1. class
  2. App
  3. \
  4. Http
  5. \
  6. Controllers
  7. \
  8. API
  9. \
  10. Auth
  11. \
  12. PasswordRecoveryController

PasswordRecoveryController

class PasswordRecoveryController extends Controller (View source)

Class PasswordRecoveryController.

Handles secure password recovery via email-based code validation. Implements rate limiting, expiration control, and session verification to ensure safe password reset flows.

Traits

AuthorizesRequests
DispatchesJobs
ValidatesRequests
JsonResponseTrait

Trait JsonResponseTrait.

ErrorLoggerTrait

Provides standardized and safe error logging with UTF-8 encoding, sensitive data masking, and controlled stack traces.

Constants

private EXPIRATION_MINUTES

private MAX_ATTEMPTS

private ATTEMPT_TTL_SECONDS

Properties

protected EmailService $emailService

Methods

JsonResponse
successResponse(array $data = [])

Return a 200 OK JSON response.

from  JsonResponseTrait
JsonResponse
createdResponse(array $data = [])

Return a 201 Created JSON response.

from  JsonResponseTrait
JsonResponse
acceptedResponse()

Return a 202 Accepted JSON response (request accepted for processing).

from  JsonResponseTrait
JsonResponse
noContentResponse()

Return a 204 No Content JSON response.

from  JsonResponseTrait
JsonResponse
resetContentResponse()

Return a 205 Reset Content JSON response.

from  JsonResponseTrait
JsonResponse
badRequestResponse(array $errors)

Return a 400 Bad Request JSON response.

from  JsonResponseTrait
JsonResponse
unauthorizedResponse(string $message = 'Não autorizado.')

Return a 401 Unauthorized JSON response.

from  JsonResponseTrait
JsonResponse
forbiddenResponse(string $message = 'Acesso negado.')

Return a 403 Forbidden JSON response.

from  JsonResponseTrait
JsonResponse
notFoundResponse(string $message = 'Recurso não encontrado.')

Return a 404 Not Found JSON response.

from  JsonResponseTrait
JsonResponse
conflictResponse(array $errors)

Return a 409 Conflict JSON response.

from  JsonResponseTrait
JsonResponse
validationErrorResponse(array $errors)

Return a 422 Unprocessable Entity JSON response for validation errors.

from  JsonResponseTrait
JsonResponse
tooManyRequestsResponse(string $message = 'Muitas requisições. Tente novamente mais tarde.')

Return a 429 Too Many Requests JSON response.

from  JsonResponseTrait
JsonResponse
internalErrorResponse(Throwable $e, string $message = 'Erro interno.')

Return a 500 Internal Server Error JSON response.

from  JsonResponseTrait
void
logError(string $message, Throwable $exception, array $context = [], string|null $channel = null)

Logs an error with consistent formatting and context.

from  ErrorLoggerTrait
array
sanitizeSensitiveData(array $data)

Masks common sensitive fields (e.g., passwords, tokens) in the given context array.

from  ErrorLoggerTrait
array
encodeStringsUtf8(array $data)

Recursively converts all string values to UTF-8.

from  ErrorLoggerTrait
string
getLimitedTrace(Throwable $exception, int $maxLines = 10)

Returns a string representation of the exception trace, limited to the given number of lines.

from  ErrorLoggerTrait
__construct(EmailService $emailService)

Initializes the controller with the email service dependency.

JsonResponse
sendCode(SendCodeRequest $request)

Sends a password recovery code to the user's email.

JsonResponse
resendCode(Request $request)

Resends a new recovery code using the stored session email.

JsonResponse
validateCode(ValidateCodeRequest $request)

Validates the recovery code and allows password reset if successful.

JsonResponse
resetPassword(ResetPasswordRequest $request)

Resets the user's password after successful code validation.

Details

in JsonResponseTrait at line 26
protected JsonResponse successResponse(array $data = [])

Return a 200 OK JSON response.

Parameters

array $data

response payload

Return Value

JsonResponse

in JsonResponseTrait at line 36
protected JsonResponse createdResponse(array $data = [])

Return a 201 Created JSON response.

Parameters

array $data

newly created resource data

Return Value

JsonResponse

in JsonResponseTrait at line 44
protected JsonResponse acceptedResponse()

Return a 202 Accepted JSON response (request accepted for processing).

