Hooking into password reset process

failcookie - 3 weeks ago

I am looking to loop into the ForgotYourPassword part of the Users module and basically allow a third-party app to post an email and start the process to reset a users password, like the form does now, but the handle has several requests that I am not sure how to grab. Should I just sneak around and use the commands instead to at least send the email and begin the process? The rest will be done via browser.

This will also hook into an API hit to verify the password can be reset on this server, or if they need to change the password on their SSO platform. (Mutual exclusive login between SSO and Pyro)

Answer

- 3 weeks ago

Important lesson here. Make sure you declare your $password->forgot BEFORE $password->send or it will not send the code param to the email.

public function transferPasswordReset( UserRepositoryInterface $users, UserPassword $password, ForgotPasswordFormBuilder $builder ) {
        $data = Input::all();
        $user = $users->findByEmail( $data['email'] );
        $password->forgot( $user );
        $password->send($user, $builder->getFormOption('reset_redirect'));

        return Response::json( 'Password reset was processed.', 200 );
    }

failcookie - 3 weeks ago

Got it! Here is the magic code - in case anyone else wants it.

public function transferPasswordReset( UserRepositoryInterface $users, UserPassword $password, ForgotPasswordFormBuilder $builder ) {
        $data = Input::all();
        $user = $users->findByEmail( $data['email'] );
        $password->send($user, $builder->getFormOption('reset_redirect'));
        $password->forgot( $user );

        return Response::json( 'Password reset was processed.', 200 );
    }

This is all assuming that you are using a POST request to the controller with just an email field. I'm sure more things can happen (mine will in this case), but this as the easy enough version of it all.

ryanthompson - 3 weeks ago

Yep just use the service manually is all - nice work!

failcookie - 3 weeks ago

Important lesson here. Make sure you declare your $password->forgot BEFORE $password->send or it will not send the code param to the email.

public function transferPasswordReset( UserRepositoryInterface $users, UserPassword $password, ForgotPasswordFormBuilder $builder ) {
        $data = Input::all();
        $user = $users->findByEmail( $data['email'] );
        $password->forgot( $user );
        $password->send($user, $builder->getFormOption('reset_redirect'));

        return Response::json( 'Password reset was processed.', 200 );
    }