From b9330cf6b1a31fedc82daffd8adf79181b08544a Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 26 Oct 2020 14:55:18 -0700
Subject: [PATCH 01/25] Fixed #8613 - 500 error on deleted users API call

---
 app/Http/Controllers/Api/UsersController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index a130eaa1db..153c20f17b 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -67,7 +67,7 @@ class UsersController extends Controller
 
 
         if (($request->filled('deleted')) && ($request->input('deleted')=='true')) {
-            $users = $users->GetDeleted();
+            $users = $users->onlyTrashed();
         }
 
         if ($request->filled('company_id')) {

From f42bd3a144903a16949f1e8afe095aafd584654e Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 26 Oct 2020 14:58:45 -0700
Subject: [PATCH 02/25] Fixed #8613 - Added deleted_at to user API response,
 added all=true to include deleted and not-deleted in one call

---
 app/Http/Controllers/Api/UsersController.php | 2 ++
 app/Http/Transformers/UsersTransformer.php   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 153c20f17b..63ed6ccfc3 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -68,6 +68,8 @@ class UsersController extends Controller
 
         if (($request->filled('deleted')) && ($request->input('deleted')=='true')) {
             $users = $users->onlyTrashed();
+        } elseif (($request->filled('all')) && ($request->input('deleted')=='true')) {
+            $users = $users->withTrashed();
         }
 
         if ($request->filled('company_id')) {
diff --git a/app/Http/Transformers/UsersTransformer.php b/app/Http/Transformers/UsersTransformer.php
index 5f844d5883..9a8b0a098f 100644
--- a/app/Http/Transformers/UsersTransformer.php
+++ b/app/Http/Transformers/UsersTransformer.php
@@ -54,7 +54,6 @@ class UsersTransformer
                 'activated' => ($user->activated =='1') ? true : false,
                 'two_factor_activated' => ($user->two_factor_active()) ? true : false,
                 'two_factor_enrolled' => ($user->two_factor_active_and_enrolled()) ? true : false,
-
                 'assets_count' => (int) $user->assets_count,
                 'licenses_count' => (int) $user->licenses_count,
                 'accessories_count' => (int) $user->accessories_count,
@@ -63,6 +62,7 @@ class UsersTransformer
                 'created_at' => Helper::getFormattedDateObject($user->created_at, 'datetime'),
                 'updated_at' => Helper::getFormattedDateObject($user->updated_at, 'datetime'),
                 'last_login' => Helper::getFormattedDateObject($user->last_login, 'datetime'),
+                'deleted_at' => ($user->deleted_at) ?  Helper::getFormattedDateObject($user->deleted_at, 'datetime') : null,
             ];
 
         $permissions_array['available_actions'] = [

From 001bb3cbe2b95a3bd4fe343373cac38eaa5e6e01 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 26 Oct 2020 15:04:22 -0700
Subject: [PATCH 03/25] =?UTF-8?q?Bumped=20version=20to=20=E2=80=9Cpre?=
 =?UTF-8?q?=E2=80=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/version.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/version.php b/config/version.php
index 7a7d8682ff..14f77804c4 100644
--- a/config/version.php
+++ b/config/version.php
@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v5.0.4',
-  'full_app_version' => 'v5.0.4 - build 5452-gc93f4ef0d',
-  'build_version' => '5452',
+  'app_version' => 'v5.0.5-pre',
+  'full_app_version' => 'v5.0.5-pre - build 5457-',
+  'build_version' => '5457',
   'prerelease_version' => '',
-  'hash_version' => 'gc93f4ef0d',
-  'full_hash' => 'v5.0.4-7-gc93f4ef0d',
+  'hash_version' => '',
+  'full_hash' => 'v5.0.5-pre',
   'branch' => 'develop',
 );
\ No newline at end of file

From 72facffcbedb41841b935b50720c1a3f7fa2bae5 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 26 Oct 2020 15:09:02 -0700
Subject: [PATCH 04/25] Fixed demo settings value for support_footer

---
 app/Console/Commands/ResetDemoSettings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Console/Commands/ResetDemoSettings.php b/app/Console/Commands/ResetDemoSettings.php
index ad422a613d..80e6bc173b 100644
--- a/app/Console/Commands/ResetDemoSettings.php
+++ b/app/Console/Commands/ResetDemoSettings.php
@@ -64,7 +64,7 @@ class ResetDemoSettings extends Command
         $settings->thumbnail_max_h = '30';
         $settings->locale = 'en';
         $settings->version_footer = 'on';
-        $settings->support_footer = 'on';
+        $settings->support_footer = null;
         $settings->saml_enabled = '0';
         $settings->saml_sp_entitiyid = '0';
         $settings->saml_sp_acs_url = null;

