accounts/api/models/authentication/RecoverPasswordForm.php
ErickSkrauch bdc96d82c1 Реорганизована выдача JWT токенов
Добавлен механизм сохранения сессий и refresh_token
2016-05-30 02:44:17 +03:00

76 lines
2.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace api\models\authentication;
use api\models\AccountIdentity;
use api\models\base\KeyConfirmationForm;
use common\models\EmailActivation;
use common\validators\PasswordValidate;
use Yii;
use yii\base\ErrorException;
class RecoverPasswordForm extends KeyConfirmationForm {
public $newPassword;
public $newRePassword;
public function rules() {
return array_merge(parent::rules(), [
[['newPassword', 'newRePassword'], 'required', 'message' => 'error.{attribute}_required'],
['newPassword', PasswordValidate::class],
['newRePassword', 'validatePasswordAndRePasswordMatch'],
]);
}
public function validatePasswordAndRePasswordMatch($attribute) {
if (!$this->hasErrors()) {
if ($this->newPassword !== $this->newRePassword) {
$this->addError($attribute, 'error.rePassword_does_not_match');
}
}
}
public function recoverPassword() {
if (!$this->validate()) {
return false;
}
$confirmModel = $this->getActivationCodeModel();
if ($confirmModel->type !== EmailActivation::TYPE_FORGOT_PASSWORD_KEY) {
$confirmModel->delete();
// TODO: вот где-то здесь нужно ещё попутно сгенерировать соответствующую ошибку
return false;
}
$transaction = Yii::$app->db->beginTransaction();
try {
$account = $confirmModel->account;
$account->password = $this->newPassword;
if (!$confirmModel->delete()) {
throw new ErrorException('Unable remove activation key.');
}
if (!$account->save()) {
throw new ErrorException('Unable activate user account.');
}
$transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
if (YII_DEBUG) {
throw $e;
} else {
return false;
}
}
// TODO: ещё было бы неплохо уведомить пользователя о том, что его пароль изменился
/** @var \api\components\User\Component $component */
$component = Yii::$app->user;
return $component->login(new AccountIdentity($account->attributes), false);
}
}