Level 122
here
$response = $broker->reset($credentials, function ($user, $password) {
$this->resetPassword($user, $password);
});
where does $password come from?
Sep 22, 2017
2
Level 4
Password resets bring me to a situation where users cannot more login
In my ResetPasswordController I override the reset method to be able to handle multilangauges (but this is not the problem).
For documentation, it came from Illuminate/Foundation/Auth/ResetsPasswords.php link to github code
That's my code
public function reset(Request $request)
{
$this->validate($request, $this->rules(), $this->validationErrorMessages());
// Here we will attempt to reset the user's password. If it is successful we
// will update the password on an actual user model and persist it to the
// database. Otherwise we will parse the error and return the response.
// returns an array
$credentials = $this->credentials($request);
// returns an Illuminate\Auth\Passwords\PasswordBroker
$broker = $this->broker();
$user = $broker->getUser($credentials);
// To DEBUJ
//$tokens = $broker->getRepository();
$response = $broker->reset($credentials, function ($user, $password) {
$this->resetPassword($user, $password);
});
$locale = $user->locale;
// If the password was successfully reset, we will redirect the user back to
// the application's home authenticated view. If there is an error we can
// redirect them back to where they came from with their error message.
return $response == Password::PASSWORD_RESET
? $this->sendResetResponse($response, $locale)
: $this->sendResetFailedResponse($request, $response);
}
Then I override resetPassword. Please note that at this point the password is still clear (not encrypted, I mean). I override it to avoid autologin after password reset.
protected function resetPassword($user, $password)
{
$user->password = Hash::make($password);
$user->setRememberToken(Str::random(60));
$user->save();
event(new PasswordReset($user));
}
Note: The whole process seems to work well; user password is updated into db, the remember token is regenerated, the reset_password table row is deleted and user is succesfully redirected to login page with a success alert box.
The problem: when the user now uses the new password the system reply user not found....
Level 4
the function $broker->reset() accepts 2 arguments
the first is thye array credential , containing email, password and token
the second is a callback
(See here the code on github)[https://github.com/laravel/framework/blob/5.5/src/Illuminate/Auth/Passwords/PasswordBroker.php#L83-L104]
So the reset() function passes email and password to the calllback you provide as second argument, and it got the password from the $credentials array you passes as first argument.
I tried to dump user and password vars, and they were filled. Both before calling resetPassword, in the callback, and inside resetPassword.
i aboslutely cannnot undestand my resetPassword function doesn't hash properly.
This is the original code of resetPassword
protected function resetPassword($user, $password) { $user->password = Hash::make($password); $user->setRememberToken(Str::random(60)); $user->save(); event(new PasswordReset($user)); $this->guard()->login($user); }
And this is mine
protected function resetPassword($user, $password) { $user->password = Hash::make($password); $user->setRememberToken(Str::random(60)); $user->save(); event(new PasswordReset($user)); }
I really cannot understand if really the problem is here, but here $user is the right \App\User and $password arrives not encrypted (as argument), so It's not a problem of dataI pass to It.
But code is the same as framework's original one.... (here the github Link to this function)[https://github.com/laravel/framework/blob/5.5/src/Illuminate/Foundation/Auth/ResetsPasswords.php#L103]
Please or to participate in this conversation.