api changes forgot password email, mob no

This commit is contained in:
mohanmd 2026-06-22 11:02:35 +05:30
parent 9d8b35326d
commit 8444347fb1
5 changed files with 98 additions and 11 deletions

View File

@ -317,12 +317,11 @@ public function forgotPassword(Request $request)
$sponsor = Sponsor::where('mobile', $request->mobile)->first(); $sponsor = Sponsor::where('mobile', $request->mobile)->first();
} }
// Prevent email enumeration — always return success
if (!$sponsor || !$sponsor->email) { if (!$sponsor || !$sponsor->email) {
return response()->json([ return response()->json([
'success' => true, 'success' => false,
'message' => 'If an account with that contact exists, a reset OTP has been sent.', 'message' => 'user not found this email id',
]); ], 404);
} }
$otp = (string) mt_rand(100000, 999999); $otp = (string) mt_rand(100000, 999999);

View File

@ -1234,12 +1234,11 @@ public function forgotPassword(Request $request)
$worker = Worker::where('phone', $request->phone)->first(); $worker = Worker::where('phone', $request->phone)->first();
// Always return success to prevent phone enumeration
if (!$worker) { if (!$worker) {
return response()->json([ return response()->json([
'success' => true, 'success' => false,
'message' => 'If an account with that mobile number exists, a reset OTP has been sent.', 'message' => 'user not found this mobile number',
]); ], 404);
} }
$otp = (string) mt_rand(100000, 999999); $otp = (string) mt_rand(100000, 999999);

View File

@ -5090,7 +5090,7 @@
}, },
"responses": { "responses": {
"200": { "200": {
"description": "OTP sent successfully (response is identical whether account exists or not, to prevent enumeration)", "description": "OTP sent successfully.",
"content": { "content": {
"application/json": { "application/json": {
"schema": { "schema": {
@ -5109,6 +5109,26 @@
} }
} }
}, },
"404": {
"description": "Worker account not found with the provided mobile number.",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"example": false
},
"message": {
"type": "string",
"example": "user not found this mobile number"
}
}
}
}
}
},
"422": { "422": {
"description": "Validation error — phone is required" "description": "Validation error — phone is required"
} }
@ -5298,7 +5318,44 @@
}, },
"responses": { "responses": {
"200": { "200": {
"description": "OTP sent (response identical whether account exists or not)" "description": "OTP sent successfully.",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"example": true
},
"message": {
"type": "string",
"example": "If an account with that contact exists, a reset OTP has been sent."
}
}
}
}
}
},
"404": {
"description": "Sponsor account not found with the provided email or mobile.",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"example": false
},
"message": {
"type": "string",
"example": "user not found this email id"
}
}
}
}
}
}, },
"422": { "422": {
"description": "Validation error — email or mobile required" "description": "Validation error — email or mobile required"

View File

@ -571,4 +571,36 @@ public function test_sponsor_registration_with_emirates_id_and_separate_license(
$sponsor->refresh(); $sponsor->refresh();
$this->assertEquals('2028-06-12 00:00:00', $sponsor->license_expiry->toDateTimeString()); $this->assertEquals('2028-06-12 00:00:00', $sponsor->license_expiry->toDateTimeString());
} }
/**
* Test worker forgot password user not found error.
*/
public function test_worker_forgot_password_user_not_found()
{
$response = $this->postJson('/api/workers/forgot-password', [
'phone' => '+971501111111',
]);
$response->assertStatus(404)
->assertJson([
'success' => false,
'message' => 'user not found this mobile number',
]);
}
/**
* Test sponsor forgot password user not found error.
*/
public function test_sponsor_forgot_password_user_not_found()
{
$response = $this->postJson('/api/sponsors/forgot-password', [
'email' => 'nonexistent.sponsor@example.com',
]);
$response->assertStatus(404)
->assertJson([
'success' => false,
'message' => 'user not found this email id',
]);
}
} }

View File

@ -23,7 +23,7 @@ export default defineConfig({
port: 5173, port: 5173,
cors: true, cors: true,
hmr: { hmr: {
host: '192.168.29.131', host: '192.168.29.193',
}, },
watch: { watch: {
ignored: ['**/storage/framework/views/**'], ignored: ['**/storage/framework/views/**'],