. */ namespace App\Http\Controllers\Api\Account; use Illuminate\Http\Request; use Illuminate\Support\Str; use Illuminate\Support\Facades\Log; use Carbon\Carbon; use App\AccountRecoveryToken; use App\Rules\PnParam; use App\Rules\PnPrid; use App\Rules\PnProvider; use App\Http\Controllers\Controller; use App\Http\Controllers\Account\AuthenticateController as WebAuthenticateController; use App\Libraries\FlexisipPusherConnector; class RecoveryTokenController extends Controller { public function sendByPush(Request $request) { $request->validate([ 'pn_provider' => ['required', new PnProvider], 'pn_param' => [new PnParam], 'pn_prid' => [new PnPrid], ]); $last = AccountRecoveryToken::where('pn_provider', $request->get('pn_provider')) ->where('pn_param', $request->get('pn_param')) ->where('pn_prid', $request->get('pn_prid')) ->where('created_at', '>=', Carbon::now()->subMinutes(config('app.account_recovery_token_retry_minutes'))->toDateTimeString()) ->where('used', true) ->latest() ->first(); if ($last) { Log::channel('events')->info('API: Token throttled', ['token' => $last->token]); abort(429, 'Last token requested too recently'); } $token = new AccountRecoveryToken; $token->token = Str::random(WebAuthenticateController::$emailCodeSize); $token->pn_provider = $request->get('pn_provider'); $token->pn_param = $request->get('pn_param'); $token->pn_prid = $request->get('pn_prid'); $token->fillRequestInfo($request); $fp = new FlexisipPusherConnector($token->pn_provider, $token->pn_param, $token->pn_prid); if ($fp->sendToken($token->token)) { Log::channel('events')->info('API: AccountRecoveryToken sent', ['token' => $token->token]); $token->save(); return; } abort(503, "Token not sent"); } }