Laravel 不断给出错误的密码。token

问题描述 投票:0回答:1

laravel 10 应用程序旨在由 SPA 调用。 所以它暴露了这些端点:

Route::post('/auth/forgot-password', [App\Http\Controllers\Api\AuthController::class, 'forgotPassword']);
Route::get('/reset-password/{token}', [App\Http\Controllers\Api\AuthController::class, 'getResetPassword'])->name('password.reset');
Route::post('/reset-password', [App\Http\Controllers\Api\AuthController::class, 'postResetPassword'])->name('password.update');

当 SPA 发送重置密码请求时

curl -d "[email protected]" -X POST http://localhost:9001/api/auth/forgot-password

此功能被触发:

public function forgotPassword(Request $request){
    $validateUser = Validator::make($request->all(),['email' => 'required|email']);
    if($validateUser->fails()){
        return response()->json([
            'status' => false,
            'message' => 'validation error',
            'errors' => $validateUser->errors()
        ], 401);
    }
    $status = Password::sendResetLink($request->only('email'));
    return response()->json(['status' => $status,], 200);
}

根据该请求,“password_reset_tokens”内会出现一个新条目:

 [email protected]
 $2y$12$jWSzTevYdNnVK/Rs8C1bfu/DCKWVvb4rL5VuMNPn41C.BkYwVIYvK

此 GET 端点的旁注仅验证令牌是否存在:

public function getResetPassword(Request $request){
    $result = DB::table('password_reset_tokens')->where(['token' => $request->token ])->exists();
    if(!$result){
        return response()->json(['status' => false, 'error' => 'no_such_token'], 500);
    }
    return response()->json(['status' => true], 200);
}

接收到所有参数的 POSt 端点如下所示:

public function postResetPassword(Request $request){
    $validateRequest = Validator::make($request->all(),['email' => 'required|email','token' => 'required','password' => 'required|min:8|confirmed']);
    if($validateRequest->fails()){
        return response()->json([
            'status' => false,
            'message' => 'validation error',
            'errors' => $validateRequest->errors()
        ], 401);
    }
    $status = Password::reset(
        $request->only('email', 'password', 'password_confirmation', 'token'),
        function (User $user, string $password) {
            $user->forceFill([
                'password' => Hash::make($password)
            ])->setRememberToken(Str::random(60));
            $user->save();
            event(new PasswordReset($user));
        }
    );
    if($status === Password::PASSWORD_RESET){
        return response()->json(['status' => true], 200);
    }
    else{
        return response()->json([
            'status' => false,
            'message' => 'validation error_in_else',
            'token' => $request->token,
            'errors' => $status
        ], 401);
    }
}

这样称呼:

http://localhost:9001/api/[email protected]&token=$2y$12$jWSzTevYdNnVK/Rs8C1bfu/DCKWVvb4rL5VuMNPn41C.BkYwVIYvK&password=newpassword&password_confirmation=newpassword

在邮递员中我总是收到此错误:

{
"status": false,
"message": "validation error_in_else",
"token": "$2y$12$jWSzTevYdNnVK/Rs8C1bfu/DCKWVvb4rL5VuMNPn41C.BkYwVIYvK",
"errors": "passwords.token"
}

为什么会失败?难道它还需要别的东西吗? csrf 令牌或类似的东西?

尝试模拟教程中的代码,基本上应该可以工作。

php laravel frameworks passwords restore
1个回答
0
投票

您的密码重置令牌可能已过期。您可以更改此设置

配置/auth.php

'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => 60, // Minutes
    ],
],
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.