feat: Allow additional reset password params, introduce ForgotPasswordValidator (#3671)

* feat: Allow additional reset password params, introduce 'ForgotPasswordValidator'

* Apply fixes from StyleCI

Co-authored-by: StyleCI Bot <[email protected]>

Author: imorland

framework/core/js/src/forum/components/ForgotPasswordModal.tsx

@@ -5,6 +5,7 @@ import extractText from '../../common/utils/extractText';
 import Stream from '../../common/utils/Stream';
 import Mithril from 'mithril';
 import RequestError from '../../common/utils/RequestError';
+import ItemList from '../../common/utils/ItemList';
 
 export interface IForgotPasswordModalAttrs extends IInternalModalAttrs {
   email?: string;
@@ -52,38 +53,55 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
       );
     }
 
-    const emailLabel = extractText(app.translator.trans('core.forum.forgot_password.email_placeholder'));
-
     return (
       <div className="Modal-body">
         <div className="Form Form--centered">
           <p className="helpText">{app.translator.trans('core.forum.forgot_password.text')}</p>
-          <div className="Form-group">
-            <input
-              className="FormControl"
-              name="email"
-              type="email"
-              placeholder={emailLabel}
-              aria-label={emailLabel}
-              bidi={this.email}
-              disabled={this.loading}
-            />
-          </div>
-          <div className="Form-group">
-            {Button.component(
-              {
-                className: 'Button Button--primary Button--block',
-                type: 'submit',
-                loading: this.loading,
-              },
-              app.translator.trans('core.forum.forgot_password.submit_button')
-            )}
-          </div>
+          {this.fields().toArray()}
         </div>
       </div>
     );
   }
 
+  fields() {
+    const items = new ItemList();
+
+    const emailLabel = extractText(app.translator.trans('core.forum.forgot_password.email_placeholder'));
+
+    items.add(
+      'email',
+      <div className="Form-group">
+        <input
+          className="FormControl"
+          name="email"
+          type="email"
+          placeholder={emailLabel}
+          aria-label={emailLabel}
+          bidi={this.email}
+          disabled={this.loading}
+        />
+      </div>,
+      50
+    );
+
+    items.add(
+      'submit',
+      <div className="Form-group">
+        {Button.component(
+          {
+            className: 'Button Button--primary Button--block',
+            type: 'submit',
+            loading: this.loading,
+          },
+          app.translator.trans('core.forum.forgot_password.submit_button')
+        )}
+      </div>,
+      -10
+    );
+
+    return items;
+  }
+
   onsubmit(e: SubmitEvent) {
     e.preventDefault();
 
@@ -93,7 +111,7 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
       .request({
         method: 'POST',
         url: app.forum.attribute('apiUrl') + '/forgot',
-        body: { email: this.email() },
+        body: this.requestParams(),
         errorHandler: this.onerror.bind(this),
       })
       .then(() => {
@@ -104,6 +122,14 @@ export default class ForgotPasswordModal<CustomAttrs extends IForgotPasswordModa
       .then(this.loaded.bind(this));
   }
 
+  requestParams(): Record<string, unknown> {
+    const data = {
+      email: this.email(),
+    };
+
+    return data;
+  }
+
   onerror(error: RequestError) {
     if (error.status === 404 && error.alert) {
       error.alert.content = app.translator.trans('core.forum.forgot_password.not_found_message');

framework/core/src/Api/Controller/ForgotPasswordController.php

@@ -9,11 +9,10 @@
 
 namespace Flarum\Api\Controller;
 
+use Flarum\Api\ForgotPasswordValidator;
 use Flarum\User\Job\RequestPasswordResetJob;
 use Illuminate\Contracts\Queue\Queue;
-use Illuminate\Contracts\Validation\Factory;
 use Illuminate\Support\Arr;
-use Illuminate\Validation\ValidationException;
 use Laminas\Diactoros\Response\EmptyResponse;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -27,31 +26,26 @@ class ForgotPasswordController implements RequestHandlerInterface
     protected $queue;
 
     /**
-     * @var Factory
+     * @var ForgotPasswordValidator
      */
-    protected $validatorFactory;
+    protected $validator;
 
-    public function __construct(Queue $queue, Factory $validatorFactory)
+    public function __construct(Queue $queue, ForgotPasswordValidator $validator)
     {
         $this->queue = $queue;
-        $this->validatorFactory = $validatorFactory;
+        $this->validator = $validator;
     }
 
     /**
      * {@inheritdoc}
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $email = Arr::get($request->getParsedBody(), 'email');
+        $params = $request->getParsedBody();
 
-        $validation = $this->validatorFactory->make(
-            compact('email'),
-            ['email' => 'required|email']
-        );
+        $this->validator->assertValid($params);
 
-        if ($validation->fails()) {
-            throw new ValidationException($validation);
-        }
+        $email = Arr::get($params, 'email');
 
         // Prevents leaking user existence by not throwing an error.
         // Prevents leaking user existence by duration by using a queued job.

framework/core/src/Api/ForgotPasswordValidator.php

@@ -0,0 +1,29 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Api;
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+use Flarum\Foundation\AbstractValidator;
+
+class ForgotPasswordValidator extends AbstractValidator
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected $rules = [
+        'email' => ['required', 'email']
+    ];
+}