From 502322be4b91cd6a43cd446886d1463eb7079309 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 16:08:38 -0800
Subject: [PATCH 05/25] Fixed v5 500 server error when requesting multiple
 [ch15345]

---
 app/Http/Controllers/ViewAssetsController.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Http/Controllers/ViewAssetsController.php b/app/Http/Controllers/ViewAssetsController.php
index 37bc95b590..1525e73dbb 100755
--- a/app/Http/Controllers/ViewAssetsController.php
+++ b/app/Http/Controllers/ViewAssetsController.php
@@ -10,8 +10,7 @@ use App\Models\User;
 use App\Notifications\RequestAssetCancelation;
 use App\Notifications\RequestAssetNotification;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Input;
-use Redirect;
+use Illuminate\Http\Request;
 
 /**
  * This controller handles all actions related to the ability for users

From 6554903aeb2db4a11c0671cedf6b6b4f0c3520b7 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 17:46:09 -0800
Subject: [PATCH 06/25] =?UTF-8?q?Removed=20=E2=80=9Cuse=20slack=E2=80=9D?=
 =?UTF-8?q?=20debugging=20code?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Notifications/RequestAssetNotification.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/Notifications/RequestAssetNotification.php b/app/Notifications/RequestAssetNotification.php
index 8c0c7d8505..b78f5eeb93 100644
--- a/app/Notifications/RequestAssetNotification.php
+++ b/app/Notifications/RequestAssetNotification.php
@@ -62,11 +62,9 @@ class RequestAssetNotification extends Notification
         $notifyBy = [];
 
         if (Setting::getSettings()->slack_endpoint!='') {
-            \Log::debug('use slack');
             $notifyBy[] = 'slack';
         }
 
-
         $notifyBy[] = 'mail';
 
         return $notifyBy;

From 42347d0f0c474391eb66c196c0c88d0994c91f58 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 17:46:30 -0800
Subject: [PATCH 07/25] Added validation language for same_pwd_as_user_fields

---
 resources/lang/en/validation.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php
index 31ba3761e8..d7ddb8c0d1 100644
--- a/resources/lang/en/validation.php
+++ b/resources/lang/en/validation.php
@@ -99,6 +99,7 @@ return array(
     'url'                  => 'The :attribute format is invalid.',
     "unique_undeleted"     => "The :attribute must be unique.",
     "import_field_empty"   => "The value of the Import Field shouldn't be empty",
+    "same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
 
     /*
     |--------------------------------------------------------------------------

From 33bda9b6d11c2fff2b135cb5d21729c7059a40b0 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 17:47:25 -0800
Subject: [PATCH 08/25] Added blade option for same_pwd_as_user_fields

Disallows password form value to be the same as username, email, first name or last name
---
 resources/views/settings/security.blade.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php
index 4b4704891f..9f5d9bf1ec 100644
--- a/resources/views/settings/security.blade.php
+++ b/resources/views/settings/security.blade.php
@@ -99,6 +99,10 @@
                             </div>
                             <div class="col-md-9">
 
+                                {{ Form::checkbox("pwd_secure_complexity['same_pwd_as_user_fields']", 'same_pwd_as_user_fields', old('same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
+                                Password cannot be the same as first name, last name, email, or username<br>
+
+
                                 {{ Form::checkbox("pwd_secure_complexity['letters']", 'letters', old('pwd_secure_uncommon', strpos($setting->pwd_secure_complexity, 'letters')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
                                 Require at least one letter <br>
 

From a55694da2f57f5dd0e65fc9e2002c725efd167b5 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 20:03:26 -0800
Subject: [PATCH 09/25] Added validation to disallow password to be the same as
 username, email, etc

---
 app/Http/Controllers/ProfileController.php  | 10 +++++
 app/Providers/ValidationServiceProvider.php | 42 +++++++++++++++++++++
 resources/lang/en/validation.php            |  2 +-
 resources/views/settings/security.blade.php |  2 +-
 4 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 787037cfb1..d1a6306b69 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -156,6 +156,16 @@ class ProfileController extends Controller
             if (!Hash::check($request->input('current_password'), $user->password)) {
                 $validator->errors()->add('current_password', trans('validation.hashed_pass'));
             }
+
+            if (($request->input('password') == $user->username) ||
+                ($request->input('password') == $user->email) ||
+                ($request->input('password') == $user->first_name) ||
+                ($request->input('password') == $user->last_name))
+            {
+                $validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields'));
+            }
+
+
             
         });
 
diff --git a/app/Providers/ValidationServiceProvider.php b/app/Providers/ValidationServiceProvider.php
index b8e028226e..97d0d779f9 100644
--- a/app/Providers/ValidationServiceProvider.php
+++ b/app/Providers/ValidationServiceProvider.php
@@ -91,6 +91,48 @@ class ValidationServiceProvider extends ServiceProvider
         });
 
