Password change needs to require user login to reset some cookies
closes #1793
This commit is contained in:
parent
5f13531c69
commit
158958d82d
3 changed files with 25 additions and 8 deletions
|
@ -4,6 +4,8 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
|
|||
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Auth\AuthManager;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Services\Users\UserUpdateService;
|
||||
use Pterodactyl\Transformers\Api\Client\AccountTransformer;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Account\UpdateEmailRequest;
|
||||
|
@ -16,16 +18,23 @@ class AccountController extends ClientApiController
|
|||
*/
|
||||
private $updateService;
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Auth\SessionGuard
|
||||
*/
|
||||
private $sessionGuard;
|
||||
|
||||
/**
|
||||
* AccountController constructor.
|
||||
*
|
||||
* @param \Illuminate\Auth\AuthManager $sessionGuard
|
||||
* @param \Pterodactyl\Services\Users\UserUpdateService $updateService
|
||||
*/
|
||||
public function __construct(UserUpdateService $updateService)
|
||||
public function __construct(AuthManager $sessionGuard, UserUpdateService $updateService)
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->updateService = $updateService;
|
||||
$this->sessionGuard = $sessionGuard;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -56,18 +65,21 @@ class AccountController extends ClientApiController
|
|||
}
|
||||
|
||||
/**
|
||||
* Update the authenticated user's password.
|
||||
* Update the authenticated user's password. All existing sessions will be logged
|
||||
* out immediately.
|
||||
*
|
||||
* @param \Pterodactyl\Http\Requests\Api\Client\Account\UpdatePasswordRequest $request
|
||||
* @return \Illuminate\Http\Response
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function updatePassword(UpdatePasswordRequest $request): Response
|
||||
public function updatePassword(UpdatePasswordRequest $request): \Illuminate\Http\JsonResponse
|
||||
{
|
||||
$this->updateService->handle($request->user(), $request->validated());
|
||||
|
||||
return response('', Response::HTTP_CREATED);
|
||||
$this->sessionGuard->logoutOtherDevices($request->input('current_password'));
|
||||
|
||||
return JsonResponse::create([], Response::HTTP_NO_CONTENT);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,8 +34,8 @@ export default () => {
|
|||
clearFlashes('account:password');
|
||||
updateAccountPassword({ ...values })
|
||||
.then(() => {
|
||||
resetForm();
|
||||
addFlash({ key: 'account:password', type: 'success', message: 'Your password has been updated.' });
|
||||
// @ts-ignore
|
||||
window.location = '/auth/login';
|
||||
})
|
||||
.catch(error => addFlash({
|
||||
key: 'account:password',
|
||||
|
|
|
@ -11,7 +11,12 @@ type Props = Readonly<React.DetailedHTMLProps<React.HTMLAttributes<HTMLDivElemen
|
|||
export default ({ title, borderColor, showFlashes, children, ...props }: Props) => (
|
||||
<div {...props}>
|
||||
{title && <h2 className={'text-neutral-300 mb-4 px-4'}>{title}</h2>}
|
||||
{showFlashes && <FlashMessageRender byKey={typeof showFlashes === 'string' ? showFlashes : undefined}/>}
|
||||
{showFlashes &&
|
||||
<FlashMessageRender
|
||||
byKey={typeof showFlashes === 'string' ? showFlashes : undefined}
|
||||
className={'mb-4'}
|
||||
/>
|
||||
}
|
||||
<div className={classNames('bg-neutral-700 p-4 rounded shadow-lg relative', borderColor, {
|
||||
'border-t-4': !!borderColor,
|
||||
})}>
|
||||
|
|
Loading…
Reference in a new issue