From b02d0b3ddf3c5c7bdf7fd3411378edbf431fe8d2 Mon Sep 17 00:00:00 2001
From: iIronside <iironside@yandex.ru>
Date: Wed, 18 Oct 2023 16:26:49 +0300
Subject: [PATCH] add reset pass method to api

---
 common/mail/passwordResetToken-html.php       |   6 +-
 common/models/email/ResetPasswordEmail.php    |  20 +++
 .../api/controllers/RegisterController.php    | 116 ++++++++++++++++++
 3 files changed, 138 insertions(+), 4 deletions(-)
 create mode 100644 common/models/email/ResetPasswordEmail.php

diff --git a/common/mail/passwordResetToken-html.php b/common/mail/passwordResetToken-html.php
index f3daf49..ef8cf72 100755
--- a/common/mail/passwordResetToken-html.php
+++ b/common/mail/passwordResetToken-html.php
@@ -3,13 +3,11 @@ use yii\helpers\Html;
 
 /* @var $this yii\web\View */
 /* @var $user common\models\User */
-
-$resetLink = Yii::$app->urlManager->createAbsoluteUrl(['site/reset-password', 'token' => $user->password_reset_token]);
 ?>
 <div class="password-reset">
     <p>Hello <?= Html::encode($user->username) ?>,</p>
 
-    <p>Follow the link below to reset your password:</p>
+    <p>Your reset token:</p>
 
-    <p><?= Html::a(Html::encode($resetLink), $resetLink) ?></p>
+    <p><?= $user->password_reset_token ?></p>
 </div>
diff --git a/common/models/email/ResetPasswordEmail.php b/common/models/email/ResetPasswordEmail.php
new file mode 100644
index 0000000..89af2bb
--- /dev/null
+++ b/common/models/email/ResetPasswordEmail.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace common\models\email;
+
+use common\models\User;
+use Yii;
+
+class ResetPasswordEmail extends Email
+{
+    /**
+     * @param User $user
+     */
+    public function __construct(User $user)
+    {
+        $this->sendTo = $user->email;
+        $this->subject = 'Password reset for ' . Yii::$app->name;
+        $this->mailLayout = ['html' => 'passwordResetToken-html', 'text' => 'passwordResetToken-text']; //+
+        $this->params = ['user' => $user];//+
+    }
+}
\ No newline at end of file
diff --git a/frontend/modules/api/controllers/RegisterController.php b/frontend/modules/api/controllers/RegisterController.php
index 5a9e697..e887766 100644
--- a/frontend/modules/api/controllers/RegisterController.php
+++ b/frontend/modules/api/controllers/RegisterController.php
@@ -3,10 +3,16 @@
 namespace frontend\modules\api\controllers;
 
 use common\models\email\RegistrationEmail;
+use common\models\email\ResetPasswordEmail;
 use common\models\User;
 use common\services\EmailService;
+use Exception;
+use frontend\models\PasswordResetRequestForm;
+use frontend\models\ResetPasswordForm;
 use frontend\models\SignupForm;
 use Yii;
+use yii\base\InvalidParamException;
+use yii\web\BadRequestHttpException;
 
 class RegisterController extends ApiController
 {
@@ -78,4 +84,114 @@ class RegisterController extends ApiController
 
         return null;
     }
+
+    /**
+     *
+     * @OA\Post(path="/register/request-password-reset",
+     *   summary="Запросить сброс пароля",
+     *   description="Метод метод высылает токен сброса пароля на почтовый адрес",
+     *   tags={"Registration"},
+     *   @OA\RequestBody(
+     *     @OA\MediaType(
+     *       mediaType="multipart/form-data",
+     *       @OA\Schema(
+     *          required={"email"},
+     *          @OA\Property(
+     *              property="email",
+     *              type="string",
+     *              description="Электронная почта пользователя",
+     *          ),
+     *       ),
+     *     ),
+     *   ),
+     *   @OA\Response(
+     *     response=200,
+     *     description="Возвращает true в случае успеха",
+     *     @OA\MediaType(
+     *         mediaType="application/json",
+     *     ),
+     *   ),
+     * )
+     *
+     * @return bool|string
+     */
+    public function actionRequestPasswordReset()
+    {
+        $model = new PasswordResetRequestForm();
+
+        if ($model->load(Yii::$app->request->post(), '') & $model->validate()) {
+
+            /* @var $user User */
+            $user = User::findOne([
+                'status' => User::STATUS_ACTIVE,
+                'email' => $model->email,
+            ]);
+
+            if (!$user) {
+                return false;
+            }
+
+            if (!User::isPasswordResetTokenValid($user->password_reset_token)) {
+                $user->generatePasswordResetToken();
+                if (!$user->save()) {
+                    return false;
+                }
+            }
+
+            return $this->emailService->sendEmail(new ResetPasswordEmail($user));
+        }
+
+        return json_encode($model->getFirstErrors());
+    }
+
+    /**
+     *
+     * @OA\Post(path="/register/reset-password",
+     *   summary="Cброс пароля",
+     *   description="Метод сброса пароля",
+     *   tags={"Registration"},
+     *   @OA\RequestBody(
+     *     @OA\MediaType(
+     *       mediaType="multipart/form-data",
+     *       @OA\Schema(
+     *          required={"token", "password"},
+     *          @OA\Property(
+     *              property="token",
+     *              type="string",
+     *              description="Токен сброса пароля",
+     *          ),
+     *          @OA\Property(
+     *              property="password",
+     *              type="string",
+     *              description="Новый пароль пользователя",
+     *          ),
+     *       ),
+     *     ),
+     *   ),
+     *   @OA\Response(
+     *     response=200,
+     *     description="Возвращает сообщение об успехе",
+     *     @OA\MediaType(
+     *         mediaType="application/json",
+     *     ),
+     *   ),
+     * )
+     *
+     * @return array|string
+     * @throws BadRequestHttpException
+     */
+    public function actionResetPassword()
+    {
+        try {
+            $model = new ResetPasswordForm(Yii::$app->request->post()['token']);
+        } catch (Exception $e) {
+            throw new BadRequestHttpException($e->getMessage());
+        }
+
+        if ($model->load(Yii::$app->request->post(), '') & $model->validate() & $model->resetPassword()) {
+            return 'Success! New password saved.';
+        } else {
+            return $model->errors;
+        }
+    }
 }