Laravel 5.5 自定义重置密码抛出令牌不匹配
Posted
技术标签:
【中文标题】Laravel 5.5 自定义重置密码抛出令牌不匹配【英文标题】:Laravel 5.5 Custom reset password throws token mismatch 【发布时间】:2018-05-24 06:08:51 【问题描述】:我想覆盖/自定义现有的 laravel 忘记和重置密码功能。主要是由于我的表不包含“电子邮件”列,并且我们有自己的电子邮件发送方法。因此我更新了我的 ForgotPasswordController.php 如下:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use Illuminate\Contracts\Auth\PasswordBroker;
use App\People;
use Illuminate\Http\Request;
class ForgotPasswordController extends Controller
/*
|--------------------------------------------------------------------------
| Password Reset Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password reset emails and
| includes a trait which assists in sending these notifications from
| your application to your users. Feel free to explore this trait.
|
*/
use SendsPasswordResetEmails;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
$this->middleware('guest');
public function sendResetLinkEmail(Request $request)
$this->validateEmail($request);
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$people = People::where('username_email', $request['email'] )->first();
if (!empty($people->cust_id)) // user found
$password_broker = app(PasswordBroker::class); //so we can have dependency injection
$people->email = $people->username_email; // because below createToken function is looking for email field in the people table
$token = $password_broker->createToken($people); //create reset password token
$link = getHTTPURL(true) .'/profile/password/reset/'.$token;
$objemail = new \email();
$objemail->body = "
You can reset the password via : ". $link ."<br /><br />";
$objemail->to_address = $request['email'];
$objemail->send(true);
return array('error' =>0, 'succuss'=> 1);
return array('error' =>0, 'succuss'=> 0);
/*$password_broker->emailResetLink($user, $token, function (Message $message)
$message->subject('Custom Email title');
);//send email.*/
现在如果我提交默认的 laravel 密码重置表单,我会得到 视图文件中出现“此密码重置令牌无效。”错误。
注意:我在 ResetPasswordController.php 中覆盖了凭据函数,如下所示:
protected function credentials(Request $request)
return $request->only(
'username_email', 'password', 'password_confirmation', 'token'
);
知道吗,怎么了?
【问题讨论】:
您的问题解决了吗?这里有类似的问题。 【参考方案1】:您可以在 Laravel 中自定义忘记和重置密码功能。这是需要注意的地方。
通过电子邮件发送给用户的令牌实际上是您的APP_KEY
的sha256。
$this->hashKey is actually APP_KEY.
$token = hash_hmac('sha256', Str::random(40), $this->hashKey);
But the token that is stored in your database is bcrypt of that sha256.
bcrypt(hash_hmac('sha256', Str::random(40), $this->hashKey));
【讨论】:
以上是关于Laravel 5.5 自定义重置密码抛出令牌不匹配的主要内容,如果未能解决你的问题,请参考以下文章