Call forgot-password route via API

I'm using Laravel as API with Passport Password Grant Token and specific user guards for different SPA frontends (foo.com, bar.com).

I'm setting the forgot-password' route as per the doc:

Route::post('foo/forgot-password', function (Request $request) {

    $request->validate(['email' => 'required|email']);

    $status = Password::sendResetLink(
        $request->only('email')
    );

    return $status === Password::RESET_LINK_SENT
        ? back()->with(['status' => __($status)])
        : back()->withErrors(['email' => __($status)]);
})->middleware('guest')->name('password.email');

But when I my SPA frontend calls this method, I get the following error in Laravel:

local.ERROR: Route [password.reset] not defined. {"exception":"[object] (Symfony\Component\Routing\Exception\RouteNotFoundException(code: 0): Route [password.reset] not defined. at /Users/me/code/my-api/vendor/laravel/framework/src/Illuminate/Routing/UrlGenerator.php:429)

Knowing that my api has different set of users with given guard, how to deal with the password.reset route which should be different according to the frontend (and the set of users or guard associated) ?

Sergiu17

5 years ago

Level 60

https://github.com/laravel/framework/blob/8.x/src/Illuminate/Auth/Notifications/ResetPassword.php#L69

Here's the reference to the password.reset route, this link is attached to the email, and when user clicks on, he/she is redirected to password reset page..you could overwrite it, by

ResetPassword::createUrlUsing(function ($notifiable, $token) {
    return 'http://spa-url.com/' . $token . '/' . '?email=' . $notifiable->getEmailForPasswordReset();
});

this should do the work..next using JS in your SPA, grab token and email from URL and send a post request to reset password

devondahon

5 years ago

Level 3

@sergiu17 Thanks for your answer! I have set it to my FooAppServiceProvider and BarAppServideProvider but it's sending the same recover url regardless of the request origin (foo.com or bar.com), one is obviously overriding the other.

devondahon

5 years ago

Level 3

I found a temporary fix by moving ResetPassword::createUrlUsing to the main AppServiceProvider:

public function boot()
{
    ResetPassword::createUrlUsing(function ($notifiable, $token) {
        $link = match (request()->path()) {
            'foo/forgot-password' => config('foo.reset_password_url') . $token,
            'bar/forgot-password' => config('bar.reset_password_url') . $token,
            default => null
        };
        return $link;
    });
}

But I'd prefer each package to manage its own password reset process.

Please or to participate in this conversation.