laravel 10 应用程序旨在由 SPA 调用。 所以它暴露了这些端点:
Route::post('/auth/forgot-password', [App\Http\Controllers\Api\AuthController::class, 'forgotPassword']);
Route::get('/reset-password/{token}', [App\Http\Controllers\Api\AuthController::class, 'getResetPassword'])->name('password.reset');
Route::post('/reset-password', [App\Http\Controllers\Api\AuthController::class, 'postResetPassword'])->name('password.update');
当 SPA 发送重置密码请求时
curl -d "[email protected]" -X POST http://localhost:9001/api/auth/forgot-password
此功能被触发:
public function forgotPassword(Request $request){
$validateUser = Validator::make($request->all(),['email' => 'required|email']);
if($validateUser->fails()){
return response()->json([
'status' => false,
'message' => 'validation error',
'errors' => $validateUser->errors()
], 401);
}
$status = Password::sendResetLink($request->only('email'));
return response()->json(['status' => $status,], 200);
}
根据该请求,“password_reset_tokens”内会出现一个新条目:
[email protected]
$2y$12$jWSzTevYdNnVK/Rs8C1bfu/DCKWVvb4rL5VuMNPn41C.BkYwVIYvK
此 GET 端点的旁注仅验证令牌是否存在:
public function getResetPassword(Request $request){
$result = DB::table('password_reset_tokens')->where(['token' => $request->token ])->exists();
if(!$result){
return response()->json(['status' => false, 'error' => 'no_such_token'], 500);
}
return response()->json(['status' => true], 200);
}
接收到所有参数的 POSt 端点如下所示:
public function postResetPassword(Request $request){
$validateRequest = Validator::make($request->all(),['email' => 'required|email','token' => 'required','password' => 'required|min:8|confirmed']);
if($validateRequest->fails()){
return response()->json([
'status' => false,
'message' => 'validation error',
'errors' => $validateRequest->errors()
], 401);
}
$status = Password::reset(
$request->only('email', 'password', 'password_confirmation', 'token'),
function (User $user, string $password) {
$user->forceFill([
'password' => Hash::make($password)
])->setRememberToken(Str::random(60));
$user->save();
event(new PasswordReset($user));
}
);
if($status === Password::PASSWORD_RESET){
return response()->json(['status' => true], 200);
}
else{
return response()->json([
'status' => false,
'message' => 'validation error_in_else',
'token' => $request->token,
'errors' => $status
], 401);
}
}
这样称呼:
http://localhost:9001/api/[email protected]&token=$2y$12$jWSzTevYdNnVK/Rs8C1bfu/DCKWVvb4rL5VuMNPn41C.BkYwVIYvK&password=newpassword&password_confirmation=newpassword
在邮递员中我总是收到此错误:
{
"status": false,
"message": "validation error_in_else",
"token": "$2y$12$jWSzTevYdNnVK/Rs8C1bfu/DCKWVvb4rL5VuMNPn41C.BkYwVIYvK",
"errors": "passwords.token"
}
为什么会失败?难道它还需要别的东西吗? csrf 令牌或类似的东西?
尝试模拟教程中的代码,基本上应该可以工作。
您的密码重置令牌可能已过期。您可以更改此设置
配置/auth.php
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60, // Minutes
],
],