Merge pull request #132 from Kurozora/custom-password-reset-email

app/Http/Controllers/Auth/SignInWithAppleController.php

@@ -10,6 +10,7 @@
 use App\Http\Resources\UserResource;
 use App\Models\User;
 use Exception;
+use Hash;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Str;
 use Laravel\Nova\Exceptions\AuthenticationException;
@@ -146,7 +147,7 @@ protected function signUpUser(JWTPayload $payload): ?User
             [
                 'email'     => $payload->get('email'),
                 'siwa_id'   => $payload->get('sub'),
-                'password'  => User::hashPass(Str::random(30)),
+                'password'  => Hash::make(Str::random(30)),
                 'settings'  => [
                     'can_change_username'   => true,
                     'tv_rating'             => -1

app/Http/Controllers/RegistrationController.php

@@ -5,6 +5,7 @@
 use App\Helpers\JSONResult;
 use App\Http\Requests\Web\SignUpRequest;
 use App\Models\User;
+use Hash;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Http\JsonResponse;
 use Spatie\MediaLibrary\MediaCollections\Exceptions\FileDoesNotExist;
@@ -29,7 +30,7 @@ public function signUp(SignUpRequest $request): JsonResponse
         $newUser = User::create([
             'username'  => $data['username'],
             'email'     => $data['email'],
-            'password'  => User::hashPass($data['password']),
+            'password'  => Hash::make($data['password']),
             'settings'  => [
                 'can_change_username'   => false,
                 'tv_rating'             => -1,

app/Http/Controllers/SessionController.php

@@ -12,6 +12,7 @@
 use App\Models\Session;
 use App\Models\User;
 use Exception;
+use Hash;
 use Illuminate\Http\JsonResponse;
 use Laravel\Nova\Exceptions\AuthenticationException;
 use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
@@ -31,14 +32,15 @@ public function create(CreateSessionRequest $request): JsonResponse
         $data = $request->validated();
 
         // Check if the request IP is not banned from logging in
-        if (!LoginAttempt::isIPAllowedToLogin($request->ip()))
+        if (!LoginAttempt::isIPAllowedToLogin($request->ip())) {
             throw new TooManyRequestsHttpException(300, 'You have failed to login too many times. Please grab yourself a snack and try again in a bit.');
+        }
 
         // Find the user
         $user = User::where('email', $data['email'])->first();
 
         // Compare the passwords
-        if (!User::checkPassHash($data['password'], $user->password)) {
+        if (!Hash::check($data['password'], $user->password)) {
             // Register the login attempt
             LoginAttempt::registerFailedLoginAttempt($request->ip());
 
@@ -47,8 +49,9 @@ public function create(CreateSessionRequest $request): JsonResponse
         }
 
         // Check if email is confirmed
-        if (!$user->hasVerifiedEmail())
+        if (!$user->hasVerifiedEmail()) {
             throw new AuthenticationException('You have not confirmed your email address yet. Please check your email inbox or spam folder.');
+        }
 
         // Create a new session
         $session = $user->createSession([
@@ -92,8 +95,9 @@ function update(UpdateSessionRequest $request, Session $session): JsonResponse
         if (count($changedFields)) {
             $displayMessage .= 'You have updated: ' . join(', ', $changedFields) . '.';
             $session->save();
+        } else {
+            $displayMessage .= 'No information was updated.';
         }
-        else $displayMessage .= 'No information was updated.';
 
         return JSONResult::success([
             'message' => $displayMessage

app/Http/Controllers/UserController.php

@@ -64,15 +64,10 @@ public function resetPassword(ResetPassword $request): JsonResponse
     {
         $data = $request->validated();
 
-        // Try to find the user with this email
-        /** @var User $user */
-        $user = User::where('email', $data['email'])->first();
-
-        // There is a user with this email the try to send a reset link.
-        // Request may be throttled if requested a lot.
-        if ($user) {
-            Password::sendResetLink(['email' => $data['email']]);
-        }
+        // We will send the password reset link to this user. Once we have attempted
+        // to send the link, we will examine the response then see the message we
+        // need to show to the user. Finally, we'll send out a proper response.
+        Password::sendResetLink(['email' => $data['email']]);
 
         // Show successful response
         return JSONResult::success();

app/Http/Controllers/Web/PasswordResetLinkController.php

@@ -37,9 +37,7 @@ public function store(Request $request): RedirectResponse
         // We will send the password reset link to this user. Once we have attempted
         // to send the link, we will examine the response then see the message we
         // need to show to the user. Finally, we'll send out a proper response.
-        Password::sendResetLink(
-            $request->only('email')
-        );
+        Password::sendResetLink($request->only('email'));
 
         return back()->with('status', __('If an account exists with this Kurozora ID, you should receive an email with your reset link shortly.'));
     }

app/Http/Controllers/Web/SignUpUserController.php

@@ -7,6 +7,7 @@
 use App\Models\User;
 use Auth;
 use Browser;
+use Hash;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Contracts\View\Factory;
@@ -46,7 +47,7 @@ public function store(SignUpRequest $request): Application|RedirectResponse|Redi
         $newUser = User::create([
             'username'              => $data['username'],
             'email'                 => $data['email'],
-            'password'              => User::hashPass($data['password']),
+            'password'              => Hash::make($data['password']),
             'settings'              => [
                 'can_change_username'   => false,
                 'tv_rating'             => -1