From 9f151d3285dc28d2a215cbe6d4a53f5b62f5a4d9 Mon Sep 17 00:00:00 2001
From: Kekskurse <git@kekskurse.de>
Date: Thu, 2 May 2019 12:47:41 +0200
Subject: [PATCH] #13 Recovery Password funktion

---
 .../Controllers/GUI/AccountController.php     | 50 +++++++++++++++++
 app/Jobs/Mails/RecoverPasswortJob.php         | 55 +++++++++++++++++++
 app/Models/Mail.php                           |  4 ++
 app/Models/User.php                           |  9 +++
 resources/views/account/password_recovery.php | 14 +++++
 .../password_recovery_new_password.php        | 15 +++++
 routes/web.php                                |  4 ++
 7 files changed, 151 insertions(+)
 create mode 100644 app/Jobs/Mails/RecoverPasswortJob.php
 create mode 100644 resources/views/account/password_recovery.php
 create mode 100644 resources/views/account/password_recovery_new_password.php

diff --git a/app/Http/Controllers/GUI/AccountController.php b/app/Http/Controllers/GUI/AccountController.php
index 762d749..09644a9 100644
--- a/app/Http/Controllers/GUI/AccountController.php
+++ b/app/Http/Controllers/GUI/AccountController.php
@@ -5,6 +5,7 @@ namespace App\Http\Controllers\GUI;
 use App\Exceptions\HTTPException;
 use App\Http\Controllers\Controller;
 use App\Http\Resources\oAuth\AccessToken;
+use App\Jobs\Mails\RecoverPasswortJob;
 use App\Jobs\Mails\ValidateMailAddressJob;
 use App\Models\App;
 use App\Models\AppAccess;
@@ -230,6 +231,55 @@ class AccountController extends Controller
         return redirect('/gui/logout');
     }
 
+    public function recoverPasswordView(Request $request) {
+        return view('account/password_recovery', []);
+    }
+    public function recoverPassword(Request $request) {
+        $this->validate($request, [
+            'mail' => 'required|email'
+        ]);
+
+        $mail = Mail::query()->where("mail", "=", $request->input("mail"))->first();
+
+        if(is_null($mail)) {
+            return "If a E-Mail address is used for this Account we send you a Password-Recovery-Link";
+        }
+
+        $user = $mail->getUser();
+        $user->createMailResetToken();
+        $user->save();
+
+        $this->dispatch(new RecoverPasswortJob($mail, $user->password_recovery_code));
+
+        return "If a E-Mail address is used for this Account we send you a Password-Recovery-Link";
+    }
+
+    public function recoveryPasswordNewPasswordView(Request $request, $userId, $code) {
+        $user = User::query()->where("id", "=", $userId)->firstOrFail();
+
+        if($user->password_recovery_code != $code) {
+            throw new HTTPException(400, "Code not valide");
+        }
+
+        return view('account/password_recovery_new_password', []);
+    }
+    public function recoveryPasswordNewPassword(Request $request, $userId, $code) {
+        $user = User::query()->where("id", "=", $userId)->firstOrFail();
+
+        if($user->password_recovery_code != $code) {
+            throw new HTTPException(400, "Code not valide");
+        }
+
+        $this->validate($request, [
+            'password' => 'required|min:8',
+        ]);
+
+        $user->password = password_hash($request->input("password"), PASSWORD_BCRYPT);
+        $user->saveOrFail();
+
+        return redirect("/gui/login");
+    }
+
 
