feat(api): refactored private API to request new password

thorsten · thorsten · commit e4caee0959e2 · 2024-03-03T12:25:30.000+01:00
diff --git a/nginx.conf b/nginx.conf
@@ -76,7 +76,7 @@ server {
             rewrite user/(ucp|bookmarks|request-removal|logout)     /index.php?action=$1 last;
 
             # Private APIs
-            rewrite api/(autocomplete|bookmark/([0-9]+))            /api/index.php last;
+            rewrite api/(autocomplete|bookmark/([0-9]+)|user/(.*))  /api/index.php last;
 
             # Setup APIs
             rewrite api/setup/(check|backup|update-database)        /api/index.php last;
diff --git a/phpmyfaq/.htaccess b/phpmyfaq/.htaccess
@@ -95,7 +95,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     RewriteRule user/(ucp|bookmarks|request-removal|logout) index.php?action=$1 [L,QSA]
 
     # Private APIs
-    RewriteRule api/(autocomplete|bookmark/([0-9]+)|user/data/update) api/index.php [L,QSA]
+    RewriteRule api/(autocomplete|bookmark/([0-9]+)|user/(.*)) api/index.php [L,QSA]
 
     # Setup APIs
     RewriteRule api/setup/(check|backup|update-database) api/index.php [L,QSA]
diff --git a/phpmyfaq/api.service.php b/phpmyfaq/api.service.php
@@ -19,7 +19,6 @@
 
 const IS_VALID_PHPMYFAQ = null;
 
-use phpMyFAQ\Bookmark;
 use phpMyFAQ\Captcha\Captcha;
 use phpMyFAQ\Category;
 use phpMyFAQ\Comments;
@@ -844,68 +843,6 @@
 
         break;
 
-    //
-    // Change password
-    //
-    case 'change-password':
-        $postData = json_decode(file_get_contents('php://input'), true, 512, JSON_THROW_ON_ERROR);
-        $username = trim((string) Filter::filterVar($postData['username'], FILTER_SANITIZE_SPECIAL_CHARS));
-        $email = trim((string) Filter::filterVar($postData['email'], FILTER_VALIDATE_EMAIL));
-
-        if ($username !== '' && $username !== '0' && ($email !== '' && $email !== '0')) {
-            $user = new CurrentUser($faqConfig);
-            $loginExist = $user->getUserByLogin($username);
-
-            if ($loginExist && ($email == $user->getUserData('email'))) {
-                try {
-                    $newPassword = $user->createPassword();
-                } catch (Exception $exception) {
-                    $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                    $response->setData(['error' => $exception->getMessage()]);
-                }
-
-                try {
-                    $user->changePassword($newPassword);
-                } catch (Exception $exception) {
-                    $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                    $response->setData(['error' => $exception->getMessage()]);
-                }
-
-                $text = Translation::get('lostpwd_text_1') . "\nUsername: " . $username . "\nNew Password: " .
-                    $newPassword . "\n\n" . Translation::get('lostpwd_text_2');
-
-                $mailer = new Mail($faqConfig);
-                try {
-                    $mailer->addTo($email);
-                } catch (Exception $exception) {
-                    $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                    $response->setData(['error' => $exception->getMessage()]);
-                }
-
-                $mailer->subject = Utils::resolveMarkers('[%sitename%] Username / password request', $faqConfig);
-                $mailer->message = $text;
-                try {
-                    $result = $mailer->send();
-                } catch (Exception | TransportExceptionInterface $exception) {
-                    $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                    $response->setData(['error' => $exception->getMessage()]);
-                }
-
-                unset($mailer);
-                // Trust that the email has been sent
-                $response->setStatusCode(Response::HTTP_OK);
-                $response->setData(['success' => Translation::get('lostpwd_mail_okay')]);
-            } else {
-                $response->setStatusCode(Response::HTTP_CONFLICT);
-                $response->setData(['error' => Translation::get('lostpwd_err_1')]);
-            }
-        } else {
-            $response->setStatusCode(Response::HTTP_CONFLICT);
-            $response->setData(['error' => Translation::get('lostpwd_err_2')]);
-        }
-
-        break;
-
     //
     // Request removal of user
     //
diff --git a/phpmyfaq/assets/src/api/user.js b/phpmyfaq/assets/src/api/user.js
@@ -37,3 +37,26 @@ export const updateUserControlPanelData = async (data) => {
     console.error(error);
   }
 };
+
+export const updateUserPassword = async (data) => {
+  try {
+    const response = await fetch('api/user/password/update', {
+      method: 'PUT',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(serialize(data)),
+      redirect: 'follow',
+      referrerPolicy: 'no-referrer',
+    });
+
+    if (response.ok) {
+      return await response.json();
+    } else {
+      return await response.json();
+    }
+  } catch (error) {
+    console.error(error);
+  }
+};
diff --git a/phpmyfaq/assets/src/frontend.js b/phpmyfaq/assets/src/frontend.js
@@ -19,9 +19,9 @@ import Masonry from 'masonry-layout';
 import { handleBookmarks, saveFormData } from './api';
 import { handleComments, handleSaveComment, handleUserVoting } from './faq';
 import { handleAutoComplete, handleQuestion } from './search';
+import { handleUserControlPanel, handleUserPassword } from './user';
 import { calculateReadingTime, handlePasswordStrength, handlePasswordToggle, handleReloadCaptcha } from './utils';
 import './utils/tooltip';
-import { handleUserControlPanel } from './user';
 
