I am using laravel 5.4 building an API where I email the user a token on password reset if user verified, which user provides before resetting password. Currently the sent token has 64 characters and too large for user to grab, and I'm not sure if laravel has configuration to give a custom length to token?
1条回答 默认 最新
- dongsigan2636 2017-10-03 14:23关注
The solution is a little bit tricky, ill try to explain the procedure as clearly as possible:
STEP 1 - Extend the standard DatabaseTokenRepository
Create a class that extends
Illuminate\Auth\Passwords\DatabaseTokenRepository
in order to define a new token creation policy.<?php namespace App\Auth\Passwords; use Illuminate\Auth\Passwords\DatabaseTokenRepository; class CustomDatabaseTokenRepository extends DatabaseTokenRepository { // Overrides the standard token creation function public function createNewToken() { retrun substr(parent::createNewToken(), 0, 30); } }
I've just trimmed the token generated by Laravel down to 30 chars, feel free to implement your own token generation routine.
STEP 2 - Extend the standard PasswordBrokerManager
Now you have to tell the
PasswordBrokerManager
to use your token repository instead of the standard one. In order to do so you have to extend the classIlluminate\Auth\Passwords\PasswordBrokerManager
.<?php namespace App\Auth\Passwords; use Illuminate\Auth\Passwords\PasswordBrokerManager; class CustomPasswordBrokerManager extends PasswordBrokerManager { // Override the createTokenRepository function to return your // custom token repository instead of the standard one protected function createTokenRepository(array $config) { $key = $this->app['config']['app.key']; if (Str::startsWith($key, 'base64:')) { $key = base64_decode(substr($key, 7)); } $connection = isset($config['connection']) ? $config['connection'] : null; return new CustomDatabaseTokenRepository( $this->app['db']->connection($connection), $this->app['hash'], $config['table'], $key, $config['expire'] ); } }
STEP 3 - Extend the standard
PasswordResetServiceProvider
Now you have to extend the standard
Illuminate\Auth\Passwords\PasswordResetServiceProvider
in order to tell Laravel to instantiate yourCustomPasswordBrokerManager
.<?php namespace App\Auth\Passwords; use Illuminate\Auth\Passwords\PasswordResetServiceProvider; class CustomPasswordResetServiceProvider extends PasswordServiceProvider { // Override the method registerPasswordBroker // in order to specify your customized manager protected function registerPasswordBroker() { $this->app->singleton('auth.password', function ($app) { return new CustomPasswordBrokerManager($app); }); $this->app->bind('auth.password.broker', function ($app) { return $app->make('auth.password')->broker(); }); } }
STEP 4 - Final step, replace the provider in
config/app.php
Comment out the following line in your
config/app.php
files under theproviders
key:// Illuminate\Auth\Password\PasswordResetServiceProvider::class,
And add the following line just below:
App\Auth\Passwords\CustomPasswordResetServiceProvider::class,
CONSIDERATIONS
Be careful when doing such things, the token is defined as
hash_hmac('sha256', Str::random(40), $this->hashKey)
where$this->hasKey
isenv('APP_KEY
). This is used to ensure that no collision will occur when generating password reset tokens. I suggest you to investigate a secure method to reduce your token length securely.本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 delphi indy cookie 有效期
- ¥15 labelme打不开怎么办
- ¥35 按照图片上的两个任务要求,用keil5写出运行代码,并在proteus上仿真成功,🙏
- ¥15 免费的电脑视频剪辑类软件如何盈利
- ¥30 MPI读入tif文件并将文件路径分配给各进程时遇到问题
- ¥15 pycharm中导入模块出错
- ¥20 Ros2 moveit2 Windows环境配置,有偿,价格可商议。
- ¥15 有关“完美的代价”问题的代码漏洞
- ¥15 请帮我看一下这个简易化学配平器的逻辑有什么问题吗?
- ¥15 暴力法无法解出,可能要使用dp和数学知识