Laravel 5.5 自定义重置密码抛出令牌不匹配

Posted 2023-02-25

【中文标题】Laravel 5.5 自定义重置密码抛出令牌不匹配

【英文标题】：Laravel 5.5 Custom reset password throws token mismatch

【发布时间】：2018-05-24 06:08:51

【问题描述】：

我想覆盖/自定义现有的 laravel 忘记和重置密码功能。主要是由于我的表不包含“电子邮件”列，并且我们有自己的电子邮件发送方法。因此我更新了我的 ForgotPasswordController.php 如下：

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use Illuminate\Contracts\Auth\PasswordBroker;
use App\People;
use Illuminate\Http\Request;

class ForgotPasswordController extends Controller

    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset emails and
    | includes a trait which assists in sending these notifications from
    | your application to your users. Feel free to explore this trait.
    |
    */
    use SendsPasswordResetEmails;



    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    
        $this->middleware('guest');
    

    public function sendResetLinkEmail(Request $request)
    
        $this->validateEmail($request);

        // We will send the password reset link to this user. Once we have attempted
        // to send the link, we will examine the response then see the message we
        // need to show to the user. Finally, we'll send out a proper response.

        $people = People::where('username_email', $request['email'] )->first();

        if (!empty($people->cust_id))  // user found
            $password_broker = app(PasswordBroker::class); //so we can have dependency injection
            $people->email = $people->username_email; // because below createToken function is looking for email field in the people table
            $token = $password_broker->createToken($people); //create reset password token
            $link = getHTTPURL(true) .'/profile/password/reset/'.$token;

            $objemail = new \email();
            $objemail->body = "
            You can reset the password via : ". $link ."<br /><br />";

            $objemail->to_address = $request['email'];
            $objemail->send(true);    

            return array('error' =>0, 'succuss'=> 1);
        

        return array('error' =>0, 'succuss'=> 0);

        /*$password_broker->emailResetLink($user, $token, function (Message $message) 
                $message->subject('Custom Email title');
        );//send email.*/
    

现在如果我提交默认的 laravel 密码重置表单，我会得到 视图文件中出现“此密码重置令牌无效。”错误。

注意：我在 ResetPasswordController.php 中覆盖了凭据函数，如下所示：

 protected function credentials(Request $request)
    
        return $request->only(
            'username_email', 'password', 'password_confirmation', 'token'
        );
     

知道吗，怎么了？

【问题讨论】：

您的问题解决了吗？这里有类似的问题。

【参考方案1】：

您可以在 Laravel 中自定义忘记和重置密码功能。这是需要注意的地方。

通过电子邮件发送给用户的令牌实际上是您的APP_KEY 的sha256。

$this->hashKey is actually APP_KEY.
$token = hash_hmac('sha256', Str::random(40), $this->hashKey);
But the token that is stored in your database is bcrypt of that sha256.
bcrypt(hash_hmac('sha256', Str::random(40), $this->hashKey));