Compare commits

..

2 Commits

Author SHA1 Message Date
b1ek ab7b5c0a97
feat: make reset password less secure and more convenient 2024-08-29 20:36:47 +10:00
b1ek 55d9b7dc6b
feat: /api/users/login 2024-08-29 20:34:01 +10:00
3 changed files with 26 additions and 9 deletions

View File

@ -26,7 +26,25 @@ class PublicUserController extends Controller
'password' => Hash::make($request->input('password')) 'password' => Hash::make($request->input('password'))
]); ]);
$user->save(); $user->save();
session('user', $user->id); session()->put('user', $user->id);
session()->save(); session()->save();
} }
public function login(Request $request)
{
$user = User::where([ 'email' => $request->input('email') ])->get();
if ($user->count() == 0) {
return response()
->json('bad_password', 400);
}
$user = $user[0];
if (Hash::check($request->input('password'), $user->password)) {
session()->put('user', $user->id);
session()->save();
return;
}
return response()
->json('bad_password', 400);
}
} }

View File

@ -94,6 +94,8 @@ paths:
post: post:
tags: tags:
- Users - Users
description: |-
I know its not secure because anyone can reset anyones password. But here's a counterpoint: its not required to be secure, and i dont care
requestBody: requestBody:
content: content:
application/json: application/json:
@ -103,17 +105,13 @@ paths:
email: email:
type: string type: string
example: 'jdoe@example.com' example: 'jdoe@example.com'
new_pass:
type: string
example: 'very_strong_password123456'
responses: responses:
200: 200:
description: |- description: |-
A reset password link is sent to the email, if such an account exists. The password is reset
If no mailer is set and it is debug mode, link will be available in `X-Reset-Link`
400:
description: |-
Invalid email
This error also might be sent by laravel if your body is corrupted
/api/users/private/list: /api/users/private/list:
get: get:

View File

@ -10,6 +10,7 @@ Route::get('/', function() {
Route::prefix('/api')->group(function() { Route::prefix('/api')->group(function() {
Route::controller(PublicUserController::class)->prefix('/users')->group(function() { Route::controller(PublicUserController::class)->prefix('/users')->group(function() {
Route::put('/register', 'register'); Route::put('/register', 'register');
Route::post('/login', 'login');
}); });
}); });