api changes forgot password email, mob no
This commit is contained in:
parent
9d8b35326d
commit
8444347fb1
@ -317,12 +317,11 @@ public function forgotPassword(Request $request)
|
||||
$sponsor = Sponsor::where('mobile', $request->mobile)->first();
|
||||
}
|
||||
|
||||
// Prevent email enumeration — always return success
|
||||
if (!$sponsor || !$sponsor->email) {
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'message' => 'If an account with that contact exists, a reset OTP has been sent.',
|
||||
]);
|
||||
'success' => false,
|
||||
'message' => 'user not found this email id',
|
||||
], 404);
|
||||
}
|
||||
|
||||
$otp = (string) mt_rand(100000, 999999);
|
||||
|
||||
@ -1234,12 +1234,11 @@ public function forgotPassword(Request $request)
|
||||
|
||||
$worker = Worker::where('phone', $request->phone)->first();
|
||||
|
||||
// Always return success to prevent phone enumeration
|
||||
if (!$worker) {
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'message' => 'If an account with that mobile number exists, a reset OTP has been sent.',
|
||||
]);
|
||||
'success' => false,
|
||||
'message' => 'user not found this mobile number',
|
||||
], 404);
|
||||
}
|
||||
|
||||
$otp = (string) mt_rand(100000, 999999);
|
||||
|
||||
@ -5090,7 +5090,7 @@
|
||||
},
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OTP sent successfully (response is identical whether account exists or not, to prevent enumeration)",
|
||||
"description": "OTP sent successfully.",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
@ -5109,6 +5109,26 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"404": {
|
||||
"description": "Worker account not found with the provided mobile number.",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"success": {
|
||||
"type": "boolean",
|
||||
"example": false
|
||||
},
|
||||
"message": {
|
||||
"type": "string",
|
||||
"example": "user not found this mobile number"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"422": {
|
||||
"description": "Validation error — phone is required"
|
||||
}
|
||||
@ -5298,7 +5318,44 @@
|
||||
},
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OTP sent (response identical whether account exists or not)"
|
||||
"description": "OTP sent successfully.",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"success": {
|
||||
"type": "boolean",
|
||||
"example": true
|
||||
},
|
||||
"message": {
|
||||
"type": "string",
|
||||
"example": "If an account with that contact exists, a reset OTP has been sent."
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"404": {
|
||||
"description": "Sponsor account not found with the provided email or mobile.",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"success": {
|
||||
"type": "boolean",
|
||||
"example": false
|
||||
},
|
||||
"message": {
|
||||
"type": "string",
|
||||
"example": "user not found this email id"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"422": {
|
||||
"description": "Validation error — email or mobile required"
|
||||
|
||||
@ -571,4 +571,36 @@ public function test_sponsor_registration_with_emirates_id_and_separate_license(
|
||||
$sponsor->refresh();
|
||||
$this->assertEquals('2028-06-12 00:00:00', $sponsor->license_expiry->toDateTimeString());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test worker forgot password user not found error.
|
||||
*/
|
||||
public function test_worker_forgot_password_user_not_found()
|
||||
{
|
||||
$response = $this->postJson('/api/workers/forgot-password', [
|
||||
'phone' => '+971501111111',
|
||||
]);
|
||||
|
||||
$response->assertStatus(404)
|
||||
->assertJson([
|
||||
'success' => false,
|
||||
'message' => 'user not found this mobile number',
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test sponsor forgot password user not found error.
|
||||
*/
|
||||
public function test_sponsor_forgot_password_user_not_found()
|
||||
{
|
||||
$response = $this->postJson('/api/sponsors/forgot-password', [
|
||||
'email' => 'nonexistent.sponsor@example.com',
|
||||
]);
|
||||
|
||||
$response->assertStatus(404)
|
||||
->assertJson([
|
||||
'success' => false,
|
||||
'message' => 'user not found this email id',
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,7 +23,7 @@ export default defineConfig({
|
||||
port: 5173,
|
||||
cors: true,
|
||||
hmr: {
|
||||
host: '192.168.29.131',
|
||||
host: '192.168.29.193',
|
||||
},
|
||||
watch: {
|
||||
ignored: ['**/storage/framework/views/**'],
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user