From 8444347fb1341f7905a12adeba7a737418ecbade Mon Sep 17 00:00:00 2001 From: mohanmd Date: Mon, 22 Jun 2026 11:02:35 +0530 Subject: [PATCH] api changes forgot password email, mob no --- .../Controllers/Api/SponsorAuthController.php | 7 +-- .../Controllers/Api/WorkerAuthController.php | 7 +-- public/swagger.json | 61 ++++++++++++++++++- tests/Feature/SponsorAuthApiTest.php | 32 ++++++++++ vite.config.js | 2 +- 5 files changed, 98 insertions(+), 11 deletions(-) diff --git a/app/Http/Controllers/Api/SponsorAuthController.php b/app/Http/Controllers/Api/SponsorAuthController.php index 831c8b7..f16bff0 100644 --- a/app/Http/Controllers/Api/SponsorAuthController.php +++ b/app/Http/Controllers/Api/SponsorAuthController.php @@ -317,12 +317,11 @@ public function forgotPassword(Request $request) $sponsor = Sponsor::where('mobile', $request->mobile)->first(); } - // Prevent email enumeration — always return success if (!$sponsor || !$sponsor->email) { return response()->json([ - 'success' => true, - 'message' => 'If an account with that contact exists, a reset OTP has been sent.', - ]); + 'success' => false, + 'message' => 'user not found this email id', + ], 404); } $otp = (string) mt_rand(100000, 999999); diff --git a/app/Http/Controllers/Api/WorkerAuthController.php b/app/Http/Controllers/Api/WorkerAuthController.php index 3e643e4..cee8412 100644 --- a/app/Http/Controllers/Api/WorkerAuthController.php +++ b/app/Http/Controllers/Api/WorkerAuthController.php @@ -1234,12 +1234,11 @@ public function forgotPassword(Request $request) $worker = Worker::where('phone', $request->phone)->first(); - // Always return success to prevent phone enumeration if (!$worker) { return response()->json([ - 'success' => true, - 'message' => 'If an account with that mobile number exists, a reset OTP has been sent.', - ]); + 'success' => false, + 'message' => 'user not found this mobile number', + ], 404); } $otp = (string) mt_rand(100000, 999999); diff --git a/public/swagger.json b/public/swagger.json index 08b8665..1c41e89 100644 --- a/public/swagger.json +++ b/public/swagger.json @@ -5090,7 +5090,7 @@ }, "responses": { "200": { - "description": "OTP sent successfully (response is identical whether account exists or not, to prevent enumeration)", + "description": "OTP sent successfully.", "content": { "application/json": { "schema": { @@ -5109,6 +5109,26 @@ } } }, + "404": { + "description": "Worker account not found with the provided mobile number.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "success": { + "type": "boolean", + "example": false + }, + "message": { + "type": "string", + "example": "user not found this mobile number" + } + } + } + } + } + }, "422": { "description": "Validation error — phone is required" } @@ -5298,7 +5318,44 @@ }, "responses": { "200": { - "description": "OTP sent (response identical whether account exists or not)" + "description": "OTP sent successfully.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "success": { + "type": "boolean", + "example": true + }, + "message": { + "type": "string", + "example": "If an account with that contact exists, a reset OTP has been sent." + } + } + } + } + } + }, + "404": { + "description": "Sponsor account not found with the provided email or mobile.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "success": { + "type": "boolean", + "example": false + }, + "message": { + "type": "string", + "example": "user not found this email id" + } + } + } + } + } }, "422": { "description": "Validation error — email or mobile required" diff --git a/tests/Feature/SponsorAuthApiTest.php b/tests/Feature/SponsorAuthApiTest.php index 7dc636d..2c0ef96 100644 --- a/tests/Feature/SponsorAuthApiTest.php +++ b/tests/Feature/SponsorAuthApiTest.php @@ -571,4 +571,36 @@ public function test_sponsor_registration_with_emirates_id_and_separate_license( $sponsor->refresh(); $this->assertEquals('2028-06-12 00:00:00', $sponsor->license_expiry->toDateTimeString()); } + + /** + * Test worker forgot password user not found error. + */ + public function test_worker_forgot_password_user_not_found() + { + $response = $this->postJson('/api/workers/forgot-password', [ + 'phone' => '+971501111111', + ]); + + $response->assertStatus(404) + ->assertJson([ + 'success' => false, + 'message' => 'user not found this mobile number', + ]); + } + + /** + * Test sponsor forgot password user not found error. + */ + public function test_sponsor_forgot_password_user_not_found() + { + $response = $this->postJson('/api/sponsors/forgot-password', [ + 'email' => 'nonexistent.sponsor@example.com', + ]); + + $response->assertStatus(404) + ->assertJson([ + 'success' => false, + 'message' => 'user not found this email id', + ]); + } } diff --git a/vite.config.js b/vite.config.js index fa54835..0727c05 100644 --- a/vite.config.js +++ b/vite.config.js @@ -23,7 +23,7 @@ export default defineConfig({ port: 5173, cors: true, hmr: { - host: '192.168.29.131', + host: '192.168.29.193', }, watch: { ignored: ['**/storage/framework/views/**'],