 
+        // This ONLY works for create/update user forms, since the Update Profile Password form doesn't
+        // include any of these additional validator fields
+        Validator::extend('disallow_same_pwd_as_user_fields', function ($attribute, $value, $parameters, $validator) {
+
+
+            $data = $validator->getData();
+            \Log::debug('Attribute: '.$attribute);
+            \Log::debug('Value: '. $value);
+            \Log::debug('Parameters: '.print_r($parameters, true));
+            \Log::debug('Data: '.print_r($data, true));
+
+
+            if (array_key_exists("username", $data)) {
+                if ($data['username'] == $data['password']) {
+                    return false;
+                }
+            }
+
+            if (array_key_exists("email", $data)) {
+                if ($data['email'] == $data['password']) {
+                    return false;
+                }
+            }
+
+            if (array_key_exists("first_name", $data)) {
+                if ($data['first_name'] == $data['password']) {
+                    return false;
+                }
+            }
+
+            if (array_key_exists("last_name", $data)) {
+                if ($data['last_name'] == $data['password']) {
+                    return false;
+                }
+            }
+
+
+           return true;
+
+
+        });
+
         Validator::extend('letters', function ($attribute, $value, $parameters) {
             return preg_match('/\pL/', $value);
         });
diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php
index d7ddb8c0d1..7e584d67ea 100644
--- a/resources/lang/en/validation.php
+++ b/resources/lang/en/validation.php
@@ -99,7 +99,7 @@ return array(
     'url'                  => 'The :attribute format is invalid.',
     "unique_undeleted"     => "The :attribute must be unique.",
     "import_field_empty"   => "The value of the Import Field shouldn't be empty",
-    "same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
+    "disallow_same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
 
     /*
     |--------------------------------------------------------------------------
diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php
index 9f5d9bf1ec..ad05725c28 100644
--- a/resources/views/settings/security.blade.php
+++ b/resources/views/settings/security.blade.php
@@ -99,7 +99,7 @@
                             </div>
                             <div class="col-md-9">
 
-                                {{ Form::checkbox("pwd_secure_complexity['same_pwd_as_user_fields']", 'same_pwd_as_user_fields', old('same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
+                                {{ Form::checkbox("pwd_secure_complexity['disallow_same_pwd_as_user_fields']", 'disallow_same_pwd_as_user_fields', old('disallow_same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'disallow_same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
                                 Password cannot be the same as first name, last name, email, or username<br>
 
 

From 296655542dd191abb3f840f3998d85f9c5b64759 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 20:07:39 -0800
Subject: [PATCH 10/25] Added comments

---
 app/Http/Controllers/ProfileController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index d1a6306b69..ae283cd25a 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -157,6 +157,14 @@ class ProfileController extends Controller
                 $validator->errors()->add('current_password', trans('validation.hashed_pass'));
             }
 
+            // This checks to make sure that the user's password isn't the same as their username,
+            // email address, first name or last name (see https://github.com/snipe/snipe-it/issues/8661)
+            // While this is handled via SaveUserRequest form request in other places, we have to do this manually
+            // here because we don't have the username, etc form fields available in the profile password change
+            // form.
+
+            // There may be a more elegant way to do this in the future.
+
             if (($request->input('password') == $user->username) ||
                 ($request->input('password') == $user->email) ||
                 ($request->input('password') == $user->first_name) ||

From c4b2ef566014bc5768bd5b151364471b33c89eaf Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 20:10:18 -0800
Subject: [PATCH 11/25] Removed debugging code

---
 app/Providers/ValidationServiceProvider.php | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/app/Providers/ValidationServiceProvider.php b/app/Providers/ValidationServiceProvider.php
index 97d0d779f9..2a675fa8d1 100644
--- a/app/Providers/ValidationServiceProvider.php
+++ b/app/Providers/ValidationServiceProvider.php
@@ -94,14 +94,8 @@ class ValidationServiceProvider extends ServiceProvider
         // This ONLY works for create/update user forms, since the Update Profile Password form doesn't
         // include any of these additional validator fields
         Validator::extend('disallow_same_pwd_as_user_fields', function ($attribute, $value, $parameters, $validator) {
-
-
+            
             $data = $validator->getData();
-            \Log::debug('Attribute: '.$attribute);
-            \Log::debug('Value: '. $value);
-            \Log::debug('Parameters: '.print_r($parameters, true));
-            \Log::debug('Data: '.print_r($data, true));
-
 
             if (array_key_exists("username", $data)) {
                 if ($data['username'] == $data['password']) {

From 63bb2de4d4d560e6418b80f7c784c64de413a061 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 20:13:54 -0800
Subject: [PATCH 12/25] Derp. Check and make sure that setting is actually on

---
 app/Http/Controllers/ProfileController.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index ae283cd25a..140c73ab26 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -165,15 +165,20 @@ class ProfileController extends Controller
 
             // There may be a more elegant way to do this in the future.
 
