douweng5420 2018-05-17 12:26
浏览 64
已采纳

使用Laravel Auth和加密用户表发送重置链接

I have a laravel 5.4 installation and I always used the default Laravel Authentication guard to handle user authentication and, mainly, the password restore process.

Now I had to encrypt the email in the users table using the Elocryptfive library, so I also added email_hash field where the hash of the mail is stored in the db in order to easily retrieve users by their email.

I can easily authenticate users using the hash:

Auth::attempt([
    'email_hash' => hash('sha256', $request->get('email')), 
    'password' => $request->get('password')]
, $remember);

What I can't get working is the password reset process. Is there a class to override in order to retrieve users by email_hash, then access the decrypted email and send the mail, without rewriting the whole password forgotten process?

  • 写回答

1条回答 默认 最新

  • doushi7314 2018-05-17 13:39
    关注

    I found a way to achieve this. I will answer my own question to provide a useful solution if someone else needs some help on the topic:

    In your ForgotPasswordController.php, override the sendResetLinkEmail function:

    /**
     * Send a reset link to the given user.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function sendResetLinkEmail(Request $request)
    {
        $this->validateEmail($request);
    
        $hashed = hash('sha256', $request->get('email'));
        $user = User::where('email_hash', $hashed)->first();
    
        if (!is_null($user)) {
            $response = Password::sendResetLink(
                ['email_hash' => $hashed]
            );
        } else {
            $response = Password::INVALID_USER;
        }
    
        return $response == Password::RESET_LINK_SENT
            ? $this->sendResetLinkResponse($response)
            : $this->sendResetLinkFailedResponse($request, $response);
    }
    

    In your ResetPasswordController.php, override the credentials function:

    /**
     * Get the password reset credentials from the request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    protected function credentials(Request $request)
    {
        return [
            'email_hash' => hash('sha256', $request->get('email')),
            'password' => $request->get('password'),
            'password_confirmation' => $request->get('password_confirmation'),
            'token' => $request->get('token')
        ];
    }
    

    Thanks to Mike Rodham for pointing out the right direction, I hope it helps someone.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 adb连接不到手机是怎么回事?
  • ¥15 vs2022无法联网
  • ¥15 TCP的客户端和服务器的互联
  • ¥15 VB.NET操作免驱摄像头
  • ¥15 笔记本上移动热点开关状态查询
  • ¥85 类鸟群Boids——仿真鸟群避障的相关问题
  • ¥15 CFEDEM自带算例错误,如何解决?
  • ¥15 有没有会使用flac3d软件的家人
  • ¥20 360摄像头无法解绑使用,请教解绑当前账号绑定问题,
  • ¥15 docker实践项目