From 300879847f421b6fa2c88910a44be07657055740 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 21 Jun 2022 14:33:10 -0700
Subject: [PATCH] =?UTF-8?q?Added=20a=20few=20comments=20to=20make=20it=20c?=
 =?UTF-8?q?learer=20what=E2=80=99s=20happening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: snipe <snipe@snipe.net>
---
 .../Auth/ResetPasswordController.php          | 22 ++++++++-----------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
index 99c1580c1..ec99ed975 100644
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -81,9 +81,10 @@ class ResetPasswordController extends Controller
         $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
 
         // Check to see if the user even exists
-        if ($user = User::where('username', '=', $request->input('username'))->first()) {
+        if ($user = User::where('username', '=', $request->input('username'))->whereNotNull('email')->first()) {
             $broker = $this->broker();
 
+            // handle the password validation rules set by the admin settings
             if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
                 $request->validate(
                     [
@@ -91,30 +92,25 @@ class ResetPasswordController extends Controller
                     ], $messages);
             }
 
+            // send the reset
             $response = $broker->reset(
                 $this->credentials($request), function ($user, $password) {
                 $this->resetPassword($user, $password);
-            }
-        );
+            });
 
-            return $response == \Password::PASSWORD_RESET
-                    ? $this->sendResetResponse($request, $response)
-                    : $this->sendResetFailedResponse($request, $response);
         }
-
-        // the user doesn't exist, so we're not really sending anything here
-        return redirect()->route('login')
-            ->withInput(['username'=> $request->input('username')])
-            ->with('success', trans('passwords.sent'));
+        // This is laravel magic - we override the sendResetFailedResponse further down to send a success message even if it failed
+        return $response == \Password::PASSWORD_RESET
+            ? $this->sendResetResponse($request, $response)
+            : $this->sendResetFailedResponse($request, $response);
 
     }
 
 
-
     protected function sendResetFailedResponse(Request $request, $response)
     {
         return redirect()->back()
             ->withInput(['username'=> $request->input('username')])
-            ->withErrors(['username' => trans($response), 'password' => trans($response)]);
+            ->with('success', trans('passwords.sent'));
     }
 }