feat: make reset password less secure and more convenient

feat: /api/users/login
2024-08-29 20:36:47 +10:00 · 2024-08-29 20:34:01 +10:00
3 changed files with 26 additions and 9 deletions
--- a/app/Http/Controllers/PublicUserController.php
+++ b/app/Http/Controllers/PublicUserController.php
@ -26,7 +26,25 @@ class PublicUserController extends Controller
            'password' => Hash::make($request->input('password'))
        ]);
        $user->save();
-        session('user', $user->id);
+        session()->put('user', $user->id);
        session()->save();
    }
+
+    public function login(Request $request)
+    {
+        $user = User::where([ 'email' => $request->input('email') ])->get();
+        if ($user->count() == 0) {
+            return response()
+                ->json('bad_password', 400);
+        }
+
+        $user = $user[0];
+        if (Hash::check($request->input('password'), $user->password)) {
+            session()->put('user', $user->id);
+            session()->save();
+            return;
+        }
+        return response()
+            ->json('bad_password', 400);
+    }
 }
--- a/public/openapi.yml
+++ b/public/openapi.yml
@ -94,6 +94,8 @@ paths:
    post:
      tags:
        - Users
+      description: |-
+        I know its not secure because anyone can reset anyones password. But here's a counterpoint: its not required to be secure, and i dont care
      requestBody:
        content:
          application/json:
@ -103,17 +105,13 @@ paths:
                email:
                  type: string
                  example: 'jdoe@example.com'
+                new_pass:
+                  type: string
+                  example: 'very_strong_password123456'
      responses:
        200:
          description: |-
-            A reset password link is sent to the email, if such an account exists.
-            
-            If no mailer is set and it is debug mode, link will be available in `X-Reset-Link`
-        400:
-          description: |-
-            Invalid email
-            
-            This error also might be sent by laravel if your body is corrupted
+            The password is reset
    
  /api/users/private/list:
    get:
--- a/routes/web.php
+++ b/routes/web.php
@ -10,6 +10,7 @@ Route::get('/', function() {
 Route::prefix('/api')->group(function() {
    Route::controller(PublicUserController::class)->prefix('/users')->group(function() {
        Route::put('/register', 'register');
+        Route::post('/login', 'login');
    });
 });
Author	SHA1	Message	Date
b1ek	ab7b5c0a97	feat: make reset password less secure and more convenient	2024-08-29 20:36:47 +10:00
b1ek	55d9b7dc6b	feat: /api/users/login	2024-08-29 20:34:01 +10:00