-            if (($request->input('password') == $user->username) ||
-                ($request->input('password') == $user->email) ||
-                ($request->input('password') == $user->first_name) ||
-                ($request->input('password') == $user->last_name))
-            {
-                $validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields'));
+            // First let's see if that option is enabled in the settings
+            if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields')) {
+                \Log::debug('disallow_same_pwd_as_user_fields is ON');
+                if (($request->input('password') == $user->username) ||
+                    ($request->input('password') == $user->email) ||
+                    ($request->input('password') == $user->first_name) ||
+                    ($request->input('password') == $user->last_name))
+                {
+                    $validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields'));
+                }
             }
 
 
+
             
         });
 

From 0c2800c7ddabc73ff9c4d5f37bc483bda7b23ba0 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 21:26:13 -0800
Subject: [PATCH 13/25] Removed debugging line

---
 app/Http/Controllers/ProfileController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 140c73ab26..533ec6db9e 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -167,7 +167,6 @@ class ProfileController extends Controller
 
             // First let's see if that option is enabled in the settings
             if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields')) {
-                \Log::debug('disallow_same_pwd_as_user_fields is ON');
                 if (($request->input('password') == $user->username) ||
                     ($request->input('password') == $user->email) ||
                     ($request->input('password') == $user->first_name) ||

From e6f53a53bca162c979737b8514bc9502e44756cb Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 22:15:01 -0800
Subject: [PATCH 14/25] Updated min requirement for passwords in lang files

---
 resources/lang/en-GB/admin/settings/general.php | 2 +-
 resources/lang/en/admin/settings/general.php    | 2 +-
 resources/lang/is/admin/settings/general.php    | 2 +-
 resources/lang/iu/admin/settings/general.php    | 2 +-
 resources/lang/sr-CS/admin/settings/general.php | 2 +-
 resources/lang/tl/admin/settings/general.php    | 2 +-
 resources/lang/uk/admin/settings/general.php    | 2 +-
 resources/lang/ur-PK/admin/settings/general.php | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/resources/lang/en-GB/admin/settings/general.php b/resources/lang/en-GB/admin/settings/general.php
index 9ee50e1769..78496051c2 100644
--- a/resources/lang/en-GB/admin/settings/general.php
+++ b/resources/lang/en-GB/admin/settings/general.php
@@ -101,7 +101,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
index 6de059ba7e..0673a3c688 100644
--- a/resources/lang/en/admin/settings/general.php
+++ b/resources/lang/en/admin/settings/general.php
@@ -113,7 +113,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/is/admin/settings/general.php b/resources/lang/is/admin/settings/general.php
index 252589705d..f40e9aea57 100644
--- a/resources/lang/is/admin/settings/general.php
+++ b/resources/lang/is/admin/settings/general.php
@@ -101,7 +101,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/iu/admin/settings/general.php b/resources/lang/iu/admin/settings/general.php
index 252589705d..f40e9aea57 100644
--- a/resources/lang/iu/admin/settings/general.php
+++ b/resources/lang/iu/admin/settings/general.php
@@ -101,7 +101,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/sr-CS/admin/settings/general.php b/resources/lang/sr-CS/admin/settings/general.php
index fe7e1335c8..3fe2190dc0 100644
--- a/resources/lang/sr-CS/admin/settings/general.php
+++ b/resources/lang/sr-CS/admin/settings/general.php
@@ -101,7 +101,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/tl/admin/settings/general.php b/resources/lang/tl/admin/settings/general.php
index debefb1fb6..9298581291 100644
--- a/resources/lang/tl/admin/settings/general.php
+++ b/resources/lang/tl/admin/settings/general.php
@@ -101,7 +101,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/uk/admin/settings/general.php b/resources/lang/uk/admin/settings/general.php
index 9ffacc1c53..abe32ae08c 100644
--- a/resources/lang/uk/admin/settings/general.php
+++ b/resources/lang/uk/admin/settings/general.php
@@ -103,7 +103,7 @@ return array(
     'pwd_secure_complexity'     => 'Складність пароля',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Мінімальна кількість символів в паролі',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',
diff --git a/resources/lang/ur-PK/admin/settings/general.php b/resources/lang/ur-PK/admin/settings/general.php
index 252589705d..f40e9aea57 100644
--- a/resources/lang/ur-PK/admin/settings/general.php
+++ b/resources/lang/ur-PK/admin/settings/general.php
@@ -101,7 +101,7 @@ return array(
     'pwd_secure_complexity'     => 'Password Complexity',
     'pwd_secure_complexity_help' => 'Select whichever password complexity rules you wish to enforce.',
     'pwd_secure_min'            => 'Password minimum characters',
-    'pwd_secure_min_help'       => 'Minimum permitted value is 5',
+    'pwd_secure_min_help'       => 'Minimum permitted value is 8',
     'pwd_secure_uncommon'       => 'Prevent common passwords',
     'pwd_secure_uncommon_help'  => 'This will disallow users from using common passwords from the top 10,000 passwords reported in breaches.',
     'qr_help'                   => 'Enable QR Codes first to set this',