 //
 // Reload Captchas
@@ -66,6 +66,11 @@ handleBookmarks();
 //
 handleUserControlPanel();
 
+//
+// Handle user password
+//
+handleUserPassword();
+
 //
 // Masonry on startpage
 //
diff --git a/phpmyfaq/assets/src/user/index.js b/phpmyfaq/assets/src/user/index.js
@@ -1 +1,2 @@
+export * from './password';
 export * from './ucp';
diff --git a/phpmyfaq/assets/src/user/password.js b/phpmyfaq/assets/src/user/password.js
@@ -0,0 +1,51 @@
+/**
+ * User request password functionality
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @copyright 2024 phpMyFAQ Team
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2024-03-03
+ */
+
+import { updateUserPassword } from '../api/user';
+import { addElement } from '../utils';
+
+export const handleUserPassword = () => {
+  const changePasswordSubmit = document.getElementById('pmf-submit-password');
+
+  if (changePasswordSubmit) {
+    changePasswordSubmit.addEventListener('click', async (event) => {
+      event.preventDefault();
+
+      const form = document.querySelector('#pmf-password-form');
+      const loader = document.getElementById('loader');
+      const formData = new FormData(form);
+
+      const response = await updateUserPassword(formData);
+
+      if (response.success) {
+        loader.classList.add('d-none');
+        const message = document.getElementById('pmf-password-response');
+        message.insertAdjacentElement(
+          'afterend',
+          addElement('div', { classList: 'alert alert-success', innerText: response.success })
+        );
+      }
+
+      if (response.error) {
+        loader.classList.add('d-none');
+        const message = document.getElementById('pmf-password-response');
+        message.insertAdjacentElement(
+          'afterend',
+          addElement('div', { classList: 'alert alert-danger', innerText: response.error })
+        );
+      }
+    });
+  }
+};
diff --git a/phpmyfaq/assets/themes/default/templates/password.html b/phpmyfaq/assets/themes/default/templates/password.html
@@ -1,38 +1,50 @@
 <section class="col-12">
-  <h1>{{ pageHeader }}</h1>
 
   <div class="row mb-2">
     <div class="col">
       <div class="spinner-border text-primary d-none" id="loader" role="status">
         <span class="visually-hidden">Loading...</span>
       </div>
-      <div id="faqs"></div>
+      <div id="pmf-password-response"></div>
     </div>
   </div>
 
-  <form id="formValues" action="#" method="post" accept-charset="utf-8" class="needs-validation" novalidate>
-    <input type="hidden" name="lang" id="lang" value="{{ lang }}" />
+  <div class="row">
+    <div class="col-6 offset-3">
+      <div class="card shadow">
+        <div class="card-header">
+          <h4 class="card-title">{{ pageHeader }}</h4>
+        </div>
+        <div class="card-body">
+          <form id="pmf-password-form" action="#" method="post" accept-charset="utf-8" class="needs-validation"
+                novalidate>
+            <input type="hidden" name="lang" id="lang" value="{{ lang }}">
 
-    <div class="row mb-2">
-      <label class="col-3 form-control-label" for="username">{{ msgUsername }}</label>
-      <div class="col-9">
-        <input class="form-control" type="text" name="username" id="username" required autofocus />
-      </div>
-    </div>
+            <div class="row mb-2">
+              <label class="col-3 form-control-label" for="username">{{ msgUsername }}</label>
+              <div class="col-9">
+                <input class="form-control" type="text" name="username" id="username" required autofocus>
+              </div>
+            </div>
 
-    <div class="row mb-2">
-      <label class="col-3 form-control-label" for="email">{{ msgEmail }}</label>
-      <div class="col-9">
-        <input class="form-control" type="email" name="email" id="email" required />
-      </div>
-    </div>
+            <div class="row mb-2">
+              <label class="col-3 form-control-label" for="email">{{ msgEmail }}</label>
+              <div class="col-9">
+                <input class="form-control" type="email" name="email" id="email" required>
+              </div>
+            </div>
 
