From 6ab32781ad3e25a5fde1f998f278e6e802658ad9 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Fri, 10 Dec 2021 08:41:16 +0100 Subject: [PATCH] Moved the recovery functionality into its own controller and files --- application/controllers/Recovery.php | 91 +++++++++++++++ application/controllers/User.php | 105 +----------------- ...account_recovery_page.php => recovery.php} | 9 ++ .../pages/{forgot_password.js => recovery.js} | 36 ++++-- 4 files changed, 127 insertions(+), 114 deletions(-) create mode 100644 application/controllers/Recovery.php rename application/views/pages/{account_recovery_page.php => recovery.php} (69%) rename assets/js/pages/{forgot_password.js => recovery.js} (53%) diff --git a/application/controllers/Recovery.php b/application/controllers/Recovery.php new file mode 100644 index 00000000..21aac0b0 --- /dev/null +++ b/application/controllers/Recovery.php @@ -0,0 +1,91 @@ + + * @copyright Copyright (c) 2013 - 2020, Alex Tselegidis + * @license https://opensource.org/licenses/GPL-3.0 - GPLv3 + * @link https://easyappointments.org + * @since v1.0.0 + * ---------------------------------------------------------------------------- */ + +/** + * Recovery controller. + * + * Handles the recovery page functionality. + * + * @package Controllers + */ +class Recovery extends EA_Controller { + /** + * User constructor. + */ + public function __construct() + { + parent::__construct(); + + $this->load->library('accounts'); + $this->load->library('email_messages'); + } + + /** + * Display the password recovery page. + */ + public function index() + { + $this->load->view('pages/recovery', [ + 'base_url' => config('base_url'), + 'dest_url' => session('dest_url', site_url('backend')), + 'company_name' => setting('company_name') + ]); + } + + /** + * Recover the user password and notify the user via email. + */ + public function perform() + { + try + { + $username = request('username'); + + if (empty($username)) + { + throw new InvalidArgumentException('No username value provided.'); + } + + $email = request('email'); + + if (empty($email)) + { + throw new InvalidArgumentException('No email value provided.'); + } + + $new_password = $this->accounts->regenerate_password( + $username, + $email + ); + + if ($new_password) + { + $settings = [ + 'company_name' => setting('company_name'), + 'company_link' => setting('company_link'), + 'company_email' => setting('company_email') + ]; + + $this->email_messages->send_password($new_password, $email, $settings); + } + + json_response([ + 'success' => TRUE + ]); + } + catch (Throwable $e) + { + json_exception($e); + } + } +} diff --git a/application/controllers/User.php b/application/controllers/User.php index 88cab1c1..e1d24ae5 100644 --- a/application/controllers/User.php +++ b/application/controllers/User.php @@ -60,110 +60,11 @@ class User extends EA_Controller { /** * Display the password recovery page. + * + * @deprecated Since 1.5 Use the Logout controller instead. */ public function forgot_password() { - $this->load->view('pages/account_recovery_page', [ - 'base_url' => config('base_url'), - 'company_name' => setting('company_name') - ]); - } - - /** - * Display the no-permissions page. - */ - public function no_permissions() - { - $this->load->view('pages/account_no_permissions_page', [ - 'base_url' => config('base_url'), - 'company_name' => setting('company_name') - ]); - } - - /** - * Validate the login credentials and if successful, log the user in. - */ - public function ajax_check_login() - { - try - { - $username = request('username'); - - if (empty($username)) - { - throw new InvalidArgumentException('No username value provided.'); - } - - $password = request('password'); - - if (empty($password)) - { - throw new InvalidArgumentException('No password value provided.'); - } - - $user_data = $this->accounts->check_login($username, $password); - - if (empty($user_data)) - { - throw new InvalidArgumentException('Invalid credentials provided, please try again.'); - } - - session($user_data); // Save data in the session. - - json_response([ - 'success' => TRUE, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } - } - - /** - * Recover the user password and notify the user via email. - */ - public function ajax_forgot_password() - { - try - { - $username = request('username'); - - if (empty($username)) - { - throw new InvalidArgumentException('No username value provided.'); - } - - $email = request('email'); - - if (empty($email)) - { - throw new InvalidArgumentException('No email value provided.'); - } - - $new_password = $this->accounts->regenerate_password( - $username, - $email - ); - - if ($new_password) - { - $settings = [ - 'company_name' => setting('company_name'), - 'company_link' => setting('company_link'), - 'company_email' => setting('company_email') - ]; - - $this->email_messages->send_password($new_password, $email, $settings); - } - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('recovery'); } } diff --git a/application/views/pages/account_recovery_page.php b/application/views/pages/recovery.php similarity index 69% rename from application/views/pages/account_recovery_page.php rename to application/views/pages/recovery.php index 57dd4778..318ae94c 100644 --- a/application/views/pages/account_recovery_page.php +++ b/application/views/pages/recovery.php @@ -33,3 +33,12 @@ + + + + + + + + + diff --git a/assets/js/pages/forgot_password.js b/assets/js/pages/recovery.js similarity index 53% rename from assets/js/pages/forgot_password.js rename to assets/js/pages/recovery.js index 079a568b..79491a26 100644 --- a/assets/js/pages/forgot_password.js +++ b/assets/js/pages/recovery.js @@ -1,7 +1,16 @@ -$(function () { - 'use strict'; +/* ---------------------------------------------------------------------------- + * Easy!Appointments - Open Source Web Scheduler + * + * @package EasyAppointments + * @author A.Tselegidis + * @copyright Copyright (c) 2013 - 2020, Alex Tselegidis + * @license http://opensource.org/licenses/GPL-3.0 - GPLv3 + * @link http://easyappointments.org + * @since v1.5.0 + * ---------------------------------------------------------------------------- */ - var $form = $('form'); +(function () { + const $form = $('form'); /** * Event: Login Button "Click" @@ -12,23 +21,26 @@ $(function () { function onFormSubmit(event) { event.preventDefault(); - var url = GlobalVariables.baseUrl + '/index.php/user/ajax_forgot_password'; + const url = GlobalVariables.baseUrl + '/index.php/recovery/perform'; - var data = { - 'csrfToken': GlobalVariables.csrfToken, - 'username': $('#username').val(), - 'email': $('#email').val() + const data = { + csrfToken: GlobalVariables.csrfToken, + username: $('#username').val(), + email: $('#email').val() }; - var $alert = $('.alert'); + const $alert = $('.alert'); $alert.addClass('d-none'); + $('#get-new-password').prop('disabled', true); - $.post(url, data).done(function (response) { + $.post(url, data).done((response) => { $alert.removeClass('d-none alert-danger alert-success'); + $('#get-new-password').prop('disabled', false); - if (response === GlobalVariables.AJAX_SUCCESS) { + + if (response.success) { $alert.addClass('alert-success'); $alert.text(EALang['new_password_sent_with_email']); } else { @@ -42,4 +54,4 @@ $(function () { } $form.on('submit', onFormSubmit); -}); +})();