jasny/PasswordResetController.php

## PasswordResetController.php
<?php

declare(strict_types=1);

use Jasny\Auth;
use Jasny\Auth\Confirmation\InvalidTokenException;
use Jasny\Persist\Gateway;
use Jasny\Session;
use Psr\Http\Message\ResponseInterface as Response;

/**
 * Controller for password reset.
 *
 * @link https://postmarkapp.com/guides/password-reset-email-best-practices
 */
class PasswordResetController extends BaseController
{
  protected Auth $auth;
  protected Session $session;

  /** @var Gateway<User> */
  protected Gateway $users;

  /**
   * @param Auth          $auth
   * @param Session       $session
   * @param Gateway<User> $users
   */
  public function __construct(Auth $auth, Session $session, Gateway $users)
  {
    init_object($this, get_defined_vars());

    $this->onException(InvalidTokenException:class, function () {
      $this->session->flash('The link to change your password is no longer valid');
      return $this->redirect('/login');
    });
  }

  /**
   * @route GET /reset-password
   */
  public function showResetPasswordAction(): Response
  {
    return $this->view('reset-password/reset-password');
  }

  /**
   * @route POST /reset-password
   */
  public function resetPasswordAction(): Response
  {
    $email = $this->getRequiredInputParam('email', \FILTER_VALIDATE_EMAIL);
    $user = $this->users->findOne(compact('email'));

    if ($user === null) {
        $this->email('reset-password-unknown')->sendTo($email);
    } else {
        $token = $this->auth->confirm('reset-password')->getToken($user, new DateTime('+48hours'));
        $this->email('reset-password', compact('user', 'token'))->sendTo($user);
    }

    $this->session->flash('An e-mail has been send to <strong>%s</strong>', $email);

    return $this->redirect('/login');
  }

  /**
   * @route GET /change-password
   */
  public function showChangePasswordAction(): Response
  {
    $token = $this->getRequiredQueryParam('token');
    $user = $this->auth->confirm('reset-password')->from($token);

    $postToken = $this->auth->confirm('change-password')->getToken($user);

    return $this->view('reset-password/change-password', ['token' => $postToken]);
  }

  /**
   * @route POST /change-password
   */
  public function changePasswordAction(): Response
  {
    $token = $this->getRequiredInputParam('token');
    $user = $this->auth->confirm('change-password')->from($token);

    $password = $this->getRequiredInputParam('password');
    $user->changePassword($password)->save();

    // User is automatically logged in after password change
    $this->auth->loginAs($user);

    $this->session->flash('Your password has been changed');

    return $this->redirect('/admin');
  }
}
	<?php

	declare(strict_types=1);

	use Jasny\Auth;
	use Jasny\Auth\Confirmation\InvalidTokenException;
	use Jasny\Persist\Gateway;
	use Jasny\Session;
	use Psr\Http\Message\ResponseInterface as Response;

	/**
	* Controller for password reset.
	*
	* @link https://postmarkapp.com/guides/password-reset-email-best-practices
	*/
	class PasswordResetController extends BaseController
	{
	protected Auth $auth;
	protected Session $session;

	/** @var Gateway<User> */
	protected Gateway $users;

	/**
	* @param Auth $auth
	* @param Session $session
	* @param Gateway<User> $users
	*/
	public function __construct(Auth $auth, Session $session, Gateway $users)
	{
	init_object($this, get_defined_vars());

	$this->onException(InvalidTokenException:class, function () {
	$this->session->flash('The link to change your password is no longer valid');
	return $this->redirect('/login');
	});
	}

	/**
	* @route GET /reset-password
	*/
	public function showResetPasswordAction(): Response
	{
	return $this->view('reset-password/reset-password');
	}

	/**
	* @route POST /reset-password
	*/
	public function resetPasswordAction(): Response
	{
	$email = $this->getRequiredInputParam('email', \FILTER_VALIDATE_EMAIL);
	$user = $this->users->findOne(compact('email'));

	if ($user === null) {
	$this->email('reset-password-unknown')->sendTo($email);
	} else {
	$token = $this->auth->confirm('reset-password')->getToken($user, new DateTime('+48hours'));
	$this->email('reset-password', compact('user', 'token'))->sendTo($user);
	}

	$this->session->flash('An e-mail has been send to <strong>%s</strong>', $email);

	return $this->redirect('/login');
	}

	/**
	* @route GET /change-password
	*/
	public function showChangePasswordAction(): Response
	{
	$token = $this->getRequiredQueryParam('token');
	$user = $this->auth->confirm('reset-password')->from($token);

	$postToken = $this->auth->confirm('change-password')->getToken($user);

	return $this->view('reset-password/change-password', ['token' => $postToken]);
	}

	/**
	* @route POST /change-password
	*/
	public function changePasswordAction(): Response
	{
	$token = $this->getRequiredInputParam('token');
	$user = $this->auth->confirm('change-password')->from($token);

	$password = $this->getRequiredInputParam('password');
	$user->changePassword($password)->save();

	// User is automatically logged in after password change
	$this->auth->loginAs($user);

	$this->session->flash('Your password has been changed');

	return $this->redirect('/admin');
	}
	}