From b828985151f70ddaf41fe0503a39356e228c4d41 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 22:28:56 -0800
Subject: [PATCH 15/25] Fixed strpos to !== FALSE in ProfileController for
 complexity eval

---
 app/Http/Controllers/ProfileController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 533ec6db9e..35ede27cb5 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -166,7 +166,7 @@ class ProfileController extends Controller
             // There may be a more elegant way to do this in the future.
 
             // First let's see if that option is enabled in the settings
-            if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields')) {
+            if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== FALSE) {
                 if (($request->input('password') == $user->username) ||
                     ($request->input('password') == $user->email) ||
                     ($request->input('password') == $user->first_name) ||

From c800662f0c2ef2e4e0dfa5dda9a27092d3bef65d Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 23:57:00 -0800
Subject: [PATCH 16/25] Use username for forgotten password

Since emails are not required to be unique
---
 app/Http/Controllers/Auth/ForgotPasswordController.php | 9 ++++-----
 resources/views/auth/passwords/email.blade.php         | 6 +++---
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
index 6c33c999cd..d54ca4ed09 100644
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -5,7 +5,6 @@ namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Validator;
 
 class ForgotPasswordController extends Controller
 {
@@ -60,7 +59,7 @@ class ForgotPasswordController extends Controller
          */
 
         $request->validate([
-            'email' => ['required', 'email', 'max:255'],
+            'username' => ['required', 'max:255'],
         ]);
         
 
@@ -74,16 +73,16 @@ class ForgotPasswordController extends Controller
          */
         $response = $this->broker()->sendResetLink(
             array_merge(
-                $request->only('email'),
+                $request->only('username'),
                 ['activated' => '1'],
                 ['ldap_import' => '0']
             )
         );
 
         if ($response === \Password::RESET_LINK_SENT) {
-            \Log::info('Password reset attempt: User '.$request->input('email').' found, password reset sent');
+            \Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');
         } else {
-            \Log::info('Password reset attempt: User '.$request->input('email').' not found or user is inactive');
+            \Log::info('Password reset attempt: User matching username '.$request->input('username').' NOT FOUND or user is inactive');
         }
 
 
diff --git a/resources/views/auth/passwords/email.blade.php b/resources/views/auth/passwords/email.blade.php
index 5bcdf088e5..2393989637 100644
--- a/resources/views/auth/passwords/email.blade.php
+++ b/resources/views/auth/passwords/email.blade.php
@@ -31,11 +31,11 @@
 
 
 
-                                    <div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
+                                    <div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
 
                                         <div class="col-md-12">
-                                            <input type="email" class="form-control" name="email" value="{{ old('email') }}" placeholder="{{ trans('admin/users/table.email') }}" aria-label="email">
-                                            {!! $errors->first('email', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
+                                            <input type="text" class="form-control" name="username" value="{{ old('username') }}" placeholder="{{ trans('admin/users/table.username') }}" aria-label="username">
+                                            {!! $errors->first('username', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
                                         </div>
                                     </div>
 

From 410c99da1765e2f21c92cc361e27fb8fbcdbe364 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 23:57:39 -0800
Subject: [PATCH 17/25] Added signature-pad.min.css to the css directory -
 should possibly fix #8603

---
 public/css/signature-pad.min.css | 135 +++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100755 public/css/signature-pad.min.css

