public function handle(Request $request)
{
$input = $request->getParsedBody();
$token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
$password = array_get($input, 'password');
try {
// todo: probably shouldn't use the user validator for this,
// passwords should be validated separately
$this->validator->assertValid(compact('password'));
$validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
if ($validator->fails()) {
throw new ValidationException($validator);
}
} catch (ValidationException $e) {
$request->getAttribute('session')->set('error', $e->errors()->first());
return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
}
$token->user->changePassword($password);
$token->user->save();
$token->delete();
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $token->user->id);
return new RedirectResponse($this->url->toBase());
}