Merge pull request #3523 from matecat/forgot-password-fix

Fix forgot password endpoint
matecat · Aug 29, 2024 · 1d3b3ea · 1d3b3ea
2 parents efe0ea7 + 6a55810
commit 1d3b3ea
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/lib/Controller/API/App/SignupController.php b/lib/Controller/API/App/SignupController.php
@@ -142,8 +142,8 @@ public function resendEmailConfirm() {
      */
     public function forgotPassword() {
 
-        $checkRateLimitEmail = $this->checkRateLimitResponse( $this->response, $this->request->param( 'email' ), '/api/app/user/forgot_password', 5 );
-        $checkRateLimitIp    = $this->checkRateLimitResponse( $this->response, Utils::getRealIpAddr(), '/api/app/user/forgot_password', 5 );
+        $checkRateLimitEmail = $this->checkRateLimitResponse( $this->response, $this->request->param( 'email' ) ?? "BLANK_EMAIL", '/api/app/user/forgot_password', 5 );
+        $checkRateLimitIp    = $this->checkRateLimitResponse( $this->response, Utils::getRealIpAddr() ?? "127.0.0.1", '/api/app/user/forgot_password', 5 );
 
         if ( $checkRateLimitIp instanceof Response ) {
             $this->response = $checkRateLimitIp;
@@ -159,13 +159,14 @@ public function forgotPassword() {
 
         $doForgotPassword = $this->doForgotPassword();
 
-        $this->incrementRateLimitCounter( $this->request->param( 'email' ), '/api/app/user/forgot_password' );
+        $this->incrementRateLimitCounter( $this->request->param( 'email' ) ?? "BLANK_EMAIL", '/api/app/user/forgot_password' );
+        $this->incrementRateLimitCounter( Utils::getRealIpAddr() ?? "127.0.0.1", '/api/app/user/forgot_password' );
 
-        $this->response->code( empty( $doForgotPassword ) ? 200 : 500 );
+        $this->response->code( $doForgotPassword['code'] );
         $this->response->json( [
                 'email'      => $this->request->param( 'email' ),
                 'wanted_url' => $this->request->param( 'wanted_url' ),
-                'errors'     => $doForgotPassword,
+                'errors'     => $doForgotPassword['errors'],
         ] );
     }
 
@@ -177,21 +178,26 @@ private function doForgotPassword() {
         $email      = $this->request->param( 'email' );
         $wanted_url = $this->request->param( 'wanted_url' );
         $errors     = [];
+        $code       = 200;
 
         if ( !$email ) {
             $errors[] = 'email is a mandatary field.';
+            $code = 400;
         }
 
         if ( !$wanted_url ) {
             $errors[] = 'wanted_url is a mandatary field.';
+            $code = 400;
         }
 
         if ( !filter_var( $email, FILTER_VALIDATE_EMAIL ) ) {
             $errors[] = 'email is not valid.';
+            $code = 400;
         }
 
         if ( !filter_var( $wanted_url, FILTER_VALIDATE_URL ) ) {
             $errors[] = 'wanted_url is not a valid URL.';
+            $code = 400;
         }
 
         if ( empty( $errors ) ) {
@@ -201,10 +207,14 @@ private function doForgotPassword() {
                 }
             } catch ( Exception $exception ) {
                 $errors[] = 'Error updating database.';
+                $code = $exception->getCode() > 0 ? $exception->getCode() : 500;
             }
         }
 
-        return $errors;
+        return [
+            'errors' => $errors,
+            'code' => $code,
+        ];
     }