douna2917 2016-07-04 07:25
浏览 63
已采纳

setPasswordAttribute干扰密码重置(Laravel 5.2)

I have been working on the password reset functionality and it works almost entirely, except when I enter the new password login is rejected.

I believe that my setPasswordAttribute() function in the User.php file is interfering with the password reset, as when I comment it out, the reset works fine. I'm not sure exactly how I'm supposed to modify this function in order to make the reset works.

Here is my setPasswordAttribute() function

 public function setPasswordAttribute($value)
{
    $this->attributes['password'] = bcrypt($value);
}

Here is my password reset code. I simply followed the laravel documentation.

Routes.

Route::get('password/email', 'Auth\PasswordController@getEmail');
Route::post('password/email', 'Auth\PasswordController@postEmail');
Route::get('password/reset/{token}', 'Auth\PasswordController@getReset');
Route::post('password/reset', 'Auth\PasswordController@postReset');

Email view

    <form method="POST" action="/password/email">
    {!! csrf_field() !!}

    @if (count($errors) > 0)
        <ul>
            @foreach ($errors->all() as $error)
                <li>{{ $error }}</li>
            @endforeach
        </ul>
    @endif

    <div>
        Email
        <input type="email" name="email" value="{{ old('email') }}">
    </div>

    <div>
        <button type="submit">
            Send Password Reset Link
        </button>
    </div>
</form>

Reset view

<form method="POST" action="/password/reset">
{!! csrf_field() !!}
<input type="hidden" name="token" value="{{ $token }}">

@if (count($errors) > 0)
    <ul>
        @foreach ($errors->all() as $error)
            <li>{{ $error }}</li>
        @endforeach
    </ul>
@endif

<div>
    Email
    <input type="email" name="email" value="{{ old('email') }}">
</div>

<div>
    Password
    <input type="password" name="password">
</div>

<div>
    Confirm Password
    <input type="password" name="password_confirmation">
</div>

<div>
    <button type="submit">
        Reset Password
    </button>
</div>

Trait used by password controller.

/**
 * Get the name of the guest middleware.
 *
 * @return string
 */
protected function guestMiddleware()
{
    $guard = $this->getGuard();

    return $guard ? 'guest:'.$guard : 'guest';
}

/**
 * Display the form to request a password reset link.
 *
 * @return \Illuminate\Http\Response
 */
public function getEmail()
{
    return $this->showLinkRequestForm();
}

/**
 * Display the form to request a password reset link.
 *
 * @return \Illuminate\Http\Response
 */
public function showLinkRequestForm()
{
    if (property_exists($this, 'linkRequestView')) {
        return view($this->linkRequestView);
    }

    if (view()->exists('auth.passwords.email')) {
        return view('auth.passwords.email');
    }

    return view('auth.password');
}

/**
 * Send a reset link to the given user.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function postEmail(Request $request)
{
    return $this->sendResetLinkEmail($request);
}

/**
 * Send a reset link to the given user.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function sendResetLinkEmail(Request $request)
{
    $this->validateSendResetLinkEmail($request);

    $broker = $this->getBroker();

    $response = Password::broker($broker)->sendResetLink(
        $this->getSendResetLinkEmailCredentials($request),
        $this->resetEmailBuilder()
    );

    switch ($response) {
        case Password::RESET_LINK_SENT:
            return $this->getSendResetLinkEmailSuccessResponse($response);
        case Password::INVALID_USER:
        default:
            return $this->getSendResetLinkEmailFailureResponse($response);
    }
}

/**
 * Validate the request of sending reset link.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return void
 */
protected function validateSendResetLinkEmail(Request $request)
{
    $this->validate($request, ['email' => 'required|email']);
}

/**
 * Get the needed credentials for sending the reset link.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return array
 */
protected function getSendResetLinkEmailCredentials(Request $request)
{
    return $request->only('email');
}

/**
 * Get the Closure which is used to build the password reset email message.
 *
 * @return \Closure
 */
protected function resetEmailBuilder()
{
    return function (Message $message) {
        $message->subject($this->getEmailSubject());
    };
}

/**
 * Get the e-mail subject line to be used for the reset link email.
 *
 * @return string
 */
protected function getEmailSubject()
{
    return property_exists($this, 'subject') ? $this->subject : 'Your Password Reset Link';
}

/**
 * Get the response for after the reset link has been successfully sent.
 *
 * @param  string  $response
 * @return \Symfony\Component\HttpFoundation\Response
 */
protected function getSendResetLinkEmailSuccessResponse($response)
{
    return redirect()->back()->with('status', trans($response));
}