diff --git a/public/css/signature-pad.min.css b/public/css/signature-pad.min.css
new file mode 100755
index 0000000000..218b9c2365
--- /dev/null
+++ b/public/css/signature-pad.min.css
@@ -0,0 +1,135 @@
+
+#signature-pad {
+  padding-top: 250px;
+  margin: auto;
+}
+.m-signature-pad {
+
+  position: relative;
+  font-size: 10px;
+  width: 100%;
+  height: 300px;
+  border: 1px solid #e8e8e8;
+  background-color: #fff;
+  box-shadow: 0 1px 4px rgba(0, 0, 0, 0.27), 0 0 40px rgba(0, 0, 0, 0.08) inset;
+  border-radius: 4px;
+}
+
+.m-signature-pad:before, .m-signature-pad:after {
+	position: absolute;
+  z-index: -1;
+  content: "";
+	width: 40%;
+	height: 10px;
+	left: 20px;
+	bottom: 10px;
+	background: transparent;
+	-webkit-transform: skew(-3deg) rotate(-3deg);
+	-moz-transform: skew(-3deg) rotate(-3deg);
+	-ms-transform: skew(-3deg) rotate(-3deg);
+	-o-transform: skew(-3deg) rotate(-3deg);
+	transform: skew(-3deg) rotate(-3deg);
+	box-shadow: 0 8px 12px rgba(0, 0, 0, 0.4);
+}
+
+.m-signature-pad:after {
+	left: auto;
+	right: 20px;
+	-webkit-transform: skew(3deg) rotate(3deg);
+	-moz-transform: skew(3deg) rotate(3deg);
+	-ms-transform: skew(3deg) rotate(3deg);
+	-o-transform: skew(3deg) rotate(3deg);
+	transform: skew(3deg) rotate(3deg);
+}
+
+.m-signature-pad--body {
+  position: absolute;
+  top: 20px;
+  bottom: 60px;
+  border: 1px solid #f4f4f4;
+  background-color: white;
+}
+
+.m-signature-pad--body
+  canvas {
+    position: absolute;
+    left: 0;
+    top: 0;
+    width: 100%;
+    height: 100%;
+    border-radius: 4px;
+    box-shadow: 0 0 5px rgba(0, 0, 0, 0.02) inset;
+  }
+
+.m-signature-pad--footer {
+  position: absolute;
+  left: 20px;
+  right: 20px;
+  bottom: 20px;
+  height: 40px;
+}
+
+.m-signature-pad--footer
+  .description {
+    color: #C3C3C3;
+    text-align: center;
+    font-size: 1.2em;
+    margin-top: 1.8em;
+  }
+
+.m-signature-pad--footer
+  .button {
+    position: absolute;
+    bottom: 0;
+  }
+
+.m-signature-pad--footer
+  .button.clear {
+    left: 0;
+  }
+
+.m-signature-pad--footer
+  .button.save {
+    right: 0;
+  }
+
+@media screen and (max-width: 1024px) {
+  .m-signature-pad {
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    width: auto;
+    height: auto;
+    min-width: 250px;
+    min-height: 140px;
+    margin: 5%;
+  }
+
+}
+
+@media screen and (min-device-width: 768px) and (max-device-width: 1024px) {
+  .m-signature-pad {
+    margin: 10%;
+  }
+}
+
+@media screen and (max-height: 320px) {
+  .m-signature-pad--body {
+    left: 0;
+    right: 0;
+    top: 0;
+    bottom: 32px;
+  }
+  .m-signature-pad--footer {
+    left: 20px;
+    right: 20px;
+    bottom: 4px;
+    height: 28px;
+  }
+  .m-signature-pad--footer
+    .description {
+      font-size: 1em;
+      margin-top: 1em;
+    }
+}

From b29f794b35ca5a499bc9be50a6e3e646fbcd0f9f Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 23:58:09 -0800
Subject: [PATCH 18/25] password.expire updated for forgotten password token
 expiration

---
 .env.example    | 1 +
 config/auth.php | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index b85385d559..af0e127eef 100644
--- a/.env.example
+++ b/.env.example
@@ -125,6 +125,7 @@ PRIVATE_AWS_BUCKET_ROOT=null
 # --------------------------------------------
 LOGIN_MAX_ATTEMPTS=5
 LOGIN_LOCKOUT_DURATION=60
+RESET_PASSWORD_LINK_EXPIRES=900
 
 # --------------------------------------------
 # OPTIONAL: MISC
diff --git a/config/auth.php b/config/auth.php
index d8a161f9f4..41ce176d16 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -102,7 +102,7 @@ return [
             'provider' => 'users',
             'email' => 'auth.emails.password',
             'table' => 'password_resets',
-            'expire' => env('LOGIN_LOCKOUT_DURATION', 60),
+            'expire' => env('RESET_PASSWORD_LINK_EXPIRES', 900),
             'throttle' => env('LOGIN_MAX_ATTEMPTS', 60),
         ],
     ],
@@ -120,4 +120,5 @@ return [
 
     'password_timeout' => 10800,
 
+
 ];

