I am using laravel 5.4 building an API where I email the user a token on password reset if user verified, which user provides before resetting password. Currently the sent token has 64 characters and too large for user to grab, and I'm not sure if laravel has configuration to give a custom length to token?
1条回答 默认 最新
- dongsigan2636 2017-10-03 14:23关注
The solution is a little bit tricky, ill try to explain the procedure as clearly as possible:
STEP 1 - Extend the standard DatabaseTokenRepository
Create a class that extends
Illuminate\Auth\Passwords\DatabaseTokenRepository
in order to define a new token creation policy.<?php namespace App\Auth\Passwords; use Illuminate\Auth\Passwords\DatabaseTokenRepository; class CustomDatabaseTokenRepository extends DatabaseTokenRepository { // Overrides the standard token creation function public function createNewToken() { retrun substr(parent::createNewToken(), 0, 30); } }
I've just trimmed the token generated by Laravel down to 30 chars, feel free to implement your own token generation routine.
STEP 2 - Extend the standard PasswordBrokerManager
Now you have to tell the
PasswordBrokerManager
to use your token repository instead of the standard one. In order to do so you have to extend the classIlluminate\Auth\Passwords\PasswordBrokerManager
.<?php namespace App\Auth\Passwords; use Illuminate\Auth\Passwords\PasswordBrokerManager; class CustomPasswordBrokerManager extends PasswordBrokerManager { // Override the createTokenRepository function to return your // custom token repository instead of the standard one protected function createTokenRepository(array $config) { $key = $this->app['config']['app.key']; if (Str::startsWith($key, 'base64:')) { $key = base64_decode(substr($key, 7)); } $connection = isset($config['connection']) ? $config['connection'] : null; return new CustomDatabaseTokenRepository( $this->app['db']->connection($connection), $this->app['hash'], $config['table'], $key, $config['expire'] ); } }
STEP 3 - Extend the standard
PasswordResetServiceProvider
Now you have to extend the standard
Illuminate\Auth\Passwords\PasswordResetServiceProvider
in order to tell Laravel to instantiate yourCustomPasswordBrokerManager
.<?php namespace App\Auth\Passwords; use Illuminate\Auth\Passwords\PasswordResetServiceProvider; class CustomPasswordResetServiceProvider extends PasswordServiceProvider { // Override the method registerPasswordBroker // in order to specify your customized manager protected function registerPasswordBroker() { $this->app->singleton('auth.password', function ($app) { return new CustomPasswordBrokerManager($app); }); $this->app->bind('auth.password.broker', function ($app) { return $app->make('auth.password')->broker(); }); } }
STEP 4 - Final step, replace the provider in
config/app.php
Comment out the following line in your
config/app.php
files under theproviders
key:// Illuminate\Auth\Password\PasswordResetServiceProvider::class,
And add the following line just below:
App\Auth\Passwords\CustomPasswordResetServiceProvider::class,
CONSIDERATIONS
Be careful when doing such things, the token is defined as
hash_hmac('sha256', Str::random(40), $this->hashKey)
where$this->hasKey
isenv('APP_KEY
). This is used to ensure that no collision will occur when generating password reset tokens. I suggest you to investigate a secure method to reduce your token length securely.本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥20 机器学习能否像多层线性模型一样处理嵌套数据
- ¥20 西门子S7-Graph,S7-300,梯形图
- ¥50 用易语言http 访问不了网页
- ¥50 safari浏览器fetch提交数据后数据丢失问题
- ¥15 matlab不知道怎么改,求解答!!
- ¥15 永磁直线电机的电流环pi调不出来
- ¥15 用stata实现聚类的代码
- ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
- ¥20 docker里部署springboot项目,访问不到扬声器
- ¥15 netty整合springboot之后自动重连失效