Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
97.37% covered (success)
97.37%
37 / 38
50.00% covered (danger)
50.00%
1 / 2
 CRAP
0.00% covered (danger)
0.00%
0 / 1
ResetPasswordEndpoint
97.37% covered (success)
97.37%
37 / 38
50.00% covered (danger)
50.00%
1 / 2
 5
0.00% covered (danger)
0.00%
0 / 1
 handle
100.00% covered (success)
100.00%
37 / 37
100.00% covered (success)
100.00%
1 / 1
 4
 getRandomPassword
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
1<?php
2
3namespace Olz\Api\Endpoints;
4
5use Olz\Api\OlzTypedEndpoint;
6use Symfony\Component\Mime\Email;
7
8/**
9 * @extends OlzTypedEndpoint<
10 *   array{
11 *     usernameOrEmail: non-empty-string,
12 *     captchaToken: non-empty-string,
13 *   },
14 *   array{
15 *     status: 'OK'|'DENIED'|'ERROR',
16 *   }
17 * >
18 */
19class ResetPasswordEndpoint extends OlzTypedEndpoint {
20    protected function handle(mixed $input): mixed {
21        $username_or_email = trim($input['usernameOrEmail']);
22        $user = $this->authUtils()->resolveUsernameOrEmail($username_or_email);
23        if (!$user) {
24            $this->log()->notice("Password reset for unknown user: {$username_or_email}.");
25            return ['status' => 'DENIED'];
26        }
27
28        $token = $input['captchaToken'];
29        if (!$this->captchaUtils()->validateToken($token)) {
30            return ['status' => 'DENIED'];
31        }
32
33        $user_id = $user->getId();
34        $new_password = $this->getRandomPassword();
35        $reset_password_token = urlencode($this->emailUtils()->encryptEmailReactionToken([
36            'action' => 'reset_password',
37            'user' => $user_id,
38            'new_password' => $new_password,
39        ]));
40        $base_url = $this->envUtils()->getBaseHref();
41        $code_href = $this->envUtils()->getCodeHref();
42        $reset_password_url = "{$base_url}{$code_href}email_reaktion?token={$reset_password_token}";
43        $text = <<<ZZZZZZZZZZ
44            **!!! Falls du nicht soeben dein Passwort zurücksetzen wolltest, lösche diese E-Mail !!!**
45
46            Hallo {$user->getFirstName()},
47
48            *Falls du dein Passwort zurückzusetzen möchtest*, klicke [hier]({$reset_password_url}}) oder auf folgenden Link:
49
50            {$reset_password_url}
51
52            Dein neues Passwort lautet dann nachher:
53            `{$new_password}`
54
55            ZZZZZZZZZZ;
56        $config = [
57            'no_unsubscribe' => true,
58        ];
59
60        try {
61            $email = (new Email())->subject("[OLZ] Passwort zurücksetzen");
62            $email = $this->emailUtils()->buildOlzEmail($email, $user, $text, $config);
63            $this->emailUtils()->send($email);
64            $this->log()->info("Password reset email sent to user ({$user_id}).");
65        } catch (\Exception $exc) {
66            $message = $exc->getMessage();
67            $this->log()->critical("Error sending password reset email to user ({$user_id}): {$message}");
68            return ['status' => 'ERROR'];
69        }
70
71        return ['status' => 'OK'];
72    }
73
74    protected function getRandomPassword(): string {
75        return $this->generalUtils()->base64EncodeUrl(openssl_random_pseudo_bytes(6));
76    }
77}