diff --git a/server-connection/geonet-console-deploy.tar.gz b/server-connection/geonet-console-deploy.tar.gz index 25350dc..7c4b667 100644 Binary files a/server-connection/geonet-console-deploy.tar.gz and b/server-connection/geonet-console-deploy.tar.gz differ diff --git a/server-connection/geonet-console/app/Http/Controllers/Api/V1/AuthController.php b/server-connection/geonet-console/app/Http/Controllers/Api/V1/AuthController.php index 08e1082..c5c8c63 100644 --- a/server-connection/geonet-console/app/Http/Controllers/Api/V1/AuthController.php +++ b/server-connection/geonet-console/app/Http/Controllers/Api/V1/AuthController.php @@ -7,6 +7,7 @@ use App\Http\Controllers\Controller; use App\Services\AuditLogService; use App\Services\LdapAuthService; use App\Services\LdapJwtService; +use App\Services\LdapPasswordResetService; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; @@ -17,7 +18,8 @@ class AuthController extends Controller public function __construct( private readonly LdapAuthService $ldapAuth, private readonly LdapJwtService $ldapJwt, - private readonly AuditLogService $audit + private readonly AuditLogService $audit, + private readonly LdapPasswordResetService $passwordReset, ) { } @@ -94,4 +96,25 @@ class AuthController extends Controller ], ]); } + + public function apiForgotPassword(Request $request): JsonResponse + { + $data = $request->validate([ + 'username' => ['required', 'string', 'max:100', 'regex:/^[a-zA-Z0-9._-]+$/'], + ]); + + try { + $this->passwordReset->sendResetLink($data['username']); + $this->audit->logPublic('api.v1.auth.password.forgot', $data['username'], $request, [ + 'username' => $data['username'], + 'source' => 'api', + ]); + } catch (\Throwable) { + // Do not reveal whether user exists or email failed. + } + + return $this->ok([ + 'message' => 'Jika akun ditemukan dan memiliki email terdaftar, link reset password telah dikirim. Link berlaku selama 60 menit.', + ]); + } }