From a66a22ffb263558324b034efa50575bedab0a56b Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 23:58:37 -0800
Subject: [PATCH 19/25] =?UTF-8?q?Updated=20passwordComplexityRulesSaving()?=
 =?UTF-8?q?=20signature=20so=20it=20isn=E2=80=99t=20nullable?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Auth/ResetPasswordController.php          | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
index bfcf88eec4..e323791e1c 100644
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -29,6 +29,8 @@ class ResetPasswordController extends Controller
      */
     protected $redirectTo = '/';
 
+    protected $username = 'username';
+
     /**
      * Create a new controller instance.
      *
@@ -44,7 +46,7 @@ class ResetPasswordController extends Controller
         return [
             'token' => 'required',
             'username' => 'required',
-            'password' => 'required|confirmed|'.Setting::passwordComplexityRulesSaving('update'),
+            'password' => 'confirmed|'.Setting::passwordComplexityRulesSaving('store'),
         ];
     }
 
@@ -59,6 +61,7 @@ class ResetPasswordController extends Controller
 
     public function showResetForm(Request $request, $token = null)
     {
+        \Log::debug(print_r($this->rules(),true));
         return view('auth.passwords.reset')->with(
             [
                 'token' => $token,
@@ -67,6 +70,30 @@ class ResetPasswordController extends Controller
         );
     }
 
+
+//    public function reset(Request $request)
+//    {
+//        $this->validate($request, $this->rules(), $this->validationErrorMessages());
+//
+//        // These two lines below allow you to bypass the default validation.
+//        $broker = $this->broker();
+//        $broker->validate(function () {
+//            return true;
+//        });
+//
+//        $response->reset(
+//            $this->credentials($request), function ($user, $password) {
+//                \Log::debug('resetting the password to '.$password);
+//                $this->resetPassword($user, $password);
+//            }
+//        );
+//
+//        return $response == \Password::PASSWORD_RESET
+//            ? $this->sendResetResponse($response)
+//            : $this->sendResetFailedResponse($request, $response);
+//    }
+
+
     protected function sendResetFailedResponse(Request $request, $response)
     {
         return redirect()->back()

From bbd7a752a00e44793b81cacf42c1576e3aecbc03 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 2 Nov 2020 23:58:49 -0800
Subject: [PATCH 20/25] Minor cleanup

---
 app/Models/User.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Models/User.php b/app/Models/User.php
index d5868ce600..cbf887adb7 100755
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -26,10 +26,13 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
     use UniqueUndeletedTrait;
     use Notifiable;
     use Presentable;
+    use Searchable;
+
     protected $dates = ['deleted_at'];
     protected $hidden = ['password','remember_token','permissions','reset_password_code','persist_code'];
     protected $table = 'users';
     protected $injectUniqueIdentifier = true;
+
     protected $fillable = [
         'activated',
         'address',
@@ -78,7 +81,6 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
         'location_id'             => 'exists:locations,id|nullable',
     ];
 
-    use Searchable;
 
     /**
      * The attributes that should be included when searching the model.
@@ -107,7 +109,8 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
         'groups'     => ['name'],
         'company'    => ['name'],
         'manager'    => ['first_name', 'last_name', 'username']
-    ];  
+    ];
+
 
     /**
      * Check user permissions

From f138d3b781814ac0a41eab53ddf91d5b7a7c7636 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 3 Nov 2020 01:00:37 -0800
Subject: [PATCH 21/25] Fixed typo

---
 upgrade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/upgrade.php b/upgrade.php
index 4878748701..0fb7dfd9fa 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -122,7 +122,7 @@ echo "\n";
 
 echo "--------------------------------------------------------\n";
 echo "Step 6: Updating composer dependencies:\n";
-echo "(This may take an moment.)\n";
+echo "(This may take a moment.)\n";
 echo "--------------------------------------------------------\n\n";
 
 

From 44e5fec70794e712bf2639b6fcb62db94f5ec213 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 3 Nov 2020 10:01:55 -0800
Subject: [PATCH 22/25] Fixed #8603 - Use correct CSS path for
 signature-pad.min.css

---
 resources/views/account/accept-asset.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/account/accept-asset.blade.php b/resources/views/account/accept-asset.blade.php
index a695a5e61b..780b9408e8 100644
--- a/resources/views/account/accept-asset.blade.php
+++ b/resources/views/account/accept-asset.blade.php
@@ -11,7 +11,7 @@
 @section('content')
 
     
-<link rel="stylesheet" href="{{ mix('css/signature-pad.min.css') }}">
+<link rel="stylesheet" href="{{ mix('css/build/signature-pad.min.css') }}">
 
 <style>
 .form-horizontal .control-label, .form-horizontal .radio, .form-horizontal .checkbox, .form-horizontal .radio-inline, .form-horizontal .checkbox-inline {

From cfc1e1366c44b91d500b9bce1d0f5b63f4a035f8 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 3 Nov 2020 11:42:42 -0800
Subject: [PATCH 23/25] Added new password complexity rules to forgot password

