot-password;username=" . $user->username . ";code=" . $code;
-
-          //now send an email
-          $mailer = Di::_()->get('Mailer');
-          $message = new Core\Email\Message();
-          $template = new Core\Email\Template();
-          $template
+            $user = new Entities\User(strtolower($_POST['username']));
+            if (!$user->guid) {
+                $response['status'] = "error";
+                $response['message'] = "Could not find @" . $_POST['username'];
+                break;
+            }
+            $code = Core\Security\Password::reset($user);
+            $link = elgg_get_site_url() . "forgot-password;username=" . $user->username . ";code=" . $code;
+
+            //now send an email
+            $mailer = Di::_()->get('Mailer');
+            $message = new Core\Email\Message();
+            $template = new Core\Email\Template();
+            $template
            ->setTemplate()
            ->setBody('forgotpassword.tpl')
            ->set('user', $user)
            ->set('username', $user->username)
            ->set('link', $link);
-          $message->setTo($user)
+            $message->setTo($user)
            ->setSubject("Password Reset")
            ->setHtml($template);
-          $mailer->queue($message, true);
+            $mailer->queue($message, true);

-          break;
+            break;
        case "reset":
-          $user = new Entities\User(strtolower($_POST['username']));
-          if (!$user->guid) {
-              $response['status'] = "error";
-              $response['message'] = "Could not find @" . $_POST['username'];
-              break;
-          }
-
-          if (!$user->password_reset_code) {
-              $response['status'] = "error";
-              $response['message'] = "Please try again with a new reset code.";
-              break;
-          }
-
-          if ($user->password_reset_code && $user->password_reset_code !== $_POST['code']) {
-              $response['status'] = "error";
-              $response['message'] = "The reset code is invalid";
-              break;
-          }
-
-          if (!isset($_POST['code']) || !$_POST['code'] || !is_string($_POST['code']) || !strlen($_POST['code']) > 10) {
-              $response['status'] = "error";
-              $response['message'] = "The reset code is invalid";
-              break;
-          }
-
-          if (!preg_match('/[A-Z]/', $password) || !preg_match('/\d/', $password) || !preg_match('/[^a-zA-Z\d]/', $password) || preg_match("/\\s/", $password)) {
-              $response['status'] = "error";
-              $response['message'] = "Password must have more than 8 characters. Including uppercase, numbers, special characters (ie. !,#,@), and cannot have spaces.";
-              break;
-          }
-
-          //$user->salt = Core\Security\Password::salt();
-          $user->password = Core\Security\Password::generate($user, $_POST['password']);
-          $user->password_reset_code = "";
-          $user->override_password = true;
-          $user->save();
-
-          (new \Minds\Core\Data\Sessions())->destroyAll($user->guid);
-
-          $sessions = Core\Di\Di::_()->get('Sessions\Manager');
-          $sessions->setUser($user);
-          $sessions->createSession();
-          $sessions->save(); // save to db and cookie
-
-          $response['user'] = $user->export();
-
-          break;
+            $user = new Entities\User(strtolower($_POST['username']));
+            if (!$user->guid) {
+                $response['status'] = "error";
+                $response['message'] = "Could not find @" . $_POST['username'];
+                break;
+            }
+
+            if (!$user->password_reset_code) {
+                $response['status'] = "error";
+                $response['message'] = "Please try again with a new reset code.";
+                break;
+            }
+
+            if ($user->password_reset_code && $user->password_reset_code !== $_POST['code']) {
+                $response['status'] = "error";
+                $response['message'] = "The reset code is invalid";
+                break;
+            }
+
+            if (!isset($_POST['code']) || !$_POST['code'] || !is_string($_POST['code']) || !strlen($_POST['code']) > 10) {
+                $response['status'] = "error";
+                $response['message'] = "The reset code is invalid";
+                break;
+            }
+            try {
+                if (!validate_password($_POST['password'])) {
+                    $response['status'] = "error";
+                    $response['message'] = "Password must have more than 8 characters. Including uppercase, numbers, special characters (ie. !,#,@), and cannot have spaces.";    
+                }  
+            } catch (\Exception $e) {
+                $response['status'] = "error";
+                $response['message'] = "Password must have more than 8 characters. Including uppercase, numbers, special characters (ie. !,#,@), and cannot have spaces.";
+                break;
+            }
+
+            //$user->salt = Core\Security\Password::salt();
+            if ($response['status'] !== 'error') {
+                $user->password = Core\Security\Password::generate($user, $_POST['password']);
+                $user->password_reset_code = "";
+                $user->override_password = true;
+                $user->save();
+
+                (new \Minds\Core\Data\Sessions())->destroyAll($user->guid);
+
+                $sessions = Core\Di\Di::_()->get('Sessions\Manager');
+                $sessions->setUser($user);
+                $sessions->createSession();
+                $sessions->save(); // save to db and cookie
+
+                $response['user'] = $user->export();
+            }
+
+            break;
        default:
-          $response = array('status'=>'error', 'message'=>'Unknown endpoint');
+        //   $response = array('status'=>'error', 'message'=>'Unknown endpoint');
      }

        return Factory::response($response);