This password reset token is invalid while trying to reset password in laravel

3
votes

I am having issue in my password reset and i am getting the error of this password reset token is invalid i am unable to solve this issue:

My Controller:

class ResetPasswordController extends Controller
{
    use ResetsPasswords;
}

My Routes:

\Illuminate\Support\Facades\Auth::routes();

Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm');
Route::post('password/reset', 'Auth\ResetPasswordController@reset')->name('password.request');

And my View:

<form class="form-horizontal" method="POST" action="{{ route('password.request') }}">
    {{ csrf_field() }}
    <input type="hidden" name="token" value="{{ $token }}">
    <div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
        <label for="email" class="col-md-4 control-label">E-Mail Address</label>
        <div class="col-md-6">
            <input id="email" type="email" class="form-control" name="email" value="{{ $email or old('email') }}" required autofocus>
            @if ($errors->has('email'))
                <span class="help-block">
                    <strong>{{ $errors->first('email') }}</strong>
                </span>
            @endif
        </div>
    </div>
    <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
        <label for="password" class="col-md-4 control-label">Password</label>
        <div class="col-md-6">
            <input id="password" type="password" class="form-control" name="password" required>
            @if ($errors->has('password'))
                <span class="help-block">
                    <strong>{{ $errors->first('password') }}</strong>
                </span>
            @endif
        </div>
    </div>
    <div class="form-group{{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
        <label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
        <div class="col-md-6">
            <input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>
            @if ($errors->has('password_confirmation'))
                <span class="help-block">
                    <strong>{{ $errors->first('password_confirmation') }}</strong>
                </span>
            @endif
        </div>
    </div>
    <div class="form-group">
        <div class="col-md-6 col-md-offset-4">
            <button type="submit" class="btn btn-primary">
                Reset Password
            </button>
        </div>
    </div>
</form>

I have also added the screen shot of my error please have a look on it also and solution will be highly appreciated!

Reset token invalid

4
laravelpasswordsreset

4 Answers

3
votes

Because your token is incorrect, it should be a string length of 64 characters and look like this:

a8935edacb0711a304395c1f58979b545b4a636387053de6012e73048e5a60d2

And in your password_resets table in your database, it should be encrypted and look like this:

$2y$10$YOdbMZk2N7xLsfXZIuMIv.ZayZQCB21L.GXVPdtt/WMOO1hJL7enO

Change your MAIL_DRIVER= to log, truncate password_resets table (if on local), then do another password reset, then check your logs to read the email and see what the password reset token is. Copy and paste that url in your browser and see if you still get that error then we take it from there. :)

2
votes

I has solved this problem with Laravel 7.x. I think Laravel 6.x is the same!

  1. I create a variable $token = Str::random(64);
  2. Next I create a record in password_resets table with value of token is: bcrypt($token)
    ( bcrypt() is function create password when you seed database)
  3. Finally, link you send to email is origin $token
0
votes

I got this issue resolved by running migrations. The password reset token column had the wrong type. It was not storing token correctly due to the wrong charset/collation of the column. Run migration and it should be fine.

or maybe your reset password form does not contain an input for email

0
votes

I had a different issue.

My passwords configuration in auth.php looks like this:

'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => env('AUTH_PASSWORD_EXPIRE')
    ],
],

But I forgot to configure the AUTH_PASSWORD_EXPIRE .env variable on my live server.