feat: shop UX polish — password reset / order email / multi-image / customer admin

Shop password reset:
- Configured 'shop_customers' password broker on the existing
  password_reset_tokens table
- ShopCustomer::sendPasswordResetNotification overrides Laravel default to
  send a ShopPasswordResetMail with a tenant-subdomain reset URL
- Routes /shop/password/forgot, /shop/password/email, /shop/password/reset/{token}
  + ShopAuthController showForgotPassword/sendResetLink/showResetPassword/
  resetPassword. Forgot view stays generic ("if it exists, we sent…") to avoid
  email enumeration. Login view links to "Am uitat parola".

Order confirmation email:
- ShopOrderConfirmationMail + nicely formatted HTML email template
- ShopOrderNotifier::placed now also emails customer_email (best-effort,
  warning-only logged on failure) alongside existing Telegram + staff push

Multiple images per Part:
- Part media collection switched from singleFile to multiple (max 8 in form)
- imageUrls() helper for galleries; imageUrl() still returns first for cards
- PartResource form: reorderable multi-upload
- Shop part detail: vertical thumbnails switch the main image via vanilla JS

ShopCustomerResource (tenant Filament, "Magazin" nav group):
- List with name/phone/email/client_id/orders_count/last_login_at
- Edit (no password field exposed)
- "Trimite reset parolă" action uses the new broker
- OrdersRelationManager shows the customer's orders read-only

Tests (7 new):
- forgot sends mail; forgot doesn't disclose unknown email; reset with valid
  token changes password; bad token rejected; order email when customer_email
  set; email skipped without it; Part has imageUrls() collection

Full suite: 130 passed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-03 06:14:45 +00:00
parent fca4f75e9c
commit 3da1f5412a
20 changed files with 703 additions and 8 deletions
@@ -5,10 +5,13 @@ namespace App\Http\Controllers;
use App\Models\Tenant\Client;
use App\Models\Tenant\ShopCustomer;
use App\Tenancy\TenantManager;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class ShopAuthController extends Controller
@@ -117,6 +120,61 @@ class ShopAuthController extends Controller
]);
}
public function showForgotPassword()
{
$tenant = $this->tenantOrFail();
return view('shop.auth.forgot', ['tenant' => $tenant, 'cartCount' => $this->cartCount()]);
}
public function sendResetLink(Request $request)
{
$this->tenantOrFail();
$data = $request->validate(['email' => 'required|email']);
// Send (always returns generic "sent" message — don't disclose if email exists).
Password::broker('shop_customers')->sendResetLink(['email' => $data['email']]);
return back()->with('status', 'Dacă există un cont cu acest email, am trimis un link de resetare.');
}
public function showResetPassword(string $token, Request $request)
{
$tenant = $this->tenantOrFail();
return view('shop.auth.reset', [
'tenant' => $tenant,
'token' => $token,
'email' => $request->query('email'),
'cartCount' => $this->cartCount(),
]);
}
public function resetPassword(Request $request)
{
$this->tenantOrFail();
$data = $request->validate([
'token' => 'required|string',
'email' => 'required|email',
'password' => 'required|string|min:6|confirmed',
]);
$status = Password::broker('shop_customers')->reset(
$data,
function (ShopCustomer $customer, string $password) {
$customer->forceFill([
'password' => Hash::make($password),
'remember_token' => Str::random(60),
])->save();
event(new PasswordReset($customer));
}
);
if ($status === Password::PASSWORD_RESET) {
return redirect('/shop/login')->with('status', 'Parola a fost resetată. Te poți loga acum.');
}
return back()->withErrors(['email' => 'Link invalid sau expirat. Cere unul nou.'])->withInput();
}
private function cartCount(): int
{
$tenant = app(TenantManager::class)->current();