Laravel 5.5自定义重置密码会引发令牌不匹配

时间:2017-12-10 16:13:07

标签: token laravel-5.5 forgot-password reset-password

我想覆盖/自定义现有的laravel忘记和重置密码功能。主要是由于我的表中没有包含“电子邮件”列和我们自己的电子邮件发送方法。因此,我更新了我的ForgotPasswordController.php,如下所示:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use Illuminate\Contracts\Auth\PasswordBroker;
use App\People;
use Illuminate\Http\Request;

class ForgotPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset emails and
    | includes a trait which assists in sending these notifications from
    | your application to your users. Feel free to explore this trait.
    |
    */
    use SendsPasswordResetEmails;



    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }

    public function sendResetLinkEmail(Request $request)
    {
        $this->validateEmail($request);

        // We will send the password reset link to this user. Once we have attempted
        // to send the link, we will examine the response then see the message we
        // need to show to the user. Finally, we'll send out a proper response.

        $people = People::where('username_email', $request['email'] )->first();

        if (!empty($people->cust_id)) { // user found
            $password_broker = app(PasswordBroker::class); //so we can have dependency injection
            $people->email = $people->username_email; // because below createToken function is looking for email field in the people table
            $token = $password_broker->createToken($people); //create reset password token
            $link = getHTTPURL(true) .'/profile/password/reset/'.$token;

            $objemail = new \email();
            $objemail->body = "
            You can reset the password via : ". $link ."<br /><br />";

            $objemail->to_address = $request['email'];
            $objemail->send(true);    

            return array('error' =>0, 'succuss'=> 1);
        }

        return array('error' =>0, 'succuss'=> 0);

        /*$password_broker->emailResetLink($user, $token, function (Message $message) {
                $message->subject('Custom Email title');
        });//send email.*/
    }

}

现在,如果我提交默认的laravel密码重置表单,我就会收到 “此密码重置令牌无效。”视图文件中出现错误。

注意:我重写了ResetPasswordController.php中的凭证功能,如下所示:

 protected function credentials(Request $request)
    {
        return $request->only(
            'username_email', 'password', 'password_confirmation', 'token'
        );
    } 

任何想法,出了什么问题?

1 个答案:

答案 0 :(得分:2)

您可以在Laravel中自定义忘记和重置密码功能。这是需要注意的事情。

通过电子邮件发送给用户的令牌实际上是APP_KEY的sha256。

$this->hashKey is actually APP_KEY.
$token = hash_hmac('sha256', Str::random(40), $this->hashKey);
But the token that is stored in your database is bcrypt of that sha256.
bcrypt(hash_hmac('sha256', Str::random(40), $this->hashKey));