Removed usage of laravel/ui dependency

Brings app auth controller handling aligned within the app, rather than
having many overrides of the framwork packages causing confusion and
messiness over time.

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -3,65 +3,87 @@
 namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Actions\ActivityType;
+use BookStack\Auth\Access\LoginService;
+use BookStack\Auth\User;
 use BookStack\Http\Controllers\Controller;
-use Illuminate\Foundation\Auth\ResetsPasswords;
+use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Str;
+use Illuminate\Validation\Rules\Password as PasswordRule;
 
 class ResetPasswordController extends Controller
 {
-    /*
-    |--------------------------------------------------------------------------
-    | Password Reset Controller
-    |--------------------------------------------------------------------------
-    |
-    | This controller is responsible for handling password reset requests
-    | and uses a simple trait to include this behavior. You're free to
-    | explore this trait and override any methods you wish to tweak.
-    |
-    */
-    use ResetsPasswords;
+    protected LoginService $loginService;
 
-    protected $redirectTo = '/';
-
-    /**
-     * Create a new controller instance.
-     *
-     * @return void
-     */
-    public function __construct()
+    public function __construct(LoginService $loginService)
     {
         $this->middleware('guest');
         $this->middleware('guard:standard');
+
+        $this->loginService = $loginService;
+    }
+
+    /**
+     * Display the password reset view for the given token.
+     * If no token is present, display the link request form.
+     */
+    public function showResetForm(Request $request)
+    {
+        $token = $request->route()->parameter('token');
+
+        return view('auth.passwords.reset')->with(
+            ['token' => $token, 'email' => $request->email]
+        );
+    }
+
+    /**
+     * Reset the given user's password.
+     */
+    public function reset(Request $request)
+    {
+        $request->validate([
+            'token' => 'required',
+            'email' => 'required|email',
+            'password' => ['required', 'confirmed', PasswordRule::defaults()],
+        ]);
+
+        // Here we will attempt to reset the user's password. If it is successful we
+        // will update the password on an actual user model and persist it to the
+        // database. Otherwise we will parse the error and return the response.
+        $credentials = $request->only('email', 'password', 'password_confirmation', 'token');
+        $response = Password::broker()->reset($credentials, function (User $user, string $password) {
+            $user->password = Hash::make($password);
+            $user->setRememberToken(Str::random(60));
+            $user->save();
+
+            $this->loginService->login($user, auth()->getDefaultDriver());
+        });
+
+        // If the password was successfully reset, we will redirect the user back to
+        // the application's home authenticated view. If there is an error we can
+        // redirect them back to where they came from with their error message.
+        return $response === Password::PASSWORD_RESET
+            ? $this->sendResetResponse()
+            : $this->sendResetFailedResponse($request, $response);
     }
 
     /**
      * Get the response for a successful password reset.
-     *
-     * @param Request $request
-     * @param string  $response
-     *
-     * @return \Illuminate\Http\Response
      */
-    protected function sendResetResponse(Request $request, $response)
+    protected function sendResetResponse(): RedirectResponse
     {
-        $message = trans('auth.reset_password_success');
-        $this->showSuccessNotification($message);
+        $this->showSuccessNotification(trans('auth.reset_password_success'));
         $this->logActivity(ActivityType::AUTH_PASSWORD_RESET_UPDATE, user());
 
-        return redirect($this->redirectPath())
-            ->with('status', trans($response));
+        return redirect('/');
     }
 
     /**
      * Get the response for a failed password reset.
-     *
-     * @param \Illuminate\Http\Request $request
-     * @param string                   $response
-     *
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
      */
-    protected function sendResetFailedResponse(Request $request, $response)
+    protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse
     {
         // We show invalid users as invalid tokens as to not leak what
         // users may exist in the system.