dongzhuo3376 2017-10-03 11:20
浏览 119

Laravel 5.4:密码重置令牌自定义长度?

I am using laravel 5.4 building an API where I email the user a token on password reset if user verified, which user provides before resetting password. Currently the sent token has 64 characters and too large for user to grab, and I'm not sure if laravel has configuration to give a custom length to token?

  • 写回答

1条回答 默认 最新

  • dongsigan2636 2017-10-03 14:23

    The solution is a little bit tricky, ill try to explain the procedure as clearly as possible:

    STEP 1 - Extend the standard DatabaseTokenRepository

    Create a class that extends Illuminate\Auth\Passwords\DatabaseTokenRepository in order to define a new token creation policy.

    namespace App\Auth\Passwords;
    use Illuminate\Auth\Passwords\DatabaseTokenRepository;
    class CustomDatabaseTokenRepository extends DatabaseTokenRepository
        // Overrides the standard token creation function
        public function createNewToken()
            retrun substr(parent::createNewToken(), 0, 30);

    I've just trimmed the token generated by Laravel down to 30 chars, feel free to implement your own token generation routine.

    STEP 2 - Extend the standard PasswordBrokerManager

    Now you have to tell the PasswordBrokerManager to use your token repository instead of the standard one. In order to do so you have to extend the class Illuminate\Auth\Passwords\PasswordBrokerManager.

    namespace App\Auth\Passwords;
    use Illuminate\Auth\Passwords\PasswordBrokerManager;
    class CustomPasswordBrokerManager extends PasswordBrokerManager
        // Override the createTokenRepository function to return your
        // custom token repository instead of the standard one
        protected function createTokenRepository(array $config)
            $key = $this->app['config']['app.key'];
            if (Str::startsWith($key, 'base64:')) {
                $key = base64_decode(substr($key, 7));
            $connection = isset($config['connection']) ? $config['connection'] : null;
            return new CustomDatabaseTokenRepository(

    STEP 3 - Extend the standard PasswordResetServiceProvider

    Now you have to extend the standard Illuminate\Auth\Passwords\PasswordResetServiceProvider in order to tell Laravel to instantiate your CustomPasswordBrokerManager.

    namespace App\Auth\Passwords;
    use Illuminate\Auth\Passwords\PasswordResetServiceProvider;
    class CustomPasswordResetServiceProvider extends PasswordServiceProvider
        // Override the method registerPasswordBroker
        // in order to specify your customized manager
        protected function registerPasswordBroker()
            $this->app->singleton('auth.password', function ($app) {
                return new CustomPasswordBrokerManager($app);
            $this->app->bind('', function ($app) {
                return $app->make('auth.password')->broker();

    STEP 4 - Final step, replace the provider in config/app.php

    Comment out the following line in your config/app.php files under the providers key:

    // Illuminate\Auth\Password\PasswordResetServiceProvider::class,

    And add the following line just below:



    Be careful when doing such things, the token is defined as hash_hmac('sha256', Str::random(40), $this->hashKey) where $this->hasKey is env('APP_KEY). This is used to ensure that no collision will occur when generating password reset tokens. I suggest you to investigate a secure method to reduce your token length securely.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



    • ¥20 powerbulider 导入excel文件,显示不完整
    • ¥20 #关于multisim绘图遇到的问题
    • ¥15 用keil调试程序保证结果进行led相关闪烁
    • ¥15 paddle训练自己的数据loss降不下去
    • ¥20 用matlab的pdetool解决以下三个问题
    • ¥15 单个福来轮的平衡与侧向滑动是如何做到的?
    • ¥15 嵌入式Linux固件,能直接告诉我crc32校验的区域在哪不,内核的校验我已经找到了,uboot没有
    • ¥20 h3c静态路要求有详细过程
    • ¥15 调制识别中输入为时频图,星座图,眼图等
    • ¥15 数据结构C++的循环、随机数问题