---
 .../Auth/ResetPasswordController.php          | 63 ++++++++++++-------
 1 file changed, 41 insertions(+), 22 deletions(-)

diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
index e323791e1c..4c9758d24e 100644
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -3,9 +3,13 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
+use App\Http\Requests\SaveUserRequest;
 use App\Models\Setting;
+use App\Models\User;
 use Illuminate\Foundation\Auth\ResetsPasswords;
 use Illuminate\Http\Request;
+use Illuminate\Validation\Rule;
+use Illuminate\Validation\Validator;
 
 class ResetPasswordController extends Controller
 {
@@ -71,34 +75,49 @@ class ResetPasswordController extends Controller
     }
 
 
-//    public function reset(Request $request)
-//    {
-//        $this->validate($request, $this->rules(), $this->validationErrorMessages());
-//
-//        // These two lines below allow you to bypass the default validation.
-//        $broker = $this->broker();
-//        $broker->validate(function () {
-//            return true;
-//        });
-//
-//        $response->reset(
-//            $this->credentials($request), function ($user, $password) {
-//                \Log::debug('resetting the password to '.$password);
-//                $this->resetPassword($user, $password);
-//            }
-//        );
-//
-//        return $response == \Password::PASSWORD_RESET
-//            ? $this->sendResetResponse($response)
-//            : $this->sendResetFailedResponse($request, $response);
-//    }
+    public function reset(Request $request)
+    {
+
+        $messages = [
+            'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
+        ];
+
+        $validator = $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
+
+        // Check to see if the user even exists
+        $user = User::where('username', '=', $request->input('username'))->first();
+
+        $broker = $this->broker();
+        if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== FALSE) {
+            \Log::debug('disallow_same_pwd_as_user_fields is active on the password settings');
+            $request->validate(
+                [
+                'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"'
+            ], $messages);
+            
+        }
+
+
+        $response = $broker->reset(
+            $this->credentials($request), function ($user, $password) {
+                \Log::debug('resetting the password to '.$password);
+                $this->resetPassword($user, $password);
+            }
+        );
+
+        return $response == \Password::PASSWORD_RESET
+            ? $this->sendResetResponse($request, $response)
+            : $this->sendResetFailedResponse($request, $response);
+    }
 
 
     protected function sendResetFailedResponse(Request $request, $response)
     {
         return redirect()->back()
             ->withInput(['username'=> $request->input('username')])
-            ->withErrors(['username' => trans($response)]);
+            ->withErrors(['username' => trans($response), 'password' => trans($response)]);
     }
 
+
+
 }

From a8390ce4bd123a8376682c1386ba0e02c1b326f3 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 3 Nov 2020 11:45:19 -0800
Subject: [PATCH 24/25] Removed debugging

---
 app/Http/Controllers/Auth/ResetPasswordController.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
index 4c9758d24e..92b86fd737 100644
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -65,7 +65,6 @@ class ResetPasswordController extends Controller
 
     public function showResetForm(Request $request, $token = null)
     {
-        \Log::debug(print_r($this->rules(),true));
         return view('auth.passwords.reset')->with(
             [
                 'token' => $token,
@@ -82,14 +81,13 @@ class ResetPasswordController extends Controller
             'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
         ];
 
-        $validator = $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
+        $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
 
         // Check to see if the user even exists
         $user = User::where('username', '=', $request->input('username'))->first();
 
         $broker = $this->broker();
         if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== FALSE) {
-            \Log::debug('disallow_same_pwd_as_user_fields is active on the password settings');
             $request->validate(
                 [
                 'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"'
@@ -100,7 +98,6 @@ class ResetPasswordController extends Controller
 
         $response = $broker->reset(
             $this->credentials($request), function ($user, $password) {
-                \Log::debug('resetting the password to '.$password);
                 $this->resetPassword($user, $password);
             }
         );

From 12667f41b9d82f02af25530b61139241dbfefcb5 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 3 Nov 2020 11:47:13 -0800
Subject: [PATCH 25/25] bumped hash

---
 config/version.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/version.php b/config/version.php
index 14f77804c4..0c1d1c552a 100644
--- a/config/version.php
+++ b/config/version.php
@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v5.0.5-pre',
-  'full_app_version' => 'v5.0.5-pre - build 5457-',
+  'app_version' => 'v5.0.5',
+  'full_app_version' => 'v5.0.5 - build 5457-',
   'build_version' => '5457',
   'prerelease_version' => '',
   'hash_version' => '',
-  'full_hash' => 'v5.0.5-pre',
+  'full_hash' => 'v5.0.4',
   'branch' => 'develop',
 );
\ No newline at end of file