/**
 * Get the response for after the reset link could not be sent.
 *
 * @param  string  $response
 * @return \Symfony\Component\HttpFoundation\Response
 */
protected function getSendResetLinkEmailFailureResponse($response)
{
    return redirect()->back()->withErrors(['email' => trans($response)]);
}

/**
 * Display the password reset view for the given token.
 *
 * If no token is present, display the link request form.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  string|null  $token
 * @return \Illuminate\Http\Response
 */
public function getReset(Request $request, $token = null)
{
    return $this->showResetForm($request, $token);
}

/**
 * Display the password reset view for the given token.
 *
 * If no token is present, display the link request form.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  string|null  $token
 * @return \Illuminate\Http\Response
 */
public function showResetForm(Request $request, $token = null)
{
    if (is_null($token)) {
        return $this->getEmail();
    }

    $email = $request->input('email');

    if (property_exists($this, 'resetView')) {
        return view($this->resetView)->with(compact('token', 'email'));
    }

    if (view()->exists('auth.passwords.reset')) {
        return view('auth.passwords.reset')->with(compact('token', 'email'));
    }

    return view('auth.reset')->with(compact('token', 'email'));
}

/**
 * Reset the given user's password.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function postReset(Request $request)
{
    return $this->reset($request);
}

/**
 * Reset the given user's password.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function reset(Request $request)
{
    $this->validate(
        $request,
        $this->getResetValidationRules(),
        $this->getResetValidationMessages(),
        $this->getResetValidationCustomAttributes()
    );

    $credentials = $this->getResetCredentials($request);

    $broker = $this->getBroker();

    $response = Password::broker($broker)->reset($credentials, function ($user, $password) {
        $this->resetPassword($user, $password);
    });

    switch ($response) {
        case Password::PASSWORD_RESET:
            return $this->getResetSuccessResponse($response);
        default:
            return $this->getResetFailureResponse($request, $response);
    }
}

/**
 * Get the password reset validation rules.
 *
 * @return array
 */
protected function getResetValidationRules()
{
    return [
        'token' => 'required',
        'email' => 'required|email',
        'password' => 'required|confirmed|min:6',
    ];
}

/**
 * Get the password reset validation messages.
 *
 * @return array
 */
protected function getResetValidationMessages()
{
    return [];
}

/**
 * Get the password reset validation custom attributes.
 *
 * @return array
 */
protected function getResetValidationCustomAttributes()
{
    return [];
}

/**
 * Get the password reset credentials from the request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return array
 */
protected function getResetCredentials(Request $request)
{
    return $request->only(
        'email', 'password', 'password_confirmation', 'token'
    );
}

/**
 * Reset the given user's password.
 *
 * @param  \Illuminate\Contracts\Auth\CanResetPassword  $user
 * @param  string  $password
 * @return void
 */
protected function resetPassword($user, $password)
{
    $user->forceFill([
        'password' => bcrypt($password),
        'remember_token' => Str::random(60),
    ])->save();

    Auth::guard($this->getGuard())->login($user);
}

/**
 * Get the response for after a successful password reset.
 *
 * @param  string  $response
 * @return \Symfony\Component\HttpFoundation\Response
 */
protected function getResetSuccessResponse($response)
{
    return redirect($this->redirectPath())->with('status', trans($response));
}

/**
 * Get the response for after a failing password reset.
 *
 * @param  Request  $request
 * @param  string  $response
 * @return \Symfony\Component\HttpFoundation\Response
 */
protected function getResetFailureResponse(Request $request, $response)
{
    return redirect()->back()
        ->withInput($request->only('email'))
        ->withErrors(['email' => trans($response)]);
}

/**
 * Get the broker to be used during password reset.
 *
 * @return string|null
 */
public function getBroker()
{
    return property_exists($this, 'broker') ? $this->broker : null;
}

/**
 * Get the guard to be used during password reset.
 *
 * @return string|null
 */
protected function getGuard()
{
    return property_exists($this, 'guard') ? $this->guard : null;
}
  • 写回答

2条回答 默认 最新

  • dream02008 2016-07-04 07:39
    关注

    It's not working because the password is being hashed twice in resetPassword().

    To fix it, override the function in PasswordController.php

    protected function resetPassword($user, $password)
    {
        $user->forceFill([
            'password' => $password, //Removed bcrypt
            'remember_token' => Str::random(60),
        ])->save();
    
        Auth::guard($this->getGuard())->login($user);
    }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥15 (关键词-阻抗匹配,HFSS,RFID标签天线)
  • ¥15 机器人轨迹规划相关问题
  • ¥15 word样式右侧翻页键消失