fixing the password reset logic and adding php stan config

Author: tnylea

app/Http/Controllers/Auth/PasswordResetLinkController.php

@@ -33,19 +33,13 @@ public function store(Request $request): RedirectResponse
             'email' => 'required|email',
         ]);
 
-        // We will send the password reset link to this user. Once we have attempted
-        // to send the link, we will examine the response then see the message we
-        // need to show to the user. Finally, we'll send out a proper response.
-        $status = Password::sendResetLink(
+        // We will send the password reset link to this user if the email exists
+        Password::sendResetLink(
             $request->only('email')
         );
 
-        if ($status == Password::ResetLinkSent) {
-            return back()->with('status', __($status));
-        }
-
-        throw ValidationException::withMessages([
-            'email' => [trans($status)],
-        ]);
+        // We want to always return a 200 response, even if the user is not found. This is a
+        // security measure to prevent email accounts from being discovered
+        return back()->with('status', __('If that email exists in our system, a reset link was sent.'));
     }
 }

phpstan.neon

@@ -0,0 +1,10 @@
+includes:
+    - vendor/larastan/larastan/extension.neon
+
+parameters:
+
+    paths:
+        - app/
+
+    # Level 9 is the highest level
+    level: 5