feat: add force password reset feature
This commit is contained in:
@@ -34,6 +34,7 @@ use App\Http\Requests\SearchPlayerRequest;
|
||||
use App\Http\Requests\UpdateUserRequest;
|
||||
use App\Notifications\ChangedPassword;
|
||||
use App\Notifications\EmailChanged;
|
||||
use App\Notifications\PasswordAdminResetNotification;
|
||||
use App\Services\AccountSuspensionService;
|
||||
use App\Traits\DisablesFeatures;
|
||||
use App\Traits\HandlesAccountDeletion;
|
||||
@@ -275,6 +276,33 @@ class UserController extends Controller
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Removes the user's password and notifies them.
|
||||
*
|
||||
* @param User $user The user to remove the password for
|
||||
* @return \Illuminate\Http\RedirectResponse
|
||||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
||||
*/
|
||||
public function forcePasswordReset(User $user) {
|
||||
|
||||
$this->authorize('adminEdit', $user);
|
||||
$user->notify(new PasswordAdminResetNotification());
|
||||
|
||||
$user->password = null;
|
||||
$user->save();
|
||||
|
||||
|
||||
Log::alert("Removed account password", [
|
||||
'target' => $user,
|
||||
'actor' => Auth::user()
|
||||
]);
|
||||
|
||||
return redirect()
|
||||
->back()
|
||||
->with('success', 'Account password removed.');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Delete the given user's account
|
||||
*
|
||||
|
||||
28
app/Http/Requests/AdminPasswordResetRequest.php
Executable file
28
app/Http/Requests/AdminPasswordResetRequest.php
Executable file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class AdminPasswordResetRequest extends FormRequest
|
||||
{
|
||||
public function rules(): array
|
||||
{
|
||||
if (Auth::user()->has2FA()) {
|
||||
return [
|
||||
'currentPassword' => 'required|current_password:web',
|
||||
'otp' => 'required|integer|max:6',
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
'currentPassword' => 'required|current_password:web',
|
||||
];
|
||||
}
|
||||
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
35
app/Notifications/PasswordAdminResetNotification.php
Executable file
35
app/Notifications/PasswordAdminResetNotification.php
Executable file
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
namespace App\Notifications;
|
||||
|
||||
use Illuminate\Bus\Queueable;
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use Illuminate\Notifications\Notification;
|
||||
|
||||
class PasswordAdminResetNotification extends Notification implements ShouldQueue
|
||||
{
|
||||
use Queueable;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
}
|
||||
|
||||
public function via($notifiable): array
|
||||
{
|
||||
return ['mail'];
|
||||
}
|
||||
|
||||
public function toMail($notifiable): MailMessage
|
||||
{
|
||||
return (new MailMessage)
|
||||
->from(config('notification.sender.address'), config('notification.sender.name'))
|
||||
->subject(config('app.name').' - account password invalidated')
|
||||
->markdown('mail.adminreset', ['name' => $notifiable->name]);
|
||||
}
|
||||
|
||||
public function toArray($notifiable): array
|
||||
{
|
||||
return [];
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user