Add recaptcha to default Laravel Password Reset

3
votes

I want to require the users of my Laravel 5.1 application to have finished a Google Recaptcha process, but I can't figure out how to safely modify the code that sends the reset password link.

The code that does this for me is the "postEmail()" function in the inherited trait "ResetsPassword". This is my entire PasswordController:

use App\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\PasswordBroker;
use Illuminate\Foundation\Auth\ResetsPasswords;

class PasswordController extends Controller {

use ResetsPasswords;

/**
 * Create a new password controller instance.
 *
 * @param  \Illuminate\Contracts\Auth\Guard  $auth
 * @param  \Illuminate\Contracts\Auth\PasswordBroker  $passwords
 * @return void
 */
public function __construct(Guard $auth, PasswordBroker $passwords)
{
    $this->auth = $auth;
    $this->passwords = $passwords;

    $this->middleware('guest');
}

}

As you can see, all the real methods are in the "ResetsPasswords" trait which is in a vendor file so I don't want to modify it directly. How do I modify the "postEmail()" function in the inherited trait safely in my PasswordsController?

2
laravellaravel-5laravel-5.1recaptchachange-password
What about extending the vendor Class? Just a thought, not ready for an answer.online Thomas

2 Answers

6
votes

In your ForgotPasswordController add this method:

protected function validateEmail(Request $request)
{
    $this->validate($request, [
        'email' => 'required|email',
        'g-recaptcha-response' => 'recaptcha',
    ]);
}

And follow my reCAPTCHA implementation guide here: Laravel reCaptcha integration

1
votes

Add the code to Auth/ForgotPasswordController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;

class ForgotPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset emails and
    | includes a trait which assists in sending these notifications from
    | your application to your users. Feel free to explore this trait.
    |
    */

    use SendsPasswordResetEmails;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }

    protected function validateEmail(Request $request)
    {
        $this->validate($request, [
            'email' => ['required', 'string', 'email', 'max:255'],
            'g-recaptcha-response' => 'required|recaptcha',
        ]);
    }
}