-    <div class="row mb-2">
-      <div class="col-sm-12 text-end">
-        <button class="btn btn-primary" type="submit" id="pmf-submit-values" data-pmf-form="change-password">
-          {{ msgSubmit }}
-        </button>
+            <div class="row mb-2">
+              <div class="col-sm-12 text-end">
+                <button class="btn btn-primary" type="submit" id="pmf-submit-password" data-pmf-form="change-password">
+                  {{ msgSubmit }}
+                </button>
+              </div>
+            </div>
+          </form>
+        </div>
       </div>
     </div>
-  </form>
+  </div>
+
 </section>
diff --git a/phpmyfaq/src/api-routes.php b/phpmyfaq/src/api-routes.php
@@ -164,6 +164,10 @@
     'api.bookmark',
     new Route('bookmark/{bookmarkId}', ['_controller' => [BookmarkController::class, 'delete'], '_methods' => 'DELETE'])
 );
+$routes->add(
+    'api.user.password',
+    new Route('user/password/update', ['_controller' => [UserController::class, 'updatePassword'], '_methods' => 'PUT'])
+);
 $routes->add(
     'api.user.update',
     new Route('user/data/update', ['_controller' => [UserController::class, 'updateData'], '_methods' => 'PUT'])
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php
@@ -21,12 +21,15 @@
 use phpMyFAQ\Controller\AbstractController;
 use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Filter;
+use phpMyFAQ\Mail;
 use phpMyFAQ\Session\Token;
 use phpMyFAQ\Translation;
 use phpMyFAQ\User\CurrentUser;
+use phpMyFAQ\Utils;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
 use Symfony\Component\Routing\Attribute\Route;
 
 class UserController extends AbstractController
@@ -128,4 +131,80 @@ public function updateData(Request $request): JsonResponse
 
         return $jsonResponse;
     }
+
+    /**
+     * @throws Exception
+     */
+    #[Route('api/user/data/update', methods: ['PUT'])]
+    public function updatePassword(Request $request): JsonResponse
+    {
+        $jsonResponse = new JsonResponse();
+        $configuration = Configuration::getConfigurationInstance();
+        $user = CurrentUser::getCurrentUser($configuration);
+
+        $data = json_decode($request->getContent());
+
+        $username = trim((string) Filter::filterVar($data->username, FILTER_SANITIZE_SPECIAL_CHARS));
+        $email = trim((string) Filter::filterVar($data->email, FILTER_VALIDATE_EMAIL));
+        if ($username !== '' && $username !== '0' && ($email !== '' && $email !== '0')) {
+            $loginExist = $user->getUserByLogin($username);
+
+            if ($loginExist && ($email == $user->getUserData('email'))) {
+                try {
+                    $newPassword = $user->createPassword();
+                } catch (Exception $exception) {
+                    $jsonResponse->setStatusCode(Response::HTTP_BAD_REQUEST);
+                    $jsonResponse->setData(['error' => $exception->getMessage()]);
+                    return $jsonResponse;
+                }
+
+                try {
+                    $user->changePassword($newPassword);
+                } catch (\Exception $exception) {
+                    $jsonResponse->setStatusCode(Response::HTTP_BAD_REQUEST);
+                    $jsonResponse->setData(['error' => $exception->getMessage()]);
+                    return $jsonResponse;
+                }
+
+                $text = Translation::get('lostpwd_text_1') .
+                    sprintf('<br><br>Username: %s', $username) .
+                    sprintf('<br>New Password: %s<br><br>', $newPassword) .
+                    Translation::get('lostpwd_text_2');
+
+                $mailer = new Mail($configuration);
+                try {
+                    $mailer->addTo($email);
+                } catch (Exception $exception) {
+                    $jsonResponse->setStatusCode(Response::HTTP_BAD_REQUEST);
+                    $jsonResponse->setData(['error' => $exception->getMessage()]);
+                    return $jsonResponse;
+                }
+
+                $mailer->subject = Utils::resolveMarkers('[%sitename%] Username / password request', $configuration);
+                $mailer->message = $text;
+                try {
+                    $result = $mailer->send();
+                } catch (Exception | TransportExceptionInterface $exception) {
+                    $jsonResponse->setStatusCode(Response::HTTP_BAD_REQUEST);
+                    $jsonResponse->setData(['error' => $exception->getMessage()]);
+                    return $jsonResponse;
+                }
+
+                unset($mailer);
+                // Trust that the email has been sent
+                $jsonResponse->setStatusCode(Response::HTTP_OK);
+                $jsonResponse->setData(['success' => Translation::get('lostpwd_mail_okay')]);
+            } else {
+                $jsonResponse->setStatusCode(Response::HTTP_CONFLICT);
+                $jsonResponse->setData(['error' => Translation::get('lostpwd_err_1')]);
+                return $jsonResponse;
+            }
+        } else {
+            $jsonResponse->setStatusCode(Response::HTTP_CONFLICT);
+            $jsonResponse->setData(['error' => Translation::get('lostpwd_err_2')]);
+            return $jsonResponse;
+        }
+
+        return $jsonResponse;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
	`1`	`+export * from './password';`
`1`	`2`	`export * from './ucp';`