bert.hausmans
02c4b4fd5f
Add forgot-password and reset-password API routes with rate limiting. Customize reset URL to point to portal frontend via AppServiceProvider. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
49 lines
1.4 KiB
PHP
49 lines
1.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers\Api\V1;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Facades\Password;
|
|
|
|
final class PasswordResetController extends Controller
|
|
{
|
|
public function sendResetLink(Request $request): JsonResponse
|
|
{
|
|
$request->validate(['email' => 'required|email']);
|
|
|
|
Password::sendResetLink(['email' => strtolower($request->email)]);
|
|
|
|
// Always return success (don't leak whether email exists)
|
|
return $this->success(
|
|
message: 'Als dit emailadres bij ons bekend is, ontvang je een link om je wachtwoord te resetten.'
|
|
);
|
|
}
|
|
|
|
public function resetPassword(Request $request): JsonResponse
|
|
{
|
|
$request->validate([
|
|
'token' => 'required',
|
|
'email' => 'required|email',
|
|
'password' => 'required|min:8|confirmed',
|
|
]);
|
|
|
|
$status = Password::reset(
|
|
$request->only('email', 'password', 'password_confirmation', 'token'),
|
|
function ($user, $password) {
|
|
$user->forceFill(['password' => Hash::make($password)])->save();
|
|
}
|
|
);
|
|
|
|
if ($status === Password::PASSWORD_RESET) {
|
|
return $this->success(message: 'Wachtwoord succesvol gewijzigd.');
|
|
}
|
|
|
|
return $this->error(__($status), 422);
|
|
}
|
|
}
|