Route for resetting password in Laravel 7

0
votes

I am using the custom password reset option in Laravel 7. When the user clicks the reset password button (in the inbox of her/his email), the user is redirected to the password reset link. Here is my link

http://localhost/LaraTest/public/reset/5199667639cfc4f5ea624f4c18dbf7e8-vJcnLSH92vAj1IlnV3j7phT8zBtcbX0gSDbjXX37oFsuEM560oAiehZ4oVd0?email=basish%40gmail.com

Here is the code which generates the link

$token1=   md5($fp_email);
    $token2 =   Str::random(60);
    $fp_token = $token1."-".$token2;
//some more codes here
$link = 'localhost/LaraTest/public/reset/' . $fp_token . '?email=' . urlencode($fp_email);

//$link is sent to user as email

Route (after some research)

Route::get('reset/{tokenname}{email}','LoginController@resetpassword');

Controller

public function resetpassword(Request $request){
     
     return view('resetpassword');
     
}
  1. How would I define my route? I am a bit confused as my link contains both the password reset token and the email id.
  2. How will I retrieve the password reset token and the email id from the link above,after being redirected to the new password form?
1
laravel
what you have tried so far ?Kamlesh Paul
@KamleshPaul I haven't. because I have no clueAsish
otherwise, I would have mentioned in the question itselfAsish
Instead of showing us how you generate that link (which I assume works) why not show us what you've tried so far in defining the route? You probably can access the email paramter from $request->email within that route and use that to get the user along with their password reset tokens. Have you tried doing that?apokryfos
@KamleshPaul I updated my answer with routes and controllerAsish

1 Answers

1
votes

Your route should be:

Route::get('reset/{tokenname}','LoginController@resetpassword');

In then the actual handler:

public function resetpassword(Request $request, $token){     
     $email = $request->email;
     return view('resetpassword', compact('token', 'email');    
}

Then in your view you can have:

    <input type="hidden" name="email" value="{{$email}}" />
    <input type="hidden" name="token" value="{{$token}}" />

and your actual password reset handler this would probably be defined in a route like:

Route::post('reset', 'LoginController@doPasswordReset');

and the method body would be (code borrowed in some part from the laravel source):

public function doPasswordReset(Request $request){   
     $validatedRequest = $request->validate([
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|confirmed|min:8',
        ]);  
     $email = $request->email;
     $token = $request->token;
     $broker = app(PasswordBrokerManager::class);
     
     $response = $broker()->reset(
            $validatedRequest, function ($user, $password) {
                 // save new password here
            }
        );

        return $response == Password::PASSWORD_RESET
                    ? // Reset response?
                    : // Reset failed response?
}

This will ensure Laravel can verify the user by the provided email and password before doing the actual password reset.