Merge pull request ppy#10875 from nanaya/pass-active

Mark user active on password reset

app/Http/Controllers/PasswordResetController.php

@@ -11,6 +11,7 @@
 use App\Libraries\User\PasswordResetData;
 use App\Models\User;
 use App\Models\UserAccountHistory;
+use Carbon\CarbonImmutable;
 
 class PasswordResetController extends Controller
 {
@@ -124,6 +125,7 @@ public function update()
         }
 
         $user->validatePasswordConfirmation();
+        $params['user']['user_lastvisit'] = CarbonImmutable::now();
         if ($user->update($params['user'])) {
             $user->resetSessions();
             $this->login($user);

tests/Controllers/PasswordResetControllerTest.php

@@ -11,6 +11,7 @@
 use App\Libraries\User\PasswordResetData;
 use App\Mail\PasswordReset;
 use App\Models\User;
+use Carbon\CarbonImmutable;
 use Illuminate\Support\Facades\Mail;
 use Tests\TestCase;
 
@@ -194,6 +195,29 @@ public function testUpdateChangedPasswordExternally()
         $this->assertTrue($user->fresh()->checkPassword($newPassword));
     }
 
+    public function testUpdateFromInactive(): void
+    {
+        $changeTime = CarbonImmutable::now()->subMinutes(1);
+        $user = User::factory()->create(['user_lastvisit' => $changeTime->subYears(10)]);
+
+        $key = $this->generateKey($user);
+
+        $newPassword = static::randomPassword();
+
+        $this->put($this->path(), [
+            'key' => $key,
+            'user' => [
+                'password' => $newPassword,
+                'password_confirmation' => $newPassword,
+            ],
+            'username' => $user->username,
+        ])->assertRedirect(route('home'));
+
+        $user = $user->fresh();
+        $this->assertTrue($user->checkPassword($newPassword));
+        $this->assertTrue($user->user_lastvisit->greaterThan($changeTime));
+    }
+
     public function testUpdateInvalidUsername()
     {
         $user = User::factory()->create();