Laravel Password Reset Token

生来就可爱ヽ(ⅴ<●) 提交于 2021-02-07 19:15:21

问题


Okay, this is very beginner, but I'd like an explanation. In the built-in Laravel password reset in the "postReset" method below, it specifies "token"...however, when using {!! csrf_field() !!} in the view, it generate as the input name="_token". Does the _ count as an actual character when matching up the names? Just confused how the database migration uses "token", but the csrf field sets up the input name as "_token".

public function postReset(Request $request)
    {
        $this->validate($request, [
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|confirmed|min:6',
        ]);

        $credentials = $request->only(
            'email', 'password', 'password_confirmation', 'token'
        );

        $response = Password::reset($credentials, function ($user, $password) {
            $this->resetPassword($user, $password);
        });

Thanks,


回答1:


You don't need a _token for password reset or migration. But it is absolutely needed if you are sending any inputs to the laravel in post method.

Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.

Source

How can i include the csrf token in my form ?

You can include the csrf token by having this inside your form

<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">

Tip :

You can handle the action after the CSRF Token filter inside

app\Http\Middleware\VerifyCsrfToken.php

Hope this helps you.




回答2:


I face same issue before its not related with CSRF in my case, as I read from the code he search for third segment to get token from url which he use for reset. but if you use localization system will missing it as below screen

You can make small work around to fix it

@php
    $segments = \Request::segments();
    $token = end($segments);
@endphp

<form method="POST" action="{{ route('password.request') }}">
{!!  csrf_field() !!}
<input type="hidden" name="token" value="{{$token}}">


来源:https://stackoverflow.com/questions/34669965/laravel-password-reset-token

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!