 
     //
diff --git a/app/Jobs/Mails/RecoverPasswortJob.php b/app/Jobs/Mails/RecoverPasswortJob.php
new file mode 100644
index 0000000..abb9aa1
--- /dev/null
+++ b/app/Jobs/Mails/RecoverPasswortJob.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Jobs\Mails;
+use App\Jobs\Job;
+use App\Models\Mail;
+use App\Models\Setting;
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+
+class RecoverPasswortJob extends Job
+{
+    private $mailObject = null;
+    private $token = null;
+    /**
+     * Create a new job instance.
+     *
+     * @return void
+     */
+    public function __construct(Mail $mailObject, $token)
+    {
+        $this->mailObject = $mailObject;
+        $this->token = $token;
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        if(Setting::getSettingValue("smtp_active") == false) {
+            return;
+        }
+        $mail = new PHPMailer(true);
+        $mail->isSMTP();
+        $mail->Host = Setting::getSettingValue("smtp_host");
+        $mail->SMTPAuth = Setting::getSettingValue("smtp_smtpAuth");
+        $mail->Username = Setting::getSettingValue("smtp_username");
+        $mail->Password = Setting::getSettingValue("smtp_password");
+        $mail->SMTPSecure = Setting::getSettingValue("smtp_secure");
+        $mail->Port       = Setting::getSettingValue("smtp_port");
+        $mail->setFrom(Setting::getSettingValue("smtp_from_mail"), Setting::getSettingValue("smtp_from_name"));
+        $mail->addAddress($this->mailObject->mail);
+        $bcc = Setting::getSettingValue("smtp_bcc");
+        if(!empty($bcc)) {
+            $mail->addBCC($bcc);
+        }
+        $mail->isHTML(true);
+        $mail->Subject = Setting::getSettingValue("name").' Password Recovery';
+        $mail->Body    = 'Hello,<br>to reset your Password click on the following link: <a href="'.Setting::getSettingValue('url').'/gui/passwordReset/'.$this->mailObject->getUser()->id.'/'.$this->token.'">Activate Account</a>';
+        $mail->AltBody    = 'Hello,\r\nto reset your Password click on the following link: '.Setting::getSettingValue('url').'/gui/passwordReset/'.$this->mailObject->getUser()->id.'/'.$this->token;
+        $mail->send();
+    }
+}
diff --git a/app/Models/Mail.php b/app/Models/Mail.php
index 729b708..7d7c3cd 100644
--- a/app/Models/Mail.php
+++ b/app/Models/Mail.php
@@ -37,4 +37,8 @@ class Mail extends Model
         $this->validation_code = $randstring;
     }
 
+    public function getUser() {
+        return User::query()->where("id", "=", $this->user_id)->first();
+    }
+
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 0418c0f..87f9705 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -42,4 +42,13 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
         }
         return $mail->mail;
     }
+
+    public function createMailResetToken() {
+        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+        $randstring = '';
+        for ($i = 0; $i < 20; $i++) {
+            $randstring .= $characters[rand(0, strlen($characters)-1)];
+        }
+        $this->password_recovery_code = $randstring;
+    }
 }
diff --git a/resources/views/account/password_recovery.php b/resources/views/account/password_recovery.php
new file mode 100644
index 0000000..d14792d
--- /dev/null
+++ b/resources/views/account/password_recovery.php
@@ -0,0 +1,14 @@
+<?php include(__DIR__."/../layout/top.php"); ?>
+    <div class="row">
+        <div class="col-md-12">
+            <h3>Reset Password</h3>
+            <form method="post" id="login">
+                <b>E-Mail Address</b>
+                <input class="form-control" name="mail" type="email">
+                <br>
+                <input type="submit" value="Send me a recovery Link" class="btn btn-success">
+            </form>
+        </div>
+    </div>
+
+<?php include(__DIR__."/../layout/bottom.php"); ?>
\ No newline at end of file
diff --git a/resources/views/account/password_recovery_new_password.php b/resources/views/account/password_recovery_new_password.php
new file mode 100644
index 0000000..b647e11
--- /dev/null
+++ b/resources/views/account/password_recovery_new_password.php
@@ -0,0 +1,15 @@
+<?php include(__DIR__."/../layout/top.php"); ?>
+    <div class="row">
+        <div class="col-md-12">
+            <h3>New Password</h3>
+            <p>Enter a new Password you want to login with.</p>
+            <form method="post" id="login">
+                <b>New Password</b>
+                <input class="form-control" name="password" type="password">
+                <br>
+                <input type="submit" value="Change Password" class="btn btn-success">
+            </form>
+        </div>
+    </div>
+
+<?php include(__DIR__."/../layout/bottom.php"); ?>
\ No newline at end of file
diff --git a/routes/web.php b/routes/web.php
index 872e05d..28bd84c 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -58,6 +58,10 @@ $router->group(['prefix' => 'gui', 'middleware' => 'gui'], function () use ($rou
     $router->post('/register', ['uses' => 'GUI\AccountController@register']);
 
     $router->get('/invite', ['uses' => 'GUI\AccountController@inviteView']);
+    $router->get('/passwordReset', ['uses' => 'GUI\AccountController@recoverPasswordView']);
+    $router->post('/passwordReset', ['uses' => 'GUI\AccountController@recoverPassword']);
+    $router->get('/passwordReset/{userId}/{code}', ['uses' => 'GUI\AccountController@recoveryPasswordNewPasswordView']);
+    $router->post('/passwordReset/{userId}/{code}', ['uses' => 'GUI\AccountController@recoveryPasswordNewPassword']);
 
     $router->get('/login', ['uses' => 'GUI\AccountController@loginView']);
     $router->get('/logout', ['uses' => 'GUI\AccountController@logout']);