I'm using the Laravel 5.8 built-in auth scaffolding. I was just trying the password reset functionality. I go to the route password/reset and I get the form where to insert my email address, I submit it and I correctly receive an email, but, the URL to the reset page contains the username of the user who requested the reset instead of the token.
Because of this, when I follow the reset link and I try to submit the form to reset the password I get a validation error massage which says that the token is worng, infact into the token hidden field the value is set to the username instead of the token, as arrives as parameter from the wrong URL. Inside the password_resets table there is the correct token which should be sent by email.
Inside the web.php file, Auth::routes(); is at the top, so there shouldn't be any conflict with my routes.
Why Laravel is sending a wrong URL? What should I check?
Edit: Inside the LoginController the only thing changed is the overrided credentials() function:
protected function credentials(Request $request)
{
// This adds the check over the verify_token field upon login
// the field must be null to pass the check
return [
'email' => $request['email'],
'password' => $request['password'],
'verification_token' => null
];
}
