chore: commit current workspace changes

app/Http/Controllers/Auth/NewPasswordController.php

@@ -4,17 +4,24 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use App\Models\User;
+use App\Services\Auth\AuthAuditLogger;
 use Illuminate\Auth\Events\PasswordReset;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\Str;
 use Illuminate\Validation\Rules;
 use Illuminate\View\View;
 
 class NewPasswordController extends Controller
 {
+    public function __construct(
+        private readonly AuthAuditLogger $authAuditLogger,
+    ) {
+    }
+
     /**
      * Display the password reset view.
      */
@@ -30,17 +37,36 @@ class NewPasswordController extends Controller
      */
     public function store(Request $request): RedirectResponse
     {
-        $request->validate([
+        $validator = Validator::make($request->all(), [
             'token' => ['required'],
             'email' => ['required', 'email'],
             'password' => ['required', 'confirmed', Rules\Password::defaults()],
         ]);
 
-        // Here we will attempt to reset the user's password. If it is successful we
-        // will update the password on an actual user model and persist it to the
-        // database. Otherwise we will parse the error and return the response.
+        if ($validator->fails()) {
+            $this->authAuditLogger->log(
+                eventType: 'reset_password',
+                request: $request,
+                status: 'failed',
+                reason: 'validation_failed',
+                identifier: (string) $request->input('email'),
+                metadata: ['fields' => array_keys($validator->errors()->toArray())],
+            );
+
+            $validator->validate();
+        }
+
+        $validated = $validator->validated();
+        $email = strtolower(trim((string) $validated['email']));
+        $user = User::query()->whereRaw('LOWER(email) = ?', [$email])->first();
+
         $status = Password::reset(
-            $request->only('email', 'password', 'password_confirmation', 'token'),
+            [
+                'email' => $email,
+                'password' => (string) $validated['password'],
+                'password_confirmation' => (string) $request->input('password_confirmation'),
+                'token' => (string) $validated['token'],
+            ],
             function (User $user) use ($request) {
                 $user->forceFill([
                     'password' => Hash::make($request->password),
@@ -51,12 +77,20 @@ class NewPasswordController extends Controller
             }
         );
 
-        // If the password was successfully reset, we will redirect the user back to
-        // the application's home authenticated view. If there is an error we can
-        // redirect them back to where they came from with their error message.
-        return $status == Password::PASSWORD_RESET
+        $success = $status === Password::PASSWORD_RESET;
+
+        $this->authAuditLogger->log(
+            eventType: 'reset_password',
+            request: $request,
+            status: $success ? 'success' : 'failed',
+            reason: strtolower((string) $status),
+            identifier: $email,
+            user: $user,
+        );
+
+        return $success
                     ? redirect()->route('login')->with('status', __($status))
-                    : back()->withInput($request->only('email'))
+                    : back()->withInput(['email' => $email])
                         ->withErrors(['email' => __($status)]);
     }
 }