diff --git a/server-connection/geonet-console-deploy.tar.gz b/server-connection/geonet-console-deploy.tar.gz index c4fb8c7..25350dc 100644 Binary files a/server-connection/geonet-console-deploy.tar.gz and b/server-connection/geonet-console-deploy.tar.gz differ diff --git a/server-connection/geonet-console/app/Http/Controllers/AuthController.php b/server-connection/geonet-console/app/Http/Controllers/AuthController.php index 683ccd5..5de4933 100644 --- a/server-connection/geonet-console/app/Http/Controllers/AuthController.php +++ b/server-connection/geonet-console/app/Http/Controllers/AuthController.php @@ -5,6 +5,7 @@ namespace App\Http\Controllers; use App\Services\AuditLogService; use App\Services\LdapAuthService; use App\Services\LdapPasswordResetService; +use Illuminate\Http\JsonResponse; use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; use Illuminate\View\View; @@ -100,6 +101,28 @@ class AuthController extends Controller ); } + public function apiForgotPassword(Request $request): JsonResponse + { + $data = $request->validate([ + 'username' => ['required', 'string', 'max:100', 'regex:/^[a-zA-Z0-9._-]+$/'], + ]); + + try { + $this->passwordReset->sendResetLink($data['username']); + $this->audit->logPublic('auth.password.forgot', $data['username'], $request, [ + 'username' => $data['username'], + 'source' => 'api', + ]); + } catch (\Throwable) { + // Do not reveal whether user exists or email failed. + } + + return response()->json([ + 'data' => ['message' => 'Jika akun ditemukan dan memiliki email terdaftar, link reset password telah dikirim.'], + 'error' => null, + ]); + } + public function showResetPassword(string $token): View|RedirectResponse { $username = $this->passwordReset->validateToken($token); diff --git a/server-connection/geonet-console/routes/api.php b/server-connection/geonet-console/routes/api.php index e74fe08..148d7a0 100644 --- a/server-connection/geonet-console/routes/api.php +++ b/server-connection/geonet-console/routes/api.php @@ -17,6 +17,9 @@ Route::prefix('v1')->group(function () { Route::post('/auth/refresh', [AuthController::class, 'refresh']) ->middleware('throttle:30,1') ->name('api.v1.auth.refresh'); + Route::post('/auth/forgot-password', [AuthController::class, 'apiForgotPassword']) + ->middleware('throttle:3,1') + ->name('api.v1.auth.forgot-password'); Route::get('/auth/token-guide', [TokenGuideController::class, 'show']) ->name('api.v1.auth.token-guide');