api changes forgot password email, mob no

This commit is contained in:
mohanmd 2026-06-22 11:02:35 +05:30
parent 9d8b35326d
commit 8444347fb1
5 changed files with 98 additions and 11 deletions

View File

@ -317,12 +317,11 @@ public function forgotPassword(Request $request)
$sponsor = Sponsor::where('mobile', $request->mobile)->first();
}
// Prevent email enumeration — always return success
if (!$sponsor || !$sponsor->email) {
return response()->json([
'success' => true,
'message' => 'If an account with that contact exists, a reset OTP has been sent.',
]);
'success' => false,
'message' => 'user not found this email id',
], 404);
}
$otp = (string) mt_rand(100000, 999999);

View File

@ -1234,12 +1234,11 @@ public function forgotPassword(Request $request)
$worker = Worker::where('phone', $request->phone)->first();
// Always return success to prevent phone enumeration
if (!$worker) {
return response()->json([
'success' => true,
'message' => 'If an account with that mobile number exists, a reset OTP has been sent.',
]);
'success' => false,
'message' => 'user not found this mobile number',
], 404);
}
$otp = (string) mt_rand(100000, 999999);

View File

@ -5090,7 +5090,7 @@
},
"responses": {
"200": {
"description": "OTP sent successfully (response is identical whether account exists or not, to prevent enumeration)",
"description": "OTP sent successfully.",
"content": {
"application/json": {
"schema": {
@ -5109,6 +5109,26 @@
}
}
},
"404": {
"description": "Worker account not found with the provided mobile number.",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"example": false
},
"message": {
"type": "string",
"example": "user not found this mobile number"
}
}
}
}
}
},
"422": {
"description": "Validation error — phone is required"
}
@ -5298,7 +5318,44 @@
},
"responses": {
"200": {
"description": "OTP sent (response identical whether account exists or not)"
"description": "OTP sent successfully.",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"example": true
},
"message": {
"type": "string",
"example": "If an account with that contact exists, a reset OTP has been sent."
}
}
}
}
}
},
"404": {
"description": "Sponsor account not found with the provided email or mobile.",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"example": false
},
"message": {
"type": "string",
"example": "user not found this email id"
}
}
}
}
}
},
"422": {
"description": "Validation error — email or mobile required"

View File

@ -571,4 +571,36 @@ public function test_sponsor_registration_with_emirates_id_and_separate_license(
$sponsor->refresh();
$this->assertEquals('2028-06-12 00:00:00', $sponsor->license_expiry->toDateTimeString());
}
/**
* Test worker forgot password user not found error.
*/
public function test_worker_forgot_password_user_not_found()
{
$response = $this->postJson('/api/workers/forgot-password', [
'phone' => '+971501111111',
]);
$response->assertStatus(404)
->assertJson([
'success' => false,
'message' => 'user not found this mobile number',
]);
}
/**
* Test sponsor forgot password user not found error.
*/
public function test_sponsor_forgot_password_user_not_found()
{
$response = $this->postJson('/api/sponsors/forgot-password', [
'email' => 'nonexistent.sponsor@example.com',
]);
$response->assertStatus(404)
->assertJson([
'success' => false,
'message' => 'user not found this email id',
]);
}
}

View File

@ -23,7 +23,7 @@ export default defineConfig({
port: 5173,
cors: true,
hmr: {
host: '192.168.29.131',
host: '192.168.29.193',
},
watch: {
ignored: ['**/storage/framework/views/**'],