Return Value

JsonResponse

in JsonResponseTrait at line 52
protected JsonResponse noContentResponse()

Return a 204 No Content JSON response.

Return Value

JsonResponse

in JsonResponseTrait at line 60
protected JsonResponse resetContentResponse()

Return a 205 Reset Content JSON response.

Return Value

JsonResponse

in JsonResponseTrait at line 70
protected JsonResponse badRequestResponse(array $errors)

Return a 400 Bad Request JSON response.

Parameters

array $errors

validation or request errors

Return Value

JsonResponse

in JsonResponseTrait at line 80
protected JsonResponse unauthorizedResponse(string $message = 'Não autorizado.')

Return a 401 Unauthorized JSON response.

Parameters

string $message

optional error message

Return Value

JsonResponse

in JsonResponseTrait at line 90
protected JsonResponse forbiddenResponse(string $message = 'Acesso negado.')

Return a 403 Forbidden JSON response.

Parameters

string $message

optional error message

Return Value

JsonResponse

in JsonResponseTrait at line 100
protected JsonResponse notFoundResponse(string $message = 'Recurso não encontrado.')

Return a 404 Not Found JSON response.

Parameters

string $message

optional error message

Return Value

JsonResponse

in JsonResponseTrait at line 110
protected JsonResponse conflictResponse(array $errors)

Return a 409 Conflict JSON response.

Parameters

array $errors

conflict details

Return Value

JsonResponse

in JsonResponseTrait at line 120
protected JsonResponse validationErrorResponse(array $errors)

Return a 422 Unprocessable Entity JSON response for validation errors.

Parameters

array $errors

validation error details

Return Value

JsonResponse

in JsonResponseTrait at line 130
protected JsonResponse tooManyRequestsResponse(string $message = 'Muitas requisições. Tente novamente mais tarde.')

Return a 429 Too Many Requests JSON response.

Parameters

string $message

optional rate limit message

Return Value

JsonResponse

in JsonResponseTrait at line 143
protected JsonResponse internalErrorResponse(Throwable $e, string $message = 'Erro interno.')

Return a 500 Internal Server Error JSON response.

Logs the exception and returns a standardized JSON error message.

Parameters

Throwable $e

the thrown exception
string $message

optional user-friendly message

Return Value

JsonResponse

in ErrorLoggerTrait at line 23
protected void logError(string $message, Throwable $exception, array $context = [], string|null $channel = null)

Logs an error with consistent formatting and context.

Parameters

string $message

descriptive error message
Throwable $exception

the thrown exception
array $context

additional context to include in the log
string|null $channel

Optional log channel (e.g., 'classes').

Return Value

void

in ErrorLoggerTrait at line 49
protected array sanitizeSensitiveData(array $data)

Masks common sensitive fields (e.g., passwords, tokens) in the given context array.

Parameters

array $data

Return Value

array

in ErrorLoggerTrait at line 69
protected array encodeStringsUtf8(array $data)

Recursively converts all string values to UTF-8.

Parameters

array $data

Return Value

array

in ErrorLoggerTrait at line 84
protected string getLimitedTrace(Throwable $exception, int $maxLines = 10)

Returns a string representation of the exception trace, limited to the given number of lines.

Parameters

Throwable $exception
int $maxLines

Return Value

string

at line 48
__construct(EmailService $emailService)

Initializes the controller with the email service dependency.

Parameters

EmailService $emailService

service responsible for sending recovery emails

at line 64
JsonResponse sendCode(SendCodeRequest $request)

Sends a password recovery code to the user's email.

Starts a new recovery session.

Parameters

SendCodeRequest $request

validated request containing the user's email

Return Value

JsonResponse

redirects to the code input form or returns an error

Exceptions

ModelNotFoundException
RuntimeException

at line 93
JsonResponse resendCode(Request $request)

Resends a new recovery code using the stored session email.

Parameters

Request $request

HTTP request containing the session data

Return Value

JsonResponse

success response or session error

at line 130
JsonResponse validateCode(ValidateCodeRequest $request)

Validates the recovery code and allows password reset if successful.

Parameters

ValidateCodeRequest $request

validated request containing the recovery code

Return Value

JsonResponse

redirects to the password reset form or returns an error

at line 188
JsonResponse resetPassword(ResetPasswordRequest $request)

Resets the user's password after successful code validation.

Parameters

ResetPasswordRequest $request

validated request containing the new password

Return Value

JsonResponse

redirects to the login route or returns an error