在Laravel 4.2中重置没有令牌的密码

时间:2015-03-24 20:11:11

标签: php laravel frameworks

我是Laravel 4的新手。

以管理员身份登录时,想知道我是否可以重置用户密码。在这种情况下,我不需要令牌来允许更改密码,就像用户收到更改密码的电子邮件一样。我在ReminderController类postReset方法中鼓舞自己:

/**
 * Handle a POST request to reset a user's password.
 *
 * @return Response
 */
public function postReset()
{
    $credentials = Input::only(
        'email', 'password', 'password_confirmation', 'token'
    );

    $response = Password::reset($credentials, function ($user, $password) {
        $user->password = Hash::make($password);

        $user->save();

        Auth::login($user);
    });

    switch ($response) {
        case Password::INVALID_TOKEN:
            return Redirect::to('/login')->with('error', Lang::get($response));
        case Password::INVALID_PASSWORD:
        case Password::INVALID_USER:
            return Redirect::back()->with('error', Lang::get($response));

        case Password::PASSWORD_RESET:
            return Redirect::to('/')->with('message', Lang::get($response));
    }
}

但是这个方法在调用token string时处理$credetials变量中的Password::reset。 Bellow是更新用户数据的方法。

public function update($colaborador)
{
      $credentials = Input::only(
        'nome_completo', 'email', 'password', 'password_confirmation', 'token'
    );
    $emailGestor = Input::get('email-gestor');
    $enviarEmail = Input::get('enviar-email');
    $user        = $colaborador->user;

    if (User::where('email', $email)->where('id', '!=', $user->id)->count() > 0) {
        $mensagem = 'O endereço de e-mail ' . $email . ' já está sendo utilizado.';
    } else  {
        $response = Password::reset($credentials, function ($credentials, $user, $password, $enviarEmail) {
            $user->nome_completo = $credentials['nome_completo'];
            $user->email = $credentials['email'];
            $user->password = Hash::make($password);

            $user->save();
            $mensagem = 'Colaborador alterado.';

            if ($enviarEmail == 1) {
                PrimeiroAcesso::remind(['email' => $email], function ($msg) {
                    $msg->subject('Assessment – Mapeamento de Competências Funcionais Natura');
                });
                $mensagem .= ' E-mail de primeiro acesso enviado.';
            }
        });

        switch ($response) {
            case Password::INVALID_TOKEN:
                $mensagem = 'Token inválido.'; break;
            case Password::INVALID_PASSWORD:
                $mensagem = 'Senha inválida.'; break;
            case Password::INVALID_USER:
                $mensagem = 'Nome de usuário inválido'; break;
            default: break;
        }
    }

    if ($emailGestor == '' && $colaborador->gestor) {
        $colaborador->gestor()->dissociate();
        $colaborador->save();
        $mensagem .= ' Gestor removido.';
    } else {
        $gestor = User::with('colaborador')->where('email', $emailGestor)->first();

        if ($gestor) {
            $colaborador->gestor()->associate($gestor->colaborador);
            $colaborador->save();
            $mensagem .= ' Gestor alterado para ' . $emailGestor . '.';
        }
    }

    return Redirect::route('admin.colaborador.index')->with('flash_message', $mensagem);
}

$credentials = Input::only(
            'nome_completo', 'email', 'password', 'password_confirmation', 'token'
        );

我从视图中的表单中获取token

1 个答案:

答案 0 :(得分:3)

reset中的Illuminate\Auth\Reminders\PasswordBroker方法需要额外的token参数作为凭证数组的一部分,因为它需要从{{1}中删除相应的条目}表如果重置成功。因此,如果该表中没有匹配的password_reminders条目,您将无法使用该方法,因为您正在获得token响应。

话虽如此,这里有两个选择:

  1. 您在使用INVALID_TOKEN
  2. 之前创建新令牌
  3. 手动更新给定用户的密码
  4. 我个人只是使​​用第二个,因为它更容易,它跳过了将令牌保存到数据库的额外步骤,只是在重置密码后删除它,所有这些都在同一个请求中。

    这应该做的事情很简单(当然你可以扩展它以满足你的个人需求):

    Password::reset