Cleanup login/reset functionality, address security issue with 2FA pathways

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -3,7 +3,7 @@
 namespace Pterodactyl\Http\Controllers\Auth;
 
 use Illuminate\Http\Request;
-use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Password;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Events\Auth\FailedPasswordReset;
@@ -18,9 +18,9 @@ class ForgotPasswordController extends Controller
      *
      * @param  \Illuminate\Http\Request
      * @param string $response
-     * @return \Illuminate\Http\RedirectResponse
+     * @return \Illuminate\Http\JsonResponse
      */
-    protected function sendResetLinkFailedResponse(Request $request, $response): RedirectResponse
+    protected function sendResetLinkFailedResponse(Request $request, $response): JsonResponse
     {
         // As noted in #358 we will return success even if it failed
         // to avoid pointing out that an account does or does not
@@ -34,9 +34,9 @@ class ForgotPasswordController extends Controller
      * Get the response for a successful password reset link.
      *
      * @param string $response
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
+     * @return \Illuminate\Http\JsonResponse
      */
-    protected function sendResetLinkResponse($response)
+    protected function sendResetLinkResponse($response): JsonResponse
     {
         return response()->json([
             'status' => trans($response),