Laravel 5.4: Password reset token custom length?

I am using laravel 5.4 building an API where I email the user a token on password reset if user verified, which user provides before resetting password. Currently the sent token has 64 characters and too large for user to grab, and I'm not sure if laravel has configuration to give a custom length to token?


The solution is a little bit tricky, ill try to explain the procedure as clearly as possible:

STEP 1 - Extend the standard DatabaseTokenRepository

Create a class that extends IlluminateAuthPasswordsDatabaseTokenRepository in order to define a new token creation policy.

<?php

namespace AppAuthPasswords;

use IlluminateAuthPasswordsDatabaseTokenRepository;

class CustomDatabaseTokenRepository extends DatabaseTokenRepository
{

    // Overrides the standard token creation function
    public function createNewToken()
    {
        retrun substr(parent::createNewToken(), 0, 30);
    }

}

I've just trimmed the token generated by Laravel down to 30 chars, feel free to implement your own token generation routine.

STEP 2 - Extend the standard PasswordBrokerManager

Now you have to tell the PasswordBrokerManager to use your token repository instead of the standard one. In order to do so you have to extend the class IlluminateAuthPasswordsPasswordBrokerManager .

<?php

namespace AppAuthPasswords;

use IlluminateAuthPasswordsPasswordBrokerManager;

class CustomPasswordBrokerManager extends PasswordBrokerManager
{

    // Override the createTokenRepository function to return your
    // custom token repository instead of the standard one
    protected function createTokenRepository(array $config)
    {
        $key = $this->app['config']['app.key'];

        if (Str::startsWith($key, 'base64:')) {
            $key = base64_decode(substr($key, 7));
        }

        $connection = isset($config['connection']) ? $config['connection'] : null;

        return new CustomDatabaseTokenRepository(
            $this->app['db']->connection($connection),
            $this->app['hash'],
            $config['table'],
            $key,
            $config['expire']
        );
    }

}

STEP 3 - Extend the standard PasswordResetServiceProvider

Now you have to extend the standard IlluminateAuthPasswordsPasswordResetServiceProvider in order to tell Laravel to instantiate your CustomPasswordBrokerManager .

<?php

namespace AppAuthPasswords;

use IlluminateAuthPasswordsPasswordResetServiceProvider;

class CustomPasswordResetServiceProvider extends PasswordServiceProvider
{

    // Override the method registerPasswordBroker
    // in order to specify your customized manager
    protected function registerPasswordBroker()
    {
        $this->app->singleton('auth.password', function ($app) {
            return new CustomPasswordBrokerManager($app);
        });

        $this->app->bind('auth.password.broker', function ($app) {
            return $app->make('auth.password')->broker();
        });
    }
}

STEP 4 - Final step, replace the provider in config/app.php

Comment out the following line in your config/app.php files under the providers key:

// IlluminateAuthPasswordPasswordResetServiceProvider::class,

And add the following line just below:

AppAuthPasswordsCustomPasswordResetServiceProvider::class,

CONSIDERATIONS

Be careful when doing such things, the token is defined as hash_hmac('sha256', Str::random(40), $this->hashKey) where $this->hasKey is env('APP_KEY ). This is used to ensure that no collision will occur when generating password reset tokens. I suggest you to investigate a secure method to reduce your token length securely.

链接地址: http://www.djcxy.com/p/92688.html

上一篇: 在Magento注册后,客户组ID不会在管理员电子邮件中发送

下一篇: Laravel 5.4:密码重置令牌自定义长度?