php - 重置密码在 Laravel 中无法正常工作

Question

我正在 Laravel 中开发一个项目，在我的项目登录、注册、发送忘记密码邮件工作正常。但是当我尝试重置密码时，每次出现错误时。

This password reset token is invalid.

我不知道，为什么我会收到此错误。只是注意到每次在 token 隐藏字段中我都得到相同的值

Wbkv7yreu4YKvNL4Lv2vYaqlpJW7BoJycjQxew4u

有什么简单的解决办法吗？
如果没有，那么如何覆盖内置的重置密码功能？

Reset password controller code

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;

class ResetPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset requests
    | and uses a simple trait to include this behavior. You're free to
    | explore this trait and override any methods you wish to tweak.
    |
    */

    use ResetsPasswords;

    /**
     * Where to redirect users after resetting their password.
     *
     * @var string
     */
    protected $redirectTo = '/dashboard';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }
}

路由中:$this->post('resetpassword', 'Auth\ResetPasswordController@reset');而 ResetPassword.php 是

namespace Illuminate\Foundation\Auth;
use Illuminate\Support\Str;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Auth\Events\PasswordReset;
trait ResetsPasswords{
use RedirectsUsers;

/**
 * Display the password reset view for the given token.
 *
 * If no token is present, display the link request form.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  string|null  $token
 * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 */

/**
 * Reset the given user's password.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
 */
public function reset(Request $request){
    $this->validate($request, $this->rules(), $this->validationErrorMessages());

    // Here we will attempt to reset the user's password. If it is successful we
    // will update the password on an actual user model and persist it to the
    // database. Otherwise we will parse the error and return the response.
    $response = $this->broker()->reset(
        $this->credentials($request), function ($user, $password) {
            $this->resetPassword($user, $password);
        }
    );
    // If the password was successfully reset, we will redirect the user back to
    // the application's home authenticated view. If there is an error we can
    // redirect them back to where they came from with their error message.
    return $response == Password::PASSWORD_RESET
                ? $this->sendResetResponse($response)
                : $this->sendResetFailedResponse($request, $response);
}

/**
 * Get the password reset validation rules.
 *
 * @return array
 */
protected function rules()
{
    return [
        'token' => 'required',
        'email' => 'required|email',
        'password' => 'required|confirmed|min:6',
    ];
}

/**
 * Get the password reset validation error messages.
 *
 * @return array
 */
protected function validationErrorMessages()
{
    return [];
}

/**
 * Get the password reset credentials from the request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return array
 */
protected function credentials(Request $request)
{
    return $request->only(
        'email', 'password', 'password_confirmation', 'token'
    );
}

/**
 * Reset the given user's password.
 *
 * @param  \Illuminate\Contracts\Auth\CanResetPassword  $user
 * @param  string  $password
 * @return void
 */
protected function resetPassword($user, $password)
{
    $user->password = Hash::make($password);

    $user->setRememberToken(Str::random(60));

    $user->save();

    event(new PasswordReset($user));

    $this->guard()->login($user);
}

/**
 * Get the response for a successful password reset.
 *
 * @param  string  $response
 * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
 */
protected function sendResetResponse($response)
{
    return redirect($this->redirectPath())
                        ->with('status', trans($response));
}

/**
 * Get the response for a failed password reset.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  string  $response
 * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
 */
protected function sendResetFailedResponse(Request $request, $response)
{
    return redirect()->back()
                ->withInput($request->only('email'))
                ->withErrors(['email' => trans($response)]);
}

/**
 * Get the broker to be used during password reset.
 *
 * @return \Illuminate\Contracts\Auth\PasswordBroker
 */
public function broker()
{
    return Password::broker();
}

/**
 * Get the guard to be used during password reset.
 *
 * @return \Illuminate\Contracts\Auth\StatefulGuard
 */
protected function guard()
{
    return Auth::guard();
}
}

Answer 1

在您的重置密码功能中，您正在对密码进行哈希处理。

$user->password = Hash::make($password);

检查您的用户模型，如果有功能

setPasswordAttribute($value){
 // your code
}

然后删除或评论它。因为它会重新加密你已经加密的密码。我建议在这里删除散列。并使用 setPasswordAttribute在模型中